No puedo activar contrafuegos

Eliminar Malwares
1

Hola.

El día de ayer (15/05/2021) me di cuenta que mi sesión Xbox había sido cerrada (tenía al menos un par de meses sin acceder a la aplicación ya que había suspendido mi GamePass y entré con la intención de reactivarlo), y al dar en iniciar sesión simplemente no pasa nada, intenté desinstalar la aplicación y no pude por lo que al buscar por internet encontré información que pensé me ayudaría.

  1. Lo primero que encontré https://www.nogueratech.com/como-eliminar-y-desinstalar-la-aplicacion-xbox-en-windows-10/ fue desinstalar por medio de Powershell y cmd, en el post dejaban los comandos a utilizar y me daban error en ambos casos (cmd y powershell).

  2. En otro post vi que la conectividad con el servidor estaba bloqueda para lo relacionado a Xbox

    imagen
    imagen1920×1017 154 KB

Y una de las opciones de este post https://support.xbox.com/es-MX/help/Hardware-Network/connect-network/server-connectivity-xbox-app-displays-blocked es comprobar que el El Firewall de Windows está activo.

En ese momento fue cuando me di cuenta que mi antivirus (En ese momento era Bitdefender) no tenía activadas muchas de sus funciones y pese a que le daba “Activar” no pasaba nada por que procedí a desinstalarlo con su herramienta correspondiente y probar solo con Windows defender y tampoco tuve éxito.

Decidí probar con Nod32 y lo mismo

imagen
imagen1903×997 230 KB

Le doy en “Reiniciar el ordenador” pero sigue esa alerta en rojo.

Cabe mencionar también que me dí cuenta que algunos programas instalados en ya no estaban como es el caso de “Cover” y una aplicación de tweeter de la que no recuerdo el nombre.

Solo hice el análisis con Nod32, mostró algunas incidencias pero no cuento con el reporte. Fuera de lo descrito aquí no he tomado otras medidas, espero puedan guiarme en la investigación acerca de este problema.

2

Hola @irken_larry

Es un poco curioso lo que mencionas. Vamos a ver que podría ser, así que por favor realiza lo siguiente:

:white_check_mark: Descargue Malwarebytes Anti-Rootkit Beta y ejecútelo según su manual.

Malwarebytes Anti-Rootkit | InfoSpyware >> Manual de uso

  1. Ejecute el programa siguiendo las instrucciones del manual.
  2. Es importante que actualice.
  3. Espere a que termine el escaneo
  4. Terminando, si hay infección siga los pasos del manual para desinfectar, si no haga clic en Exit. De pedir reiniciar, proceda.

Al finalizar abra la carpeta Mbar, los archivos mbar-log.txt y system-log.txt, copie y pegue todo su contenido en la siguiente respuesta y comentando los resultados.

:white_check_mark: Descargue Farbar Service Scanner a su escritorio.

  • Ejecute FSS.exe (Si usa Windows 7 o superior Presione clic derecho y seleccione “Ejecutar como Administrador.”)
  • Por defecto está marcada la casilla Internet Services. Marque todas las demás casillas.
  • Pulse en el botón Scan
  • Se abrirá un Bloc de notas copie y pegue el contenido en su próxima respuesta.

Nos traería:

  • Los reportes de Malwarebytes.
  • El reporte de FSS
  • Comentarios de como se encuentra el sistema.

Cualquier cosa nos comenta.

Saludos

1 me gusta
3

Hola

Agradezco tu respuesta y he ejecutado las herramientas como me indicaste

Inicio con el reporte mbar-log.txt

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2021.05.19.08
  rootkit: v2021.05.19.08

Windows 10 x64 NTFS
Internet Explorer 11.789.19041.0
avela :: DESKTOP-O68ORMB [administrator]

19/05/2021 19:03:46
mbar-log-2021-05-19 (19-03-46).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 311565
Time elapsed: 40 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 17
C:\Users\avela\AppData\Local\Programs\kryptex-app (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win\x64 (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]

Files Detected: 87
C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex3\kryptex3.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [42c277acb72fcc6ade01ce6156b0ae52]
C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex5\kryptex5.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [ca3aa3804f97ff37d841a16316ed42be]
C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex5\xmrig-cuda.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [eb19929101e595a162fdb232d133ca36]
C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex8\kryptex8.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [59ab4dd68f57e155b3fe57fe847d35cb]
C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex9\kryptex9.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [4bb933f090569d99a58a669e38cb52ae]
C:\Users\avela\AppData\Local\Programs\kryptex-app\chrome_100_percent.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\chrome_200_percent.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\d3dcompiler_47.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\ffmpeg.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\icudtl.dat (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\libEGL.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\libGLESv2.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\LICENSE.electron.txt (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\LICENSES.chromium.html (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\snapshot_blob.bin (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\v8_context_snapshot.bin (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\vk_swiftshader.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\vk_swiftshader_icd.json (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\vulkan-1.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hi.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\am.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ar.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\bg.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\bn.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ca.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\cs.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\da.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\de.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\el.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\en-GB.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\en-US.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\es-419.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\es.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\et.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fa.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fi.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fil.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fr.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\gu.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\he.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hr.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hu.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\id.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\it.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ja.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\kn.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ko.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\lt.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\lv.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ml.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\mr.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ms.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\nb.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\nl.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pl.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pt-BR.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pt-PT.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ro.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ru.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sk.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sl.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sr.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sv.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sw.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ta.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\te.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\th.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\tr.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\uk.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\vi.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\zh-CN.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\zh-TW.pak (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\elevate.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\7x.sh (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\index.js (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\LICENSE.txt (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\package.json (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win\x64\7za.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\index.js (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\package.json (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\index.js (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\package.json (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exe (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader\libEGL.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]
C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader\libGLESv2.dll (RiskWare.BitCoinMiner) -> Delete on reboot. [2ed6ff2484626cca0e114fe6b14fe818]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
4

Continùo con system-log.txt, que voy a dividir en partes


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.789.19041.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
CPU speed: 3.593000 GHz
Memory total: 17113665536, free: 9509027840

Downloaded database version: v2021.05.19.08
Downloaded database version: v2021.05.19.08
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     05/19/2021 19:03:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\mssecflt.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\IntelTA.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\drivers\LPCFilter.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\amd_xata.sys
\SystemRoot\System32\drivers\amd_sata.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\amdpsp.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\edevmon.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\drivers\MxEFUF64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
\??\C:\Program Files\ESET\ESET Security\Modules\em000k_64\1022\em000k_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em006_64\1229\em006_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em018k_64\1722\em018k_64.dll
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_65ab9a260dbf7467\BasicDisplay.sys
\SystemRoot\System32\DriverStore\FileRepository\basicrender.inf_amd64_df49c4daa6251397\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\CimFS.SYS
\SystemRoot\system32\DRIVERS\epfw.sys
\??\C:\Program Files\ESET\ESET Security\Modules\em008k_64\1583\em008k_64.dll
\??\C:\Program Files\ESET\ESET Security\Modules\em042_64\2306\em042_64.dll
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\cfosspeed6.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\System32\drivers\ndiscap.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\System32\drivers\Vid.sys
\SystemRoot\System32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\system32\drivers\MsIo64.sys
\??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\WINDOWS\system32\drivers\ene.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\amdxe.sys
\SystemRoot\system32\DRIVERS\amdfendr.sys
\SystemRoot\System32\drivers\tap0901.sys
\SystemRoot\System32\drivers\SnapCameraVirtualDevice.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\DriverStore\FileRepository\umbus.inf_amd64_b78a9c5b6fd62c27\umbus.sys
\SystemRoot\System32\drivers\amdxhc31.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\DriverStore\FileRepository\u0365275.inf_amd64_136741f59e43f995\B364966\amdkmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\AMDPCIDev.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\wdfserial.sys
\SystemRoot\System32\drivers\amdgpio2.sys
\SystemRoot\System32\Drivers\msgpioclx.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\amdgpio3.sys
\SystemRoot\System32\DriverStore\FileRepository\uefi.inf_amd64_c1628ffa62c8e54c\UEFI.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_16a14542b63c02af\swenum.sys
\SystemRoot\System32\drivers\ScpVBus.sys
\SystemRoot\System32\drivers\AmdTools64.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\droidcamvideo.sys
\SystemRoot\System32\drivers\STREAM.SYS
\SystemRoot\System32\drivers\droidcam.sys
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\ekbdflt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\drivers\HarmanFilter.sys
\SystemRoot\System32\drivers\xusb22.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\bindflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\msquic.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\System32\drivers\umpass.sys
\??\C:\Program Files\BlueStacks\BstkDrv_bgp.sys
\??\C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\MSKSSRV.sys
\SystemRoot\System32\DriverStore\FileRepository\xvdd.inf_amd64_3df14d8ae1a3457f\xvdd.sys
\SystemRoot\System32\DriverStore\FileRepository\gameflt.inf_amd64_b38109e173f2592d\gameflt.sys
\SystemRoot\System32\drivers\monitor.sys
\??\C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\4641C3FB.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.05.19.08
  rootkit: v2021.05.19.08

<<<2>>>
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffcc837e9dd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffcc837e9de040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcc837e9dd060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffcc837e9a7730, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xffffcc837e9a2050, DeviceName: \Device\00000049\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffcc837e9d8420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffcc837e9d9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcc837e9d8420, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffcc837e970050, DeviceName: \Device\0000003f\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 23371AAE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 1953520002
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffcc837e9da060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffcc837e9db040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcc837e9da060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffcc837e972050, DeviceName: \Device\00000040\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 0

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 3329679065
    GPT Header CurrentLba = 1 BackupLba 488397167
    GPT Header FirstUsableLba 34  LastUsableLba 488397134
    GPT Header Guid cd0f40bb-fdf2-4976-b26d-3cb8552ef72
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 3329679065
    Backup GPT header CurrentLba = 488397167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 488397134
    Backup GPT header Guid cd0f40bb-fdf2-4976-b26d-3cb8552ef72
    Backup GPT header Contains 128 partition entries starting at LBA 488397135
    Backup GPT header Partition entry size = 128

    Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID ad6c3980-d950-441a-8649-2e3de8501ac6
    FirstLBA 2048  Last LBA 488396799
    Attributes 0
    Partition Name                 Basic data partition

Disk Size: 250059350016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffcc837e9dc060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffcc837e9db6d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcc837e9dc060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffcc837e974050, DeviceName: \Device\00000041\, DriverName: \Driver\storahci\
------------ End ----------
5

Va la segunda


Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6989F934

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 3907024002
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Drive 3
This is a System drive
Scanning MBR on drive 3...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 5D58A2BE

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 468877311

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 606711086
    GPT Header CurrentLba = 1 BackupLba 468877311
    GPT Header FirstUsableLba 34  LastUsableLba 468877278
    GPT Header Guid f19351a5-91a6-44e4-aa1b-3a994c4cd47
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 606711086
    Backup GPT header CurrentLba = 468877311 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 468877278
    Backup GPT header Guid f19351a5-91a6-44e4-aa1b-3a994c4cd47
    Backup GPT header Contains 128 partition entries starting at LBA 468877279
    Backup GPT header Partition entry size = 128

    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID eeee8d44-bb67-4601-b5a3-27fdbd437cd0
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name                                     

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID dd34b4e2-cf6-4bf0-b639-ee45717e233d
    FirstLBA 264192  Last LBA 468991
    Attributes 0
    Partition Name                                     

    GPT Partition 1 is bootable
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d86d0731-bd26-43f6-9c60-b1bacff6cd78
    FirstLBA 468992  Last LBA 467698354
    Attributes 0
    Partition Name                                     

    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 4e65c415-6bfb-4e5d-ad19-babe599345f0
    FirstLBA 467699712  Last LBA 468873215
    Attributes 1
    Partition Name                                     

Disk Size: 240065183744 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 4096
Drive: 4, DevicePointer: 0xffffcc83978da060, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffcc8397d0f040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcc83978da060, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\disk\
DevicePointer: 0xffffcc8397d61050, DeviceName: \Device\000000aa\, DriverName: \Driver\Xvdd\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 549E3D94

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 4  Numsec = 7702283

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4210688655
    GPT Header CurrentLba = 1 BackupLba 7702286
    GPT Header FirstUsableLba 4  LastUsableLba 7702282
    GPT Header Guid de509ced-aacb-2f2e-89c1-ced1317ffff7
    GPT Header Contains 1 partition entries starting at LBA 3
    GPT Header Partition entry size = 128

    Backup GPT header Signature 00000000
    Backup GPT header Revision 0 Size 0 CRC 0
    Backup GPT header CurrentLba = 0 BackupLba 0
    Backup GPT header FirstUsableLba 0  LastUsableLba 0
    Backup GPT header Guid 0-0-0-00-000000
    Backup GPT header Contains 0 partition entries starting at LBA 0
    Backup GPT header Partition entry size = 0

    GPT header and Backup GPT header have conflicting data

    Backup GPT partition header signature doesn't match "EFI PART" magic

Disk Size: 31548567552 bytes
Sector size: 4096 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_5.82.19041.844_NONE_89E26E970B35AB92\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\sfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wldp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.FILEEXPLORER.COMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cldapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREUICOMPONENTS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.19041.844_NONE_11ADECDF30011423\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.1.19041.928_NONE_429CE31A8A8FEFD2\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\F2D02F64584169CFED0597E2D00F0A67\MSCORLIB.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\41DF2FCF9A9346B76951333F4DAB4279\SYSTEM.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55AAE4691CF88F4FF23B7D2D6AC81120\SYSTEM.CORE.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\C126F51227D33668D25914455FFCFDD1\WINDOWSBASE.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\AA9C1B7D97605C62DA47F787BF616815\PRESENTATIONCORE.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\54AEAF6B2DEF839E952F6490456D8838\PRESENTATIONFRAMEWORK.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\C2415371A3A86B0024F3C0DA46F2203D\SYSTEM.XAML.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\A93D5A4474F6E448F24C8DFC32D0AC4F\SYSTEM.CONFIGURATION.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\6F2327B15393625267B20F0C05769E5D\SYSTEM.XML.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\amsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COLORADAPTERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.GRAPHICS.DISPLAY.DISPLAYCOLORMANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK\V4.0.30319\WEBENGINE4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPRESOLVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\slc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sppc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECOREUAPCOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\snmpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshbth.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpdc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\0C14FBB7A824301F701D82E897DFE253\SYSTEM.RUNTIME.SERIALIZATION.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.STARTMENUEXPERIENCEHOST_CW5N1H2TXYEWY\STARTMENUEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ncobjapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\stdprov.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\esscli.dll" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFT.WINDOWS.SEARCH_CW5N1H2TXYEWY\SEARCHAPP.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SETTINGSYNCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\MICROSOFTWINDOWS.CLIENT.CBS_CW5N1H2TXYEWY\InputApp\TEXTINPUTHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wer.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINSQLITE3.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.APPLICATIONDATA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\daxexec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONTAINER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\capauthz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORYCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.UI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWMANAGEMENTAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INPUTHOST.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSSPELLCHECKINGFACILITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXECMODELPROXY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.GLOBALIZATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47mrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.APPLICATIONMODEL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.WEB.CORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vaultcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERMGRCLI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFTACCOUNTWAMEXTENSION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.WEB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wpnapps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DXCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COMPPKGSUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wmiclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GEOLOCATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGERCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LOCATIONFRAMEWORKPS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFCAPTUREENGINE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MFSENSORGROUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
File "C:\Windows\System32\mfc42.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.DEVICES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.ENUMERATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVDISPITEMPROVIDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MEDIA.FACEANALYSIS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RTMEDIAFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RESOURCEPOLICYCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPLICATIONFRAMEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\IMMERSIVECONTROLPANEL\SYSTEMSETTINGS.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\oobe\USEROOBEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SGRMBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\8074E92578BC278841EC78A3BED4C2A0\PRESENTATIONFRAMEWORK.AERO2.NI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wmp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WMVCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shacct.dll" is sparse (flags = 32768)
File "C:\Windows\SYSTEMAPPS\SHELLEXPERIENCEHOST_CW5N1H2TXYEWY\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\COMPPKGSRV.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dsreg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SERVICING\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\WinSxS\AMD64_MICROSOFT-WINDOWS-SERVICINGSTACK_31BF3856AD364E35_10.0.19041.985_NONE_E72C6FE7263B0FE4\TiWorker.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TEXTSHAPING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Users\Fam\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe" is sparse (flags = 32768)
File "C:\Users\bobal\AppData\Local\MICROSOFT\OneDrive\OneDrive.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Acx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afunix.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bindflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PktMon.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\portcfg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthMini.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bttflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\CREDENTIALENROLLMENTMANAGER.EXE" is sparse (flags = 32768)
6

Y una tercera y última


File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\MICROSOFT.NET\FRAMEWORK64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidspi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HdAudio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbldfltr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MbbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msquic.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\PERCEPTIONSIMULATION\PERCEPTIONSIMULATIONSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ramdisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SMBDIRECT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\OpenSSH\SSH-AGENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMUCSICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbvideo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Vid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AarSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DISPBROKER.DESKTOP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.BLUETOOTH.USERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ASSIGNEDACCESSMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\psmsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCASTDVRUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AUTOTIMESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wevtsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPTURESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CBDHSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BTAGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BTHAVCTPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\vac.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KEYBOARDFILTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CONSENTUXCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXGIPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICEACCESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.DEVICES.PICKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESFLOWBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIALOGBLOCKINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MICROSOFT.GRAPHICS.DISPLAY.DISPLAYENHANCEMENTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GRAPHICSPERFSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\lpasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LANGUAGEOVERLAYSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MIXEDREALITYRUNTIME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PRINTWORKFLOWSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHAREDREALITYSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MITIGATIONCLIENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSUDK.SHELLCOMMON.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usosvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WAASMEDICSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.MANAGEMENT.SERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPCDESKTOPMONSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
Infected: C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex3\kryptex3.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex5\kryptex5.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex5\xmrig-cuda.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex8\kryptex8.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Roaming\Kryptex\miners\kryptex9\kryptex9.exe --> [RiskWare.BitCoinMiner]
File "C:\ProgramData\Microsoft\Network\Downloader\qmgr.db" is sparse (flags = 32768)
File "C:\Users\avela\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe" is compressed (flags = 1)
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\chrome_100_percent.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\chrome_200_percent.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\d3dcompiler_47.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\ffmpeg.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\icudtl.dat --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\libEGL.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\libGLESv2.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\LICENSE.electron.txt --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\LICENSES.chromium.html --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\snapshot_blob.bin --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\v8_context_snapshot.bin --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\vk_swiftshader.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\vk_swiftshader_icd.json --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\vulkan-1.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hi.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\am.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ar.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\bg.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\bn.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ca.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\cs.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\da.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\de.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\el.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\en-GB.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\en-US.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\es-419.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\es.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\et.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fa.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fi.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fil.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\fr.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\gu.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\he.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hr.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\hu.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\id.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\it.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ja.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\kn.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ko.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\lt.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\lv.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ml.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\mr.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ms.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\nb.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\nl.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pl.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pt-BR.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\pt-PT.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ro.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ru.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sk.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sl.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sr.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sv.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\sw.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\ta.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\te.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\th.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\tr.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\uk.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\vi.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\zh-CN.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\locales\zh-TW.pak --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\elevate.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\7x.sh --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\index.js --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\LICENSE.txt --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\package.json --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win\x64 --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\7zip-bin\win\x64\7za.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\index.js --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\package.json --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\amd-binding\build\Release --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\index.js --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\package.json --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\resources\app.asar.unpacked\node_modules\kryptex-backend\node_modules\pagefile\build\Release\pagefile.exe --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader\libEGL.dll --> [RiskWare.BitCoinMiner]
Infected: C:\Users\avela\AppData\Local\Programs\kryptex-app\swiftshader\libGLESv2.dll --> [RiskWare.BitCoinMiner]
Scan finished
Creating System Restore point...
Could not create restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-4-r.mbam...
Removal finished
7

Y termino con el reporte de FSS


Farbar Service Scanner Version: 23-12-2020
Ran by avela (administrator) on 19-05-2021 at 20:17:28
Running from "C:\Users\avela\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Windows Security:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe"".


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\SecurityHealthService.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

He de comentar que después del primer reinicio (terminando el análisis con MB), ya se mostraba mi sesión de Xbox iniciada y el Nod32 ya me indica todo en verde con la leyenda de “Está protegido”.

Saludos

8

Hola nuevamente,

Según puedo ver en los reportes parece que el problema era un una aplicación para la minería de bitcoins.

Te recomendaría hacer lo siguiente para asegurarnos que no sea una mejoría temporal:

  1. Descargue y/o actualice los siguientes programas pero no los ejecute aun:
  2. Instala y actualiza Malwarebytes según su manual. Revisa en detalle el manual.
    • Realiza un Análisis Personalizado siguiendo las pautas del manual, actualizando si te lo pide.
    • Elimine todo lo que encuentre y de ser necesario reinicie.
    • En el apartado del manual Informe de Análisis encontrará como obtener el reporte

En tu próxima respuesta nos traerías el reporte de malwarebytes, junto con tus comentarios y cualquier duda.

Saludos

9

Vale, ya he seguido los pasos.


Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 19/5/21
Hora del análisis: 21:58
Archivo de registro: 3a347ff4-b917-11eb-8060-40b07608c9ae.json

-Información del software-
Versión: 4.3.3.116
Versión de los componentes: 1.0.1292
Versión del paquete de actualización: 1.0.40668
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 19042.985)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-O68ORMB\avela

-Resumen del análisis-
Tipo de análisis: Análisis de amenazas
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 407908
Amenazas detectadas: 47
Amenazas en cuarentena: 47
Tiempo transcurrido: 3 min, 27 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 10
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|17, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|18, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|19, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|20, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1002\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|21, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|11, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|12, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|13, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|14, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-2094261658-3533611375-3775376471-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UFH\SHC|15, En cuarentena, 3916, 580515, 1.0.40668, , ame, , , 

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 5
HackTool.KMSpico, C:\PROGRAM FILES\KMSPICO, En cuarentena, 7232, 921550, 1.0.40668, , ame, , , 
HackTool.KMSpico, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\KMSPICO, En cuarentena, 7232, 921555, 1.0.40668, , ame, , , 
PUP.Optional.Spigot, C:\USERS\AVELA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, En cuarentena, 151, 475078, , , , , , 
PUP.Optional.Spigot, C:\USERS\BOBAL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, En cuarentena, 151, 475078, , , , , , 
PUP.Optional.Spigot, C:\USERS\FAM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, En cuarentena, 151, 475078, , , , , , 

Archivo: 32
Adware.SpecialSearchOffer, C:\USERS\AVELA\DOWNLOADS\YOUR-FILE-IS-READY-TO-DOWNLOAD_12169.MSI, En cuarentena, 522, 938955, 1.0.40668, 55F06F9CD971C957D83CF763, dds, 01252822, DC599AEDE0246F6A7D8C39041ADA7F72, 6E54BD842CDD0C2541D9256EBDADEC033F2885BA8236D848C422275833E12C6E
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, En cuarentena, 151, 475078, , , , , DAE6F7E5C5168070AA6D9AA516302EED, 6D7CDCC9F1B75489D136D74842FBB27A13B7A543FF1536E0453A3206C3D1CC88
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000102.ldb, En cuarentena, 151, 475078, , , , , 5D4EB7954BC6DAF4DC54B889000A9889, 003932AD76B37C86BFB8E07CCA7FE176F07166E59DE897A86DD33E08C50B8D71
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000104.ldb, En cuarentena, 151, 475078, , , , , 9575365413787545E9EB59E6FA692AAC, A4EDFC073C208D7FA33D027D873A08B2DB83D05316C4D82807BF0E5A9CF8728A
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000107.ldb, En cuarentena, 151, 475078, , , , , D9668DB20F8C0F3FF2FC49467458A1D3, E17215DBB31C179617903A8F3814AB8CC83A7D3EF6F78220F69ACB0FCAB1F163
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000109.log, En cuarentena, 151, 475078, , , , , 26C70453B6A419AFD3B905F93BC1EFAF, 2F249EB9E23B96EF84C0C70EF580BEC2F23A6B042E11CA2CCF01268061C563BB
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000110.ldb, En cuarentena, 151, 475078, , , , , 50424B093CDA2DA20B09066359CABCAF, 40263D0588171CA25B4E239837B2652FF32221271BEE8863613024465E8EA151
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, En cuarentena, 151, 475078, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, En cuarentena, 151, 475078, , , , , , 
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, En cuarentena, 151, 475078, , , , , FC02E102B2CC49093946D9AB63DB883F, DE249C65B2B8D1E27E4326EE26625238A70C3E0D543C2A22E879BCD75A063702
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, En cuarentena, 151, 475078, , , , , 229164EFE8B48F945330C46A890C6FFF, 40A4A9213E716DFB2D4D4FC148746A02A536B15B1C6F31308F2D23EF54858501
PUP.Optional.Spigot, C:\Users\avela\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, En cuarentena, 151, 475078, , , , , 60B2672C26B732C2B50634EB9CCD73B2, 9BBF325CD6AED6D26760ACD5677FE39B87F0EAE6E45D158211A853DED8AB5407
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, En cuarentena, 151, 475078, , , , , 05B79675B1189EF87DC432B53E9517C0, FF98799F1D2420F364F77A1BAB7645733961C17F4B3F353FCB42842884D636E9
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.log, En cuarentena, 151, 475078, , , , , 9994BAF6AD21395AE226BE79CF0F795D, B4741DE9C4C7A887EBDE0F4EC028736DE2CCF1E20B4278E8547D3841A8C0AE2C
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb, En cuarentena, 151, 475078, , , , , 56CB6BA07A43725DA3B8BF4C6699AA79, B986DCF07271A84D3CBC290EB1BE22C75E79A0434996677B35824E401DAB7CEF
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, En cuarentena, 151, 475078, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, En cuarentena, 151, 475078, , , , , , 
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, En cuarentena, 151, 475078, , , , , 4A2E522973464D44733238CD933F9464, F8470FE5928B4CEDAE98AD8D7DE0BCB125BBB690C049112F1C6A3B2C0D911FE3
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, En cuarentena, 151, 475078, , , , , 69E6D98E8001328FF568AAD606092760, D1778BA8F58FF20824FA482D74EEE2F3DDEE8A4E6754F98A916E9A93F581EBBD
PUP.Optional.Spigot, C:\Users\bobal\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, En cuarentena, 151, 475078, , , , , B4884FEDA5C10906DCBE9195CAE20309, 3E195AE0C242D930D0B86BDBE88C2C1FA988A675E0D717185017DBF26522E801
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, En cuarentena, 151, 475078, , , , , DD416303A9E1DCA189197945AE6664FB, 889133E5259E640FAB8E12503ED2A33EA1E68912E8D04AE772EA3C1D85CF1289
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001370.ldb, En cuarentena, 151, 475078, , , , , 3DD7E0C61D755E8C7EE9DBE18C3EFBA0, 037F775D7E5FC14CCC3A9FC71C0AEAF937E8B429DDCD30F0F9FF8935FB2937C1
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001372.ldb, En cuarentena, 151, 475078, , , , , EAC04FB7CE036C001DF581DB77325741, 8A76841230E9A8ACAFECC08C9C3023ECB42F83B4226C0C397ACC3CD1B192B0E8
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001374.ldb, En cuarentena, 151, 475078, , , , , C56EA80E6831CAAB8088E0D75DBD71C2, B01B0FE5E692B1EC42C89D7585ABC372DEABD0AB94EAB11ADE9D6247E78C9579
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001375.log, En cuarentena, 151, 475078, , , , , 73D19A674C46A04BE986E26BC6BED540, B9898E246FBDDD0105E24362D44D7295F89863F3224E1DD0498D0AE3C35E0704
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\001376.ldb, En cuarentena, 151, 475078, , , , , 874A3409AFA120AFAD74E636B671E236, 5DC05B792222D6454CE937839CEDEED475D8F91F39202C7C9F13971F7B5CEA22
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, En cuarentena, 151, 475078, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, En cuarentena, 151, 475078, , , , , , 
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, En cuarentena, 151, 475078, , , , , 1080ACCBC4CDFB73ECA5A2A9AEBE9FB0, 1C084948E1FE6EE7C22632CA913882F224499AF8098827E8D036293DF400A577
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, En cuarentena, 151, 475078, , , , , 56B5CD9CEB958AC22EF93A894FF04810, 7AAF37820E9AE39349C41686EFE42FB8A3FF8D7002ACB2D93302A8DACC52A548
PUP.Optional.Spigot, C:\Users\Fam\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, En cuarentena, 151, 475078, , , , , BBD31B164A0E6BEC976CBB511A23DE95, 343FF530AEBBABA4D3E598A34FF2658920FFD40CF9A1E70E45B5909707192C7A
PUP.Optional.Spigot, C:\USERS\BOBAL\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Sustituido, 151, 475078, 1.0.40668, , ame, , 9DCA5D154FC7B9C53BF7F38E18135F4C, 38338D32208E200661612386575DC9DA092B9E4A55C00A2007845615B3F3D09B

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

''''
10

Hola nuevamente.

El reporte se ve bien. Salvo un crack y varios adwares no se ve algo de importancia.

¿Como esta funcionando el equipo?

Saludos

11

Hola

El equipo va bastante bien, sin ningún problema con el antivirus o la aplicación de Xbox, que curiosamente es la segunda vez que me doy cuenta de un problema similar de virus con el comportamiento de la aplicación de Xbox.

Saludos

12

Hola

No había probado como tal la aplicación, ya me deja iniciar sesión, pero no me deja instalar juegos.

imagen
imagen1445×1007 32.5 KB

Sigue mostrando el mismo mensaje de antes respecto a la conectividad con el servidor.

imagen
imagen1772×952 167 KB

Sale iniciando y luego me vuelve a salir “instalar” y se queda como en ese circulo, voy a intentar desinstalar nuevamente o algunas de las soluciones que ya había intentado previamente,

Saludos

13

Hola nuevamente,

En primera instancia te comento que el reporte que realizaste era de amenazas. Pero necesitábamos uno personalizado

887×642 713 KB

Recomendaría antes que nada realizar de nuevo el análisis. Nos comentas si después de esto notas algún cambio.

Saludos

1 me gusta
14

Hola

Esta vez si hice el análisis correcto.

Malwarebytes
www.malwarebytes.com

-Detalles del registro-
Fecha del análisis: 20/5/21
Hora del análisis: 21:11
Archivo de registro: c967d8ca-b9d9-11eb-870e-40b07608c9ae.json

-Información del software-
Versión: 4.3.3.116
Versión de los componentes: 1.0.1292
Versión del paquete de actualización: 1.0.40714
Licencia: Prueba

-Información del sistema-
SO: Windows 10 (Build 19042.985)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-O68ORMB\avela

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 1272449
Amenazas detectadas: 0
Amenazas en cuarentena: 0
Tiempo transcurrido: 8 hr, 56 min, 41 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Activado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)

Módulo: 0
(No hay elementos maliciosos detectados)

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 0
(No hay elementos maliciosos detectados)

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

Hoy me llegó actualización de la aplicación de Xbox y ya me deja instalar sin problemas.

Saludos

15

Hola nuevamente,

Muy bien, el reporte salio limpio y tu problema según entiendo esta solucionado.

Si tienes alguna duda sientete libre de comentarla. Si ves todo en orden por favor da por solucionado el tema.

Saludos

16

Este tema se cerró automáticamente 2 días después de la última publicación. No se permiten nuevas respuestas.