Reinicie el ordenador y realice los mismo pasos que le he indicado previamente y me dice si dichos pasos se han realizado correctamente o le ha dado algún tipo de error mientras estaba realizando dichos pasos.
A la espera de su respuesta.
Reinicie el ordenador y realice los mismo pasos que le he indicado previamente y me dice si dichos pasos se han realizado correctamente o le ha dado algún tipo de error mientras estaba realizando dichos pasos.
A la espera de su respuesta.
Realice dichos pasos, sin ningún inconveniente.
Perfecto! le estoy realizando los siguientes pasos a seguir.
Los pasos a seguir son los siguientes:
PASO 1: “Descarga”, “Instala” pero "NO" inicie los programas que te pongo en este paso.
PASO 2: "Manual de uso" de los programas que pongo en el "PASO 1"
IMPORTANTE:
Sigue “TODOS” estos pasos que te indico a continuación "AL PIE DE LA LETRA", sin saltarte ninguno y en el orden establecido
Aclarado estos pasos pasamos a realizar dichos procedimientos:
PASO 1: “Descarga”, “Instala” pero "NO" inicie los siguientes programas "EN EL ESCRITORIO" de tu ordenador que te pongo a continuación:
Url descarga: "Adwcleaner":https://www.infospyware.com/antispyware/adwcleaner/
Url descarga: Junkware Removal Tool: https://free.drweb-av.es/download+cureit+free/
Url descarga: "MalwareByte AntimalwareBytes":https://www.infospyware.com/antivirus/malwarebytes/
Url descarga: "Dr.Web CureIt!": https://free.drweb-av.es/download+cureit+free/
PASO 2: "Manual de uso" de los programas que pongo en el "PASO 1":
Url: "Manual de Uso" “AdwCleaner” (y “ELIMINA” "TODAS" las amenzazas que encuetre y sigue los pasos por el orden establecido: Url de descarga: Manual de AdwCleaner
Manual de Uso: “Junkware Removal Tool” y sigue los pasos por el orden establecido:
Desactivar momentáneamente el antivirus.
Cierra todos los navegadores de internet que tengas abiertos.
Ejecutar la herramienta en "El Escritorio" con "Derechos de Administrador" con click derecho.
Pulsar cualquier tecla.
Esperar a que termine el proceso, puede demorar unos minutos.
Guardar el "Block de Notas" que genera, guárdalo en el "ESCRITORIO" y "MANDAME" dicho "Informe".
Manual de Uso: "MalwareByte AntimalwareBytes":
-. "Tildar" (Habilitar) las siguientes pestañas:
-. Donde pone: Programas potencialmente no deseados (PUP):
-. Donde pone: Modificaciones potencialmente no deseadas (PUM):
En la parte "DERECHA" marcar "TODAS" las opciones que te salgan:
-. C:
-. D… y “Marcar” “(Tildar)” todas las opciones que te salgan a ti.
Click en la pestaña que pone: “Analizar”
Empezará el Análisis en busca de infecciones dejar que analice por completo y no interrumpir el programa hasta que finalice.
Una vez finalizado el Análisis, si encuentra amenazas, “HABILITAR” “(TILDAR)” “TODAS” las pestañas que salen y click en la pestaña que pone: “Cuarentena”.
Si te pide “Reiniciar el ordenador para poder eliminar las amenazas (Infecciones) encontradas”, “Reinicias”. -. Una vez reiniciado abrir de nuevo el programa y hacer clic en el botón “Ver informe” , se muestra el informe de escaneado que acaba de completar, “Copiar” y “Pegar” dicho informe y “mándame dicho informe”.
Manual de Uso: "Dr.Web CureIt!":
Para enviar otros Informes siga estos pasos:
Cuando termine de realizar todos los pasos que le he indicado mándeme cada uno de los "Informes" que haya generado dichos programas.
creo que ese no es el link de ese programa
Tiene usted razón, se lo pongo ahora, disculpe las molestias. Aquí tiene usted de nuevo la Url del programa: "Junkware Removal Tool." Siga los pasos indicados en dicho "Manual de Uso."
Url descarga: Junkware Removal Tool: https://www.bleepingcomputer.com/download/junkware-removal-tool/dl/293/
Aclaración:
DEBE DE PASARLE CADA PROGRAMA POR SEPARADO, SEGUIR EL ORDEN, Y HASTA QUE "NO" ACABE DE PASARSE EL PRIMER PROGRAMA "NO" LE PASE EL SIGUIENTE PROGRAMA Y ASÍ CON EL RESTO DE PROGRAMAS.
EN CUANTO TERMINEN DE PASARSE TODOS LOS PROGRAMAS ME PASAS CADA UNO DE SUS RESPECTIVOS "INFORMES" QUE GENEREN DICHOS PROGRAMAS.
el malwarebytes esta tomando su tiempo
Efectivamente, tenga paciencia, no desespere, ya que analiza completamente el ordenador en busca de infecciones y/o virus.
Es muy "IMPORTANTE" que sólo habilite las pestañas que le he indicado en dicho "Manual de Uso" y que "NO" habilite "NINGUNA" opción que "NO" le haya reflejado en dicho "Manual de Uso".
EN CUANTO TERMINEN DE PASARSE "TODOS" LOS PROGRAMAS ME PASAS CADA UNO DE SUS RESPECTIVOS “INFORMES” QUE GENEREN DICHOS PROGRAMAS.
Si estoy haciendo tal cual la guía que me brindo, seguiré esperando
Perfecto! Cuando tenga todos los "Informes" que generan dichos programa al finalizar me los manda.
INFORMES
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-17-2021
# Duration: 00:00:21
# OS: Windows 10 Pro
# Scanned: 32023
# Detected: 4
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.DriverPack HKCU\Software\drpsu
PUP.Optional.FreeMakeConverter HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
PUP.Optional.FreeMakeConverter HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
***** [ Chromium (and derivatives) ] *****
PUP.Optional.FFExtense Flow - bapoeoceggfnnoomenaapjkofjlpmbeh
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-17-2021
# Duration: 00:00:06
# OS: Windows 10 Pro
# Cleaned: 4
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\drpsu
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|ProductUpdater
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|ProductUpdater
***** [ Chromium (and derivatives) ] *****
Deleted Flow - bapoeoceggfnnoomenaapjkofjlpmbeh
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1693 octets] - [17/12/2021 21:26:39]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by USER (Administrator) on 12/17/2021 at 23:47:36.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 1
Successfully deleted: C:\ProgramData\mntemp (File)
Registry: 2
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD49718-1D00-4B19-AF5F-070AF6D5D54C} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/17/2021 at 23:49:53.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes
www.malwarebytes.com
-Detalles del registro-
Fecha del análisis: 17/12/21
Hora del análisis: 21:49
Archivo de registro: 12469a26-5fad-11ec-8526-5065f34a19e7.json
-Información del software-
Versión: 4.5.0.152
Versión de los componentes: 1.0.1538
Versión del paquete de actualización: 1.0.48728
Licencia: Prueba
-Información del sistema-
SO: Windows 10 (Build 19042.1415)
CPU: x64
Sistema de archivos: NTFS
Usuario: DESKTOP-G4ALVPB\USER
-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 653008
Amenazas detectadas: 1
Amenazas en cuarentena: 1
Tiempo transcurrido: 1 hr, 14 min, 45 seg
-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar
-Detalles del análisis-
Proceso: 0
(No hay elementos maliciosos detectados)
Módulo: 0
(No hay elementos maliciosos detectados)
Clave del registro: 0
(No hay elementos maliciosos detectados)
Valor del registro: 0
(No hay elementos maliciosos detectados)
Datos del registro: 0
(No hay elementos maliciosos detectados)
Secuencia de datos: 0
(No hay elementos maliciosos detectados)
Carpeta: 0
(No hay elementos maliciosos detectados)
Archivo: 1
PUP.Optional.GameHack, C:\PROGRAM FILES\CHEAT ENGINE 7.3\STANDALONEPHASE1.DAT, En cuarentena, 7801, 393793, 1.0.48728, , ame, , EB339EECEC8AA8C0FD3B08D39799D4D8, 88BB94C3CE727DB13B77ABDBDB75A4C878E91D651692F3618178DEC5BBB7080C
Sector físico: 0
(No hay elementos maliciosos detectados)
WMI: 0
(No hay elementos maliciosos detectados)
(end)
Total 212963113847 bytes in 539999 files scanned (764151 objects)
Total 539980 files (763985 objects) are clean
Total 10 files (12 objects) are infected
Total 5 files (8 objects) are suspicious
Total 133 files (144 objects) are raised error condition
Scan time is 01:31:55.440
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
C:\programdata\freemake\freemakeutilsservice\freemakeutilsservice.exe - quarantined - 14178 ms
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe - quarantined - 9302 ms
C:\Program Files (x86)\Freemake\COM\1.1\regfiles.exe - quarantined - 8810 ms
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe - quarantined - 8950 ms
C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe - quarantined - 8274 ms
C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVC.exe - quarantined - 8500 ms
C:\Program Files (x86)\Freemake\Freemake Video Converter\FileAssociationTool\FileAssociationTool.exe - quarantined - 9228 ms
C:\ProgramData\Freemake\FreemakeUtilsService\ErrorReporter\FreemakeErrorReporter.exe - quarantined - 8830 ms
C:\Users\USER\AppData\Local\Temp\is-JE8N8.tmp\zbShieldUtils.dll - quarantined - 8698 ms
C:\Users\USER\Downloads\FreemakeVideoConverterSetup_57d677e4-de66-e0bf-9b1f-f9b313dbd308.exe - quarantined - 9009 ms
C:\Users\USER\Downloads\winds-pro-2020-06-03.exe - quarantined - 346923 ms
D:\WinDS PRO\emu\Project64K7E_131\Plugin\DarkMan's DInput 4.0.dll - quarantined - 10011 ms
D:\WinDS PRO\emu\Project64K7E_131\Plugin\Jabo_Direct3D6.dll - quarantined - 10259 ms
D:\WinDS PRO\emu\Project64K7E_131\Plugin\Jabo_Direct3D8.dll - quarantined - 9624 ms
D:\WinDS PRO\emu\Project64K7E_131\Project64K7E.exe - quarantined - 10139 ms
Total 212963113847 bytes in 539999 files scanned (764151 objects)
Total 539980 files (763985 objects) are clean
Total 10 files (12 objects) are infected
Total 5 files (8 objects) are suspicious
Total 15 files (18 objects) are neutralized
Total 133 files (144 objects) are raised error condition
Scan time is 01:31:55.440
PASO 1: "Descarga", “Instala” pero "NO" inicie los siguientes programas en el "Escritorio de tu Ordenador"
PASO 2: "Manual de Uso" de los programas que pongo en el "PASO 1" ("MUY IMPORTANTE": Si algún programa le pide "REINICIAR" para poder desinfectar las amenazas detectadas "REINICIE" , pero si SÓLO EL PROGRAMA SE LO PIDE", si "NO" le pide dicho programa que REINICIE "NO" reinicie y siga dicho proceso indicado en dicho "Manual de Uso"
Una vez aclarado dichos procedimientos pasemos a la reazación de los mismos:
PASO 1: "Descarga", “Instala” pero "NO" inicie los siguientes programas en el "Escritorio de tu Ordenador"
*Url descarga: "Eset Online Scaner":https://www.infospyware.com/eset-online-scanner/
"Url descarga": "Kaspersky Virus Removal Tool": https://www.infospyware.com/kaspersky-antivirus-online/#google_vignette
"Url descarga" "TDSSKILLER": https://www.infospyware.com/antirootkits/tdsskiller/
"Url descarga": "RogueKiller Antimalware": https://www.adlice.com/download-start/?app=roguekiller&type=x64
PASO 2: "Manual de Uso" de los programas que pongo en el "PASO 1" ("MUY IMPORTANTE": Si algún programa le pide "REINICIAR" para poder desinfectar las amenazas detectadas "REINICIE" , pero si SÓLO EL PROGRAMA SE LO PIDE", si "NO" le pide dicho programa que REINICIE "NO" reinicie y siga dicho proceso indicado en dicho "Manual de Uso")
Manual de Uso: "Eset Online Scanner":
En la siguiente pantalla aparecerá lo siguiente, seguir dicho proceso cómo se indica:
Elija la opción según haya encontrado Infecciones o NO hay encontrado infecciones:
Si “NO” encuentra Infecciones le aparecerá la siguiente pantalla, siga los pasos que se reflejan en dicha pantalla para poder guardar el Registro de Análisis, y guárdelo en el "ESCRITORIO" ya que seguidamente tenfrá que mandarlo a este Foro de Autoayuda
Si "ENCUENTRA" Infecciones siga estos pasos
Url descarga: "Manual de Uso": "Kaspersky Removal Tool": y sigue los pasos por el orden establecido: Manual de Kaspersky Virus Removal Tool
Url descarga: "Manual de Uso": "TDSSKILLER": https://forospyware.com/t/manual-de-tdsskiller/5059
"Manual de Uso": "RogueKiller":
Saldrá la siguiente pantalla, click en la opción que pone “General”, click en la pestaña que pone: “Abrir” y click en donde pone: “Archivo de Texto”. Aparecerá un Block de Notas, guardar dicho Block de Notas en el Escritorio y mandarme mándame dicho informe.
Una vez finalizado dicho Análisis por completo mándeme “TODO” el Informe generado por el programa.
IMPORTANTE:
Cuando terminen de pasarse por completo los respectivos programas mándeme TODOS los "INFORMES" que se hayan generado.
Buenas noches.
Si estoy haciéndolo, solo que toma su tiempo cada uno.
12/18/2021 23:39:09 p. m.
Archivos explorados: 518378
Archivos detectados: 4
Archivos desinfectados: 4
Tiempo total de exploración 01:56:09
Estado de la exploración: Finalizado
C:\Users\USER\AppData\Roaming\Honeygain\hgwin.dll una variante de Win32/Honeygain.A aplicación potencialmente no deseada desinfectado por eliminación
C:\Users\USER\AppData\Roaming\Honeygain\Honeygain.exe una variante de MSIL/Honeygain.A aplicación potencialmente no deseada desinfectado por eliminación
C:\Users\USER\Downloads\2020.rar Win32/HackTool.WinActivator.AL aplicación potencialmente no segura,Win32/HackKMS.BK aplicación potencialmente no segura eliminado
C:\Users\USER\Downloads\Honeygain_install.exe Win32/Honeygain.A aplicación potencialmente no deseada desinfectado por eliminación
18:09:52 CmlLineScanner cannot load dll:C:\Users\USER\AppData\Local\ESET\ESETOnlineScanner\esets_apiW No se puede encontrar el módulo especificado.
18:09:53 # product=EOS
# version=8
# ESETOnlineScanner.exe=3.6.3.0
# EOSSerial=
# end=init
# country="Puerto Rico"
# lang=20490
18:10:00 CmlLineScanner cannot load dll:C:\Users\USER\AppData\Local\ESET\ESETOnlineScanner\esets_apiW No se puede encontrar el módulo especificado.
18:10:02 # product=EOS
# version=8
# ESETOnlineScanner.exe=3.6.3.0
# EOSSerial=f8eca70976913348ae9569d02021ec35
# end=init
# country="Puerto Rico"
# lang=13322
18:14:09 Updating
18:14:09 Update Init
18:14:11 Update Download
18:15:20 esets_scanner_reload returned 0
18:15:20 g_uiModuleBuild: 51879
18:15:20 Update Finalize
18:15:20 Call m_esets_charon_send
18:15:20 Call m_esets_charon_destroy
18:15:21 Updated modules version: 51879
18:15:31 Call m_esets_charon_setup_create
18:15:31 Call m_esets_charon_create
18:15:31 m_esets_charon_create OK
18:15:31 Call m_esets_charon_start_send_thread
18:15:31 Call m_esets_charon_setup_set
18:15:31 m_esets_charon_setup_set OK
18:15:31 Scanner engine: 51879
23:44:59 Call m_esets_charon_send
23:44:59 Call m_esets_charon_destroy
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_ihcjicgdanjaechkgeegckofjjedodee_0.indexeddb.leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_ihcjicgdanjaechkgeegckofjjedodee_0.indexeddb.leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ekhagklcjbdpajgpjgmbionohlpdbjgc\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ihcjicgdanjaechkgeegckofjjedodee\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ihcjicgdanjaechkgeegckofjjedodee\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\data_reduction_proxy_leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Extension Scripts\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Extension State\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\GCM Store\Encryption\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Local Storage\leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Platform Notifications\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\shared_proto_db\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\shared_proto_db\metadata\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Site Characteristics Database\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\Guest Profile\Sync Data\LevelDB\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\data_reduction_proxy_leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Extension Scripts\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Extension State\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\GCM Store\Encryption\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Local Storage\leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Platform Notifications\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\shared_proto_db\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\shared_proto_db\metadata\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Site Characteristics Database\LOCK
Processing error C:\Users\USER\AppData\Local\Google\Chrome\User Data\System Profile\Sync Data\LevelDB\LOCK
Processing error C:\Users\USER\AppData\Local\Steam\htmlcache\Local Storage\leveldb\LOCK
Processing error C:\Users\USER\AppData\Local\Steam\htmlcache\LOCK
Processing error C:\Users\USER\AppData\Local\Steam\htmlcache\Session Storage\LOCK
02:03:29.0570 0x2738 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
02:03:29.0574 0x2738 UEFI system
02:03:44.0276 0x2738 ============================================================
02:03:44.0276 0x2738 Current date / time: 2021/12/19 02:03:44.0276
02:03:44.0288 0x2738 SystemInfo:
02:03:44.0288 0x2738
02:03:44.0288 0x2738 OS Version: 10.0.19042 ServicePack: 0.0
02:03:44.0288 0x2738 Product type: Workstation
02:03:44.0288 0x2738 ComputerName: DESKTOP-G4ALVPB
02:03:44.0288 0x2738 UserName: USER
02:03:44.0288 0x2738 Windows directory: C:\WINDOWS
02:03:44.0289 0x2738 System windows directory: C:\WINDOWS
02:03:44.0289 0x2738 Running under WOW64
02:03:44.0289 0x2738 Processor architecture: Intel x64
02:03:44.0289 0x2738 Number of processors: 8
02:03:44.0289 0x2738 Page size: 0x1000
02:03:44.0289 0x2738 Boot type: Normal boot
02:03:44.0289 0x2738 CodeIntegrityOptions = 0x00000001
02:03:44.0289 0x2738 ============================================================
02:03:44.0659 0x2738 KLMD registered as C:\WINDOWS\system32\drivers\38250204.sys
02:03:44.0660 0x2738 KLMD ARK init status: drvProperties = 0xF0F02, osBuild = 19042.0, osProperties = 0x1D
02:03:44.0943 0x2738 System UUID: {3C023B50-01CA-BF62-C271-EEFC57E30D57}
02:03:45.0504 0x2738 !crdlk
02:03:45.0511 0x2738 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'A'
02:03:45.0524 0x2738 ============================================================
02:03:45.0524 0x2738 \Device\Harddisk0\DR0:
02:03:45.0524 0x2738 GPT partitions:
02:03:45.0546 0x2738 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {EC3D8CC4-6E27-454F-86DF-8C952E9EFDEC}, Name: , StartLBA 0x22, BlocksNum 0x40000
02:03:45.0546 0x2738 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C29CD088-8D9D-468E-8926-90096FB73A88}, Name: , StartLBA 0x40800, BlocksNum 0x108800
02:03:45.0547 0x2738 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {33E0F9F7-C695-42F4-BEBA-F3F33EC7C349}, Name: , StartLBA 0x149000, BlocksNum 0x32000
02:03:45.0547 0x2738 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {413B19B5-FC05-4FCF-9E73-5A74D5E4F007}, Name: , StartLBA 0x17B000, BlocksNum 0x1E704800
02:03:45.0548 0x2738 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {E2F48CF7-8A05-45BB-B374-CF2FCC6E88CA}, Name: , StartLBA 0x1E87F800, BlocksNum 0x55E87000
02:03:45.0548 0x2738 MBR partitions:
02:03:45.0548 0x2738 ============================================================
02:03:45.0565 0x2738 C: <-> \Device\Harddisk0\DR0\Partition4
02:03:45.0597 0x2738 D: <-> \Device\Harddisk0\DR0\Partition5
02:03:45.0597 0x2738 ============================================================
02:03:45.0597 0x2738 Initialize success
02:03:45.0597 0x2738 ============================================================
02:05:38.0761 0x31ac ============================================================
02:05:38.0761 0x31ac Scan started
02:05:38.0761 0x31ac Mode: Manual;
02:05:38.0761 0x31ac ============================================================
02:05:38.0761 0x31ac KSN ping started
02:05:39.0283 0x31ac KSN ping finished: true
02:05:47.0617 0x31ac ================ Scan BIOS =================================
02:05:47.0617 0x31ac BIOS info: vendor = Hewlett-Packard, version = L01 v02.70, releaseDate = 10/04/2016
02:05:47.0617 0x31ac Base board info: manufacturer = Hewlett-Packard, product = 18E7, version =
02:05:50.0316 0x31ac [ AA1BDC24A7471BC667BE2E3BBFA0B0B8, B38121430AC671FC93EBFD488BE7043930C7E5E35A19BD9414754D37AEB0C2C1 ] BIOS
02:05:50.0316 0x31ac BIOS - ok
02:05:50.0321 0x31ac ================ Scan system memory ========================
02:05:50.0321 0x31ac System memory - ok
02:05:50.0321 0x31ac ================ Scan services =============================
02:05:50.0476 0x31ac 1394ohci - ok
02:05:50.0477 0x31ac 3ware - ok
02:05:50.0492 0x31ac AarSvc - ok
02:05:50.0532 0x31ac ACPI - ok
02:05:50.0542 0x31ac AcpiDev - ok
02:05:50.0547 0x31ac acpiex - ok
02:05:50.0557 0x31ac acpipagr - ok
02:05:50.0592 0x31ac [ 33B5ED555018128792AFFCDC9AF7AFD2, 1E7C5FADA2486EE31289A4BEFB70AEA173190671C64995441651903CF31E5033 ] AcpiPmi C:\WINDOWS\System32\drivers\acpipmi.sys
02:05:50.0592 0x31ac AcpiPmi - ok
02:05:50.0601 0x31ac acpitime - ok
02:05:50.0606 0x31ac Acx01000 - ok
02:05:50.0687 0x31ac [ AD1F754E82CEDCC88FFD491571DEB6E6, 5C1AC9CE1380313A807D7B47E2FFA694658DB437E28C6AF1FA80EB7C2A3A1746 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:05:50.0692 0x31ac AdobeARMservice - ok
02:05:50.0697 0x31ac ADP80XX - ok
02:05:50.0772 0x31ac [ 3635D8AA69298A646866C78D364C22BF, 1A9B1ED237E45FCBB81F89CBEE64B5024607DB666DF87095422428C79929C641 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
02:05:50.0772 0x31ac AERTFilters - ok
02:05:50.0793 0x31ac AFD - ok
02:05:50.0804 0x31ac afunix - ok
02:05:50.0809 0x31ac ahcache - ok
02:05:50.0827 0x31ac [ 526FE18DB976D9A1AE19FBC53FA690B1, 4E2623243A9BB61F7211E591C24EDB70B07974A7FA21E3F14C683F27E975777F ] AJRouter C:\WINDOWS\System32\AJRouter.dll
02:05:50.0857 0x31ac AJRouter - ok
02:05:50.0862 0x31ac ALG - ok
02:05:50.0867 0x31ac amdgpio2 - ok
02:05:50.0867 0x31ac amdi2c - ok
02:05:50.0872 0x31ac AmdK8 - ok
02:05:50.0877 0x31ac AmdPPM - ok
02:05:50.0882 0x31ac amdsata - ok
02:05:50.0882 0x31ac amdsbs - ok
02:05:50.0887 0x31ac amdxata - ok
02:05:50.0892 0x31ac AppID - ok
02:05:50.0902 0x31ac AppIDSvc - ok
02:05:50.0902 0x31ac Appinfo - ok
02:05:50.0912 0x31ac applockerfltr - ok
02:05:50.0917 0x31ac AppMgmt - ok
02:05:50.0927 0x31ac AppReadiness - ok
02:05:50.0947 0x31ac AppVClient - ok
02:05:50.0947 0x31ac AppvStrm - ok
02:05:50.0967 0x31ac AppvVemgr - ok
02:05:50.0969 0x31ac AppvVfs - ok
02:05:50.0984 0x31ac AppXSvc - ok
02:05:50.0984 0x31ac arcsas - ok
02:05:51.0010 0x31ac AssignedAccessManagerSvc - ok
02:05:51.0015 0x31ac AsyncMac - ok
02:05:51.0032 0x31ac atapi - ok
02:05:51.0047 0x31ac AudioEndpointBuilder - ok
02:05:51.0062 0x31ac Audiosrv - ok
02:05:51.0082 0x31ac autotimesvc - ok
02:05:51.0092 0x31ac AxInstSV - ok
02:05:51.0097 0x31ac b06bdrv - ok
02:05:51.0122 0x31ac [ 26E2320D24C66EB72B36EB71EBEF2558, 7D06B6499FE915480DF4DAD658281C8B85F7AD71F49B089A270AE0B45713F2E9 ] bam C:\WINDOWS\system32\drivers\bam.sys
02:05:51.0147 0x31ac bam - ok
02:05:51.0187 0x31ac BasicDisplay - ok
02:05:51.0192 0x31ac BasicRender - ok
02:05:51.0207 0x31ac BcastDVRUserService - ok
02:05:51.0254 0x31ac [ 739D089777D2B66DBE7201E5EA4BA2D7, 9AD12E18A042C5B8EFB19297BC2E7BD1FEF75A138FEFB64C6BF0261FD3E53AB1 ] bcmfn2 C:\WINDOWS\System32\drivers\bcmfn2.sys
02:05:51.0254 0x31ac bcmfn2 - ok
02:05:51.0272 0x31ac BDESVC - ok
02:05:51.0287 0x31ac [ 4280B427B81EB8C265F3206E2298761E, 121AF03BBE6ECC1622C2540805A30AE9555EB5D5FE25B55939C045ECE7FC37EB ] Beep C:\WINDOWS\system32\drivers\Beep.sys
02:05:51.0292 0x31ac Beep - ok
02:05:51.0307 0x31ac BFE - ok
02:05:51.0307 0x31ac bindflt - ok
02:05:51.0312 0x31ac BITS - ok
02:05:51.0327 0x31ac BluetoothUserService - ok
02:05:51.0362 0x31ac [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe
02:05:51.0367 0x31ac Bonjour Service - ok
02:05:51.0387 0x31ac bowser - ok
02:05:51.0407 0x31ac BrokerInfrastructure - ok
02:05:51.0422 0x31ac BTAGService - ok
02:05:51.0462 0x31ac [ 7F09708B8C651A0C0E2A2725136BA254, 0442A18BBED4E323265C66561C8F8C171D8E934E9089C12B94D1DFDBB057B737 ] BthA2dp C:\WINDOWS\System32\drivers\BthA2dp.sys
02:05:51.0467 0x31ac BthA2dp - ok
02:05:51.0487 0x31ac BthAvctpSvc - ok
02:05:51.0492 0x31ac BthEnum - ok
02:05:51.0512 0x31ac [ 7AE44E94C6B1DF488AA309824DEAD643, 91C72C54142A0D4E5A5F33268850CEB8315AA30C2F0B74A9FFA962887ABAC797 ] BthHFEnum C:\WINDOWS\System32\drivers\bthhfenum.sys
02:05:51.0517 0x31ac BthHFEnum - ok
02:05:51.0542 0x31ac BthLEEnum - ok
02:05:51.0542 0x31ac BthMini - ok
02:05:51.0562 0x31ac [ 11D609CC74F0EB1DF6C0171331CDE9A1, 9412DC92F16C0B8A937D6FB1AD83D7169F4EC0F08FAE0E2B244346428CE99EE1 ] BTHMODEM C:\WINDOWS\System32\drivers\bthmodem.sys
02:05:51.0567 0x31ac BTHMODEM - ok
02:05:51.0582 0x31ac BTHPORT - ok
02:05:51.0612 0x31ac [ D293AC628357F2F75B8579087F732970, 1E536D8863D695944214D55E9B0B4BFE04F705DB7ECA18A0CF8B37AAF4893B1E ] bthserv C:\WINDOWS\system32\bthserv.dll
02:05:51.0742 0x31ac bthserv - ok
02:05:51.0757 0x31ac BTHUSB - ok
02:05:51.0764 0x31ac bttflt - ok
02:05:51.0769 0x31ac buttonconverter - ok
02:05:51.0789 0x31ac [ E7690568D2A5FA3D4E6D28B42358A122, CDBD820B6D383EC0A8151EA4300435C2BAD085EC55DB185C5E16CAF961443888 ] CAD C:\WINDOWS\System32\drivers\CAD.sys
02:05:51.0789 0x31ac CAD - ok
02:05:51.0804 0x31ac camsvc - ok
02:05:51.0814 0x31ac CaptureService - ok
02:05:51.0832 0x31ac cbdhsvc - ok
02:05:51.0859 0x31ac cdfs - ok
02:05:51.0869 0x31ac CDPSvc - ok
02:05:51.0874 0x31ac CDPUserSvc - ok
02:05:51.0883 0x31ac cdrom - ok
02:05:51.0892 0x31ac CertPropSvc - ok
02:05:51.0897 0x31ac cht4iscsi - ok
02:05:51.0897 0x31ac cht4vbd - ok
02:05:51.0897 0x31ac CimFS - ok
02:05:51.0914 0x31ac [ 115CC1E142CE29C9006D59943108DF47, 564FA08C5BEC6DAF1A83C80C9139A6E1AA7E05D251DB3BA379B57C9FDAE83E1B ] circlass C:\WINDOWS\System32\drivers\circlass.sys
02:05:51.0917 0x31ac circlass - ok
02:05:51.0930 0x31ac CldFlt - ok
02:05:51.0940 0x31ac CLFS - ok
02:05:51.0950 0x31ac ClipSVC - ok
02:05:51.0972 0x31ac cloudidsvc - ok
02:05:51.0977 0x31ac CmBatt - ok
02:05:51.0989 0x31ac CNG - ok
02:05:52.0037 0x31ac [ A46B4D1484227900F7615FE2A569D828, A06B8002E7A708890222C777DDF8B67FED7015C0943C1FC4F9036E9F9DC14494 ] cnghwassist C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
02:05:52.0037 0x31ac cnghwassist - ok
02:05:52.0077 0x31ac [ 99392FDADF3CE5EB47403E5A52866E6F, 63CEF51971EB85D9823CE9A95F1ED9907D20525ED8E32230068CC36E9082A8C3 ] CompositeBus C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_7500cffa210c6946\CompositeBus.sys
02:05:52.0082 0x31ac CompositeBus - ok
02:05:52.0092 0x31ac COMSysApp - ok
02:05:52.0112 0x31ac condrv - ok
02:05:52.0127 0x31ac ConsentUxUserSvc - ok
02:05:52.0167 0x31ac CoreMessagingRegistrar - ok
02:05:52.0256 0x31ac [ 898BDD69C9583123A1C99D3075F715C5, 65C9CE22FC3257FC2D8740A2391464F4FAC19FAAB8205BF39F246D9CBF249C42 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
02:05:52.0282 0x31ac cphs - ok
02:05:52.0297 0x31ac CredentialEnrollmentManagerUserSvc - ok
02:05:52.0302 0x31ac CredentialEnrollmentManagerUserSvc_5c62c - ok
02:05:52.0322 0x31ac CryptSvc - ok
02:05:52.0331 0x31ac CSC - ok
02:05:52.0347 0x31ac CscService - ok
02:05:52.0349 0x31ac dam - ok
02:05:52.0369 0x31ac DcomLaunch - ok
02:05:52.0374 0x31ac defragsvc - ok
02:05:52.0405 0x31ac DeviceAssociationBrokerSvc - ok
02:05:52.0437 0x31ac DeviceAssociationService - ok
02:05:52.0447 0x31ac DeviceInstall - ok
02:05:52.0462 0x31ac DevicePickerUserSvc - ok
02:05:52.0477 0x31ac DevicesFlowUserSvc - ok
02:05:52.0497 0x31ac [ F8BE99B9EA9B110F7CB3F46BA844C1FF, EABF953864C0AE4FB6426C0B7E92DD81EE4A8852081F9D2EA02B61D4C8DB6188 ] DevQueryBroker C:\WINDOWS\system32\DevQueryBroker.dll
02:05:52.0560 0x31ac DevQueryBroker - ok
02:05:52.0562 0x31ac Dfsc - ok
02:05:52.0591 0x31ac [ 4B7375F07C9B7E520AB042CE9EC0F9ED, CF0E22F829D04707D75B5E15D6284D99FD0E2D33F3A5C0390C89670CBD4495A6 ] dg_ssudbus C:\WINDOWS\system32\DRIVERS\ssudbus2.sys
02:05:52.0674 0x31ac dg_ssudbus - ok
02:05:52.0679 0x31ac Dhcp - ok
02:05:52.0722 0x31ac diagnosticshub.standardcollector.service - ok
02:05:52.0752 0x31ac diagsvc - ok
02:05:52.0786 0x31ac DiagTrack - ok
02:05:52.0812 0x31ac DialogBlockingService - ok
02:05:52.0817 0x31ac disk - ok
02:05:52.0822 0x31ac DispBrokerDesktopSvc - ok
02:05:52.0827 0x31ac DisplayEnhancementService - ok
02:05:52.0872 0x31ac DmEnrollmentSvc - ok
02:05:52.0881 0x31ac dmvsc - ok
02:05:52.0906 0x31ac [ 2E8A026D6680C301ADF6D4B301A4CE8B, 2FDB34E2A61457308B0FEC938A2D6351F63D02BB67DC87FE4F2534E0048C8E89 ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
02:05:52.0950 0x31ac dmwappushservice - ok
02:05:52.0990 0x31ac Dnscache - ok
02:05:53.0010 0x31ac dot3svc - ok
02:05:53.0030 0x31ac [ 9E65C33CB7FB50453F7F4407070EAF53, A8707BD19D584DAECA39990A2E791194140AFCA4FCE31F23CC7E931DF8C17361 ] DPS C:\WINDOWS\system32\dps.dll
02:05:53.0040 0x31ac DPS - ok
02:05:53.0045 0x31ac drmkaud - ok
02:05:53.0055 0x31ac DsmSvc - ok
02:05:53.0060 0x31ac DsSvc - ok
02:05:53.0080 0x31ac [ 81DF23EC4009D307479D5C169539CD67, 65AEE1E876CBE801A763F14930D15CF2E6A10697620B5903AA04BA30585A5676 ] DusmSvc C:\WINDOWS\System32\dusmsvc.dll
02:05:53.0117 0x31ac DusmSvc - ok
02:05:53.0141 0x31ac DXGKrnl - ok
02:05:53.0162 0x31ac [ 52BAE4A73F9F7927B557F4FA2ED91F29, 489DBDA6B083BA8315C9BEF3488E01D859981B267D8167537578D3B49B90AB96 ] e1dexpress C:\WINDOWS\system32\DRIVERS\e1d65x64.sys
02:05:53.0172 0x31ac e1dexpress - ok
02:05:53.0217 0x31ac [ EC473A7AD03C7DE06505B1A9F9185C4C, D1BB3D554F8C1D004E5153BF927D2051587F3273265FCE595D918F8A7EA504BA ] eamonm C:\WINDOWS\system32\DRIVERS\eamonm.sys
02:05:53.0217 0x31ac eamonm - ok
02:05:53.0234 0x31ac Eaphost - ok
02:05:53.0240 0x31ac ebdrv - ok
02:05:53.0272 0x31ac [ 45A4485A2FE33070B58B4D2DFD420C2A, 772C77BE06EE0B609969E1974819FC11C3B2CBF3399A96DA8671B7A25324F1FD ] edevmon C:\WINDOWS\system32\DRIVERS\edevmon.sys
02:05:53.0272 0x31ac edevmon - ok
02:05:53.0349 0x31ac [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdate C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
02:05:53.0351 0x31ac edgeupdate - ok
02:05:53.0356 0x31ac [ D21437C262283650E8349AFA573AC03A, 9C256D462F0640855E1AB3D2C658CB4EDD7E061EB2782FD03481196D5ED93DB5 ] edgeupdatem C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
02:05:53.0366 0x31ac edgeupdatem - ok
02:05:53.0401 0x31ac [ 3026ABB1E11D5192144478C404E5A7FB, D3AFB69D7C5200BBBBC16A45E2E89C42DA8A262316AA88DB9AE62FCA24D50668 ] eelam C:\WINDOWS\system32\DRIVERS\eelam.sys
02:05:53.0406 0x31ac eelam - ok
02:05:53.0421 0x31ac EFS - ok
02:05:53.0456 0x31ac [ CEFBF0B9AA63CA3628DD07C2C79E4D98, C160EEE41EEB382874B42308788BA74E1397B17F65FF048924E7378817967D95 ] ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys
02:05:53.0461 0x31ac ehdrv - ok
02:05:53.0481 0x31ac EhStorClass - ok
02:05:53.0491 0x31ac EhStorTcgDrv - ok
02:05:53.0692 0x31ac [ BC094DAD16B4B6290CAD21A6CEF93407, 6491F51577776353CD4D6E536E611F8006C5B08C70B55B86E3BE052758C74F2F ] ekrn C:\Program Files\ESET\ESET Security\ekrn.exe
02:05:53.0797 0x31ac ekrn - ok
02:05:53.0847 0x31ac [ BC094DAD16B4B6290CAD21A6CEF93407, 6491F51577776353CD4D6E536E611F8006C5B08C70B55B86E3BE052758C74F2F ] ekrnEpfw C:\Program Files\ESET\ESET Security\ekrn.exe
02:05:53.0877 0x31ac ekrnEpfw - ok
02:05:53.0897 0x31ac embeddedmode - ok
02:05:53.0902 0x31ac EntAppSvc - ok
02:05:53.0925 0x31ac [ 38133DA46696380A6628F9E570FAD5A8, CC0F94D3873C1FB13278445DE42370CBAF0F5BA0AFCC3F8F9410256B90C9E3FE ] epfwwfp C:\WINDOWS\system32\DRIVERS\epfwwfp.sys
02:05:53.0925 0x31ac epfwwfp - ok
02:05:53.0930 0x31ac ErrDev - ok
02:05:53.0977 0x31ac [ 35228E19C2AA466B0F6DAE9DBC90A886, 29F5C14685C3D240CC777BDE532DB6AF0C5EBC48A18B3CAE56CFF7F3ECDB1312 ] ESProtectionDriver C:\WINDOWS\system32\drivers\mbae64.sys
02:05:53.0985 0x31ac ESProtectionDriver - ok
02:05:54.0000 0x31ac EventLog - ok
02:05:54.0022 0x31ac EventSystem - ok
02:05:54.0037 0x31ac exfat - ok
02:05:54.0054 0x31ac fastfat - ok
02:05:54.0064 0x31ac Fax - ok
02:05:54.0064 0x31ac fdc - ok
02:05:54.0081 0x31ac [ 0439B82F6034ADA3E71C0C9F169082BD, 0918728669077235B2F2DB7EE22CE819FA570D8A7A497BA5F11E76774EA75099 ] fdPHost C:\WINDOWS\system32\fdPHost.dll
02:05:54.0137 0x31ac fdPHost - ok
02:05:54.0157 0x31ac [ AD64C91B3CC71226785DCE688842E5AB, 056E1091468D268E7970045AB329EB3DFF48BB6B22448046A14C309678847B6E ] FDResPub C:\WINDOWS\system32\fdrespub.dll
02:05:54.0162 0x31ac FDResPub - ok
02:05:54.0186 0x31ac fhsvc - ok
02:05:54.0217 0x31ac [ 8E59D944EE4EFAED65A341A71297C4CD, CFFFD7007AB7FB04ECB44D0079BFE8EEB53AECC988135199C388AF425EBCF2AD ] FileCrypt C:\WINDOWS\system32\drivers\filecrypt.sys
02:05:54.0217 0x31ac FileCrypt - ok
02:05:54.0222 0x31ac FileInfo - ok
02:05:54.0222 0x31ac Filetrace - ok
02:05:54.0227 0x31ac flpydisk - ok
02:05:54.0242 0x31ac FltMgr - ok
02:05:54.0262 0x31ac FontCache - ok
02:05:54.0302 0x31ac [ EAA7668BCC0086D5DCA96CD8CCB5EF23, 78590F24DC4584529E1AF81887D316C71E8D930EA6DC7234E35E489253C72D02 ] FrameServer C:\WINDOWS\system32\FrameServer.dll
02:05:54.0362 0x31ac FrameServer - ok
02:05:54.0372 0x31ac FsDepends - ok
02:05:54.0377 0x31ac Fs_Rec - ok
02:05:54.0382 0x31ac fvevol - ok
02:05:54.0415 0x31ac [ A1E06E4E8CB863C74DE428D4D6681185, DA46502C009FD4C847A547610DEE2684A5A583467BF76009BD46104AAE2F6B1B ] gencounter C:\WINDOWS\System32\drivers\vmgencounter.sys
02:05:54.0486 0x31ac gencounter - ok
02:05:54.0532 0x31ac genericusbfn - ok
02:05:54.0667 0x31ac [ 87F6F0181589F69B2F8EA50EF176B643, 9ACAC7AE3BBB68D232079197BEF5BEDEEA7A6DB2AFDE3AA644266C15CB352104 ] GoogleChromeElevationService C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\elevation_service.exe
02:05:54.0717 0x31ac GoogleChromeElevationService - ok
02:05:54.0752 0x31ac GPIOClx0101 - ok
02:05:54.0762 0x31ac gpsvc - ok
02:05:54.0772 0x31ac [ 8C06046B6A8C1ACDAEA15682058FDFB4, 3E0CC301249B7D8D5BEB932F4DFD1EAB8037679EC153772F63B430713903B0AC ] GpuEnergyDrv C:\WINDOWS\system32\drivers\gpuenergydrv.sys
02:05:54.0772 0x31ac GpuEnergyDrv - ok
02:05:54.0797 0x31ac GraphicsPerfSvc - ok
02:05:54.0827 0x31ac [ 79B804E8A81BFD9C6A3749B4F3EE86E2, BFBDD26604FC653E01976EF23C92CF7ADB59F9E80F47350F1A72B7876BBED60A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:05:54.0837 0x31ac gupdate - ok
02:05:54.0862 0x31ac [ 79B804E8A81BFD9C6A3749B4F3EE86E2, BFBDD26604FC653E01976EF23C92CF7ADB59F9E80F47350F1A72B7876BBED60A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:05:54.0862 0x31ac gupdatem - ok
02:05:54.0872 0x31ac HdAudAddService - ok
02:05:54.0891 0x31ac HDAudBus - ok
02:05:54.0896 0x31ac HidBatt - ok
02:05:54.0896 0x31ac HidBth - ok
02:05:54.0901 0x31ac hidi2c - ok
02:05:54.0906 0x31ac hidinterrupt - ok
02:05:54.0937 0x31ac [ 6B46E3061EC0523CB46ED28060FCD946, 6089305AF73CC584963865482448CD5CA4252EC9BD3E72AF16D45E4F95C3EBF2 ] HidIr C:\WINDOWS\System32\drivers\hidir.sys
02:05:54.0937 0x31ac HidIr - ok
02:05:54.0957 0x31ac hidserv - ok
02:05:54.0962 0x31ac hidspi - ok
02:05:54.0962 0x31ac HidUsb - ok
02:05:54.0967 0x31ac HpSAMD - ok
02:05:54.0974 0x31ac HTTP - ok
02:05:54.0996 0x31ac [ 849A66D34BC2DAD0044FAC2FEE1AF956, A5F6858AA556D9180C303EA3ED02EB6D6D8EB55A100B3918654281A01198D8E8 ] hvcrash C:\WINDOWS\System32\drivers\hvcrash.sys
02:05:55.0001 0x31ac hvcrash - ok
02:05:55.0027 0x31ac [ 855F55BB462B7D8B6BC31A94A592DF3D, 776C772E69CF9D81D8511201813DD79F2106DC7D2547B4FA700432AE9B73C202 ] HvHost C:\WINDOWS\System32\hvhostsvc.dll
02:05:55.0051 0x31ac HvHost - ok
02:05:55.0071 0x31ac [ 9E21E784F824365AAA77582917BCFBF1, 0B1E3BAB79D028770DC776B3FA37DA4B62BB3353C4CF8409A46F1AEA237D87C1 ] hvservice C:\WINDOWS\system32\drivers\hvservice.sys
02:05:55.0071 0x31ac hvservice - ok
02:05:55.0097 0x31ac [ 5DC7DFED5FEDD923B874B51D0C6752BB, 69714A8B74EB02282572B34E156051FFC10693B816905CE18A8C6C8CCB95B846 ] HwNClx0101 C:\WINDOWS\system32\Drivers\mshwnclx.sys
02:05:55.0097 0x31ac HwNClx0101 - ok
02:05:55.0117 0x31ac hwpolicy - ok
02:05:55.0122 0x31ac hyperkbd - ok
02:05:55.0132 0x31ac HyperVideo - ok
02:05:55.0143 0x31ac i8042prt - ok
02:05:55.0147 0x31ac iagpio - ok
02:05:55.0147 0x31ac iai2c - ok
02:05:55.0152 0x31ac iaLPSS2i_GPIO2 - ok
02:05:55.0170 0x31ac iaLPSS2i_GPIO2_BXT_P - ok
02:05:55.0170 0x31ac iaLPSS2i_GPIO2_CNL - ok
02:05:55.0175 0x31ac iaLPSS2i_GPIO2_GLK - ok
02:05:55.0180 0x31ac iaLPSS2i_I2C - ok
02:05:55.0185 0x31ac iaLPSS2i_I2C_BXT_P - ok
02:05:55.0185 0x31ac iaLPSS2i_I2C_CNL - ok
02:05:55.0190 0x31ac iaLPSS2i_I2C_GLK - ok
02:05:55.0195 0x31ac iaLPSSi_GPIO - ok
02:05:55.0195 0x31ac iaLPSSi_I2C - ok
02:05:55.0200 0x31ac iaStorAVC - ok
02:05:55.0205 0x31ac iaStorV - ok
02:05:55.0205 0x31ac ibbus - ok
02:05:55.0221 0x31ac icssvc - ok
02:05:55.0357 0x31ac [ 333CD0E6A4DD97E531786AA40969F8CB, DC53AF9E77809308F3548A306EECB9C14A5743FA107EDACC0017A2B0F04BECF9 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
02:05:55.0522 0x31ac igfx - ok
02:05:55.0537 0x31ac [ 10BB7AD2544EAC38C9F1C7AFE44B2982, 9ACAA5CF33FCA5B48735E141E762543B7CB5AE2ADAC1199A7BF572C9C616F473 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
02:05:55.0547 0x31ac igfxCUIService2.0.0.0 - ok
02:05:55.0566 0x31ac IKEEXT - ok
02:05:55.0567 0x31ac IndirectKmd - ok
02:05:55.0583 0x31ac InstallService - ok
02:05:55.0604 0x31ac [ 87E738E189EB31E2EB07F609C930D068, A19927C8C56F27D7BBD2D7A3A1700EF3C34D63E18D5505DA08D7E8BEDF2CB912 ] intaud_WaveExtensible C:\WINDOWS\system32\drivers\intelaud.sys
02:05:55.0609 0x31ac intaud_WaveExtensible - ok
02:05:55.0725 0x31ac [ D244FBEC7E700F94F284CEBA73E9A2D4, CF5C04F11ACA71EEBC8C3CF9EC32D0B30C7DAE44B89D88AC026AE9498B416A6F ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
02:05:55.0832 0x31ac IntcAzAudAddService - ok
02:05:55.0887 0x31ac [ EAE20DB9DC1366B9A1C558C58229AD65, 966D79304A766DD38EAB1B7B71DDE0ECB23323C07F29C8CBB21EA94654F75DF1 ] IntcDAud C:\WINDOWS\System32\drivers\IntcDAud.sys
02:05:55.0897 0x31ac IntcDAud - ok
02:05:55.0922 0x31ac intelide - ok
02:05:55.0936 0x31ac intelpep - ok
02:05:55.0963 0x31ac [ AECBF5BE2F9A2A50B978E0BF31041A81, A62F436C66DEFEB438A7891857DFB830995714A7E4FE4BDCA6B4EB1606BD2101 ] intelpmax C:\WINDOWS\System32\drivers\intelpmax.sys
02:05:55.0963 0x31ac intelpmax - ok
02:05:55.0974 0x31ac intelppm - ok
02:05:55.0982 0x31ac iorate - ok
02:05:55.0987 0x31ac IpFilterDriver - ok
02:05:56.0004 0x31ac iphlpsvc - ok
02:05:56.0007 0x31ac IPMIDRV - ok
02:05:56.0027 0x31ac [ F63572DF4295C78B3F7036AEDA878176, B71EB3CC4EC95BC9A3FA217736C6C36C756935714D7E16E34C05D913B829CB9C ] IPNAT C:\WINDOWS\system32\drivers\ipnat.sys
02:05:56.0032 0x31ac IPNAT - ok
02:05:56.0044 0x31ac [ B5B6D1F86E40E785D6650DB923DB6BEA, 7A2D92A2274E0379B5FA6351D18E2F0DD55960BB783EA3528FE9E303E1A4256D ] IPT C:\WINDOWS\System32\drivers\ipt.sys
02:05:56.0044 0x31ac IPT - ok
02:05:56.0074 0x31ac [ 77494E26B28465D2A09B9455F8A3B34E, B778D4BC71A5F5CF687175CA53AC342E4740156D4B96E6E96D918BD46C2C1459 ] IpxlatCfgSvc C:\WINDOWS\System32\IpxlatCfg.dll
02:05:56.0079 0x31ac IpxlatCfgSvc - ok
02:05:56.0092 0x31ac isapnp - ok
02:05:56.0107 0x31ac iScsiPrt - ok
02:05:56.0112 0x31ac ItSas35i - ok
02:05:56.0127 0x31ac [ 56D480702478880805F4E74F2BA02382, D1292175BBC38D105E298F7E62C7E113DB540C1878892F1D4E1E2602DECDCAA0 ] iwdbus C:\WINDOWS\System32\drivers\iwdbus.sys
02:05:56.0131 0x31ac iwdbus - ok
02:05:56.0141 0x31ac kbdclass - ok
02:05:56.0151 0x31ac kbdhid - ok
02:05:56.0167 0x31ac kbldfltr - ok
02:05:56.0175 0x31ac kdnic - ok
02:05:56.0200 0x31ac KeyIso - ok
02:05:56.0205 0x31ac KSecDD - ok
02:05:56.0220 0x31ac KSecPkg - ok
02:05:56.0225 0x31ac ksthunk - ok
02:05:56.0247 0x31ac [ DAE67BD7EC6ED569438F5CA38BFBB458, 672CA98525D6DD799A01A3BC3A62AB7B4544D62ECEB3615FAC05BFB97B389D23 ] KtmRm C:\WINDOWS\system32\msdtckrm.dll
02:05:56.0407 0x31ac KtmRm - ok
02:05:56.0416 0x31ac LanmanServer - ok
02:05:56.0437 0x31ac LanmanWorkstation - ok
02:05:56.0467 0x31ac [ A997488F4EDAAD59C748CF9FB1D9DAC0, A0B145041F984DD4E0A6F8D0E9C8363DA6F2DA7460E140F028C320CEAC03759C ] lfsvc C:\WINDOWS\System32\lfsvc.dll
02:05:56.0477 0x31ac lfsvc - ok
02:05:56.0496 0x31ac LicenseManager - ok
02:05:56.0522 0x31ac [ 78779BD92081CB27967E77561683AFBE, 05EC91E194336D1BB1EE323E70FAC54F6DC0CEF53FD4925F394399531A37A0DD ] lltdio C:\WINDOWS\system32\drivers\lltdio.sys
02:05:56.0522 0x31ac lltdio - ok
02:05:56.0542 0x31ac lltdsvc - ok
02:05:56.0553 0x31ac lmhosts - ok
02:05:56.0557 0x31ac LSI_SAS - ok
02:05:56.0562 0x31ac LSI_SAS2i - ok
02:05:56.0567 0x31ac LSI_SAS3i - ok
02:05:56.0567 0x31ac LSI_SSS - ok
02:05:56.0584 0x31ac LSM - ok
02:05:56.0587 0x31ac luafv - ok
02:05:56.0592 0x31ac LxpSvc - ok
02:05:56.0612 0x31ac [ AE03D8F1B7863268EAED2FE0105ED75F, F5172A1A3E24FC5271FCB0118861EA0EC33AA8ABB01AE9CAD50E2F032B92486C ] MapsBroker C:\WINDOWS\System32\moshost.dll
02:05:56.0622 0x31ac MapsBroker - ok
02:05:56.0627 0x31ac mausbhost - ok
02:05:56.0632 0x31ac mausbip - ok
02:05:56.0672 0x31ac [ 84EDF9813CCB01242F732DBD6CEAFB7A, A40DB0A06ACAC78CAA3E0C569A5663089CCCA1725AE963E493C83967FD356DEE ] MBAMChameleon C:\WINDOWS\System32\Drivers\MbamChameleon.sys
02:05:56.0677 0x31ac MBAMChameleon - ok
02:05:56.0712 0x31ac [ BF46AFE0CC03D9A5883E74438170B841, 43309A4DBCF15F09AB3066E96C498785C4F41DBCA8467B0385FCA467AE370980 ] MbamElam C:\WINDOWS\system32\DRIVERS\MbamElam.sys
02:05:56.0712 0x31ac MbamElam - ok
02:05:56.0744 0x31ac [ 9CA9591A9E143ADFC7FBFE68F3253040, AC947859D18FD078A950438369FC27EE05AF6AB175625EC31EA456427F96256C ] MBAMFarflt C:\WINDOWS\system32\DRIVERS\farflt.sys
02:05:56.0744 0x31ac MBAMFarflt - ok
02:05:56.0770 0x31ac [ 0E9EAF09974E7FE6EF14A0B13E3E6CB6, 627D613313190101474A8EF607E99A3D43FCFDB4FCD7462D70EC5E44F20A67B0 ] MBAMProtection C:\WINDOWS\system32\DRIVERS\mbam.sys
02:05:56.0772 0x31ac MBAMProtection - ok
02:05:57.0017 0x31ac [ 92B16C970C547095D8378D5F0F5069D0, 6487967112232A05937B40A0FAD5BFFFBFAE9B6A8B0551E70EEEEA445CE2BB3F ] MBAMService C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
02:05:57.0157 0x31ac MBAMService - ok
02:05:57.0175 0x31ac [ 0B17A8F4956ABD5FA1A0851B59FF960E, 1B62082ACA96EF78A61AFDB33EF77260292C5D08E5E35B56F7F8F0A3A837ED9B ] MBAMSwissArmy C:\WINDOWS\System32\Drivers\mbamswissarmy.sys
02:05:57.0180 0x31ac MBAMSwissArmy - ok
02:05:57.0202 0x31ac [ 3F4C33FD3F5FE093C1640134DA9AA273, A604DA96C6E0709C084F364DE198EDA139116CDDA7777E69AC5FFDAD293428D0 ] MBAMWebProtection C:\WINDOWS\system32\DRIVERS\mwac.sys
02:05:57.0207 0x31ac MBAMWebProtection - ok
02:05:57.0217 0x31ac MbbCx - ok
02:05:57.0222 0x31ac megasas - ok
02:05:57.0222 0x31ac megasas2i - ok
02:05:57.0227 0x31ac megasas35i - ok
02:05:57.0232 0x31ac megasr - ok
02:05:57.0252 0x31ac [ F1E754DEEB3369BCCE2228D5C10DE101, ECC894FCF4C3F2364883BA55242C432E9E416D93E71B67985DF24ECB39F9BAC4 ] MEIx64 C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
02:05:57.0257 0x31ac MEIx64 - ok
02:05:57.0261 0x31ac MessagingService - ok
02:05:57.0352 0x31ac MicrosoftEdgeElevationService - ok
02:05:57.0387 0x31ac [ B74FFC6301B3312A9F59E04E487BC72A, 76F71824E80D10EB71BEDE5EE3A64CAD7CAC3DDFBB6670D1537E6B75FF0217E9 ] Microsoft_Bluetooth_AvrcpTransport C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
02:05:57.0395 0x31ac Microsoft_Bluetooth_AvrcpTransport - ok
02:05:57.0415 0x31ac MixedRealityOpenXRSvc - ok
02:05:57.0432 0x31ac mlx4_bus - ok
02:05:57.0442 0x31ac MMCSS - ok
02:05:57.0457 0x31ac Modem - ok
02:05:57.0472 0x31ac monitor - ok
02:05:57.0477 0x31ac mouclass - ok
02:05:57.0482 0x31ac mouhid - ok
02:05:57.0487 0x31ac mountmgr - ok
02:05:57.0492 0x31ac mpsdrv - ok
02:05:57.0527 0x31ac mpssvc - ok
02:05:57.0539 0x31ac MRxDAV - ok
02:05:57.0557 0x31ac mrxsmb - ok
02:05:57.0557 0x31ac mrxsmb20 - ok
02:05:57.0577 0x31ac [ E587396A4C8151ABBF13A96C4465DE31, A3AA5D51E34657479CFCDC3DBB7821B7255F7CB57D5686B7F709A7953AD537EB ] MsBridge C:\WINDOWS\system32\drivers\bridge.sys
02:05:57.0582 0x31ac MsBridge - ok
02:05:57.0602 0x31ac [ 2EF846AC66E181BE820B513DBC15B5D2, EDFE71025C352D0DABEC7B9506C5945BB0EC11F8DB540DB8CB1116C2EA1648A8 ] MSDTC C:\WINDOWS\System32\msdtc.exe
02:05:57.0622 0x31ac MSDTC - ok
02:05:57.0632 0x31ac Msfs - ok
02:05:57.0677 0x31ac [ 6092FD060EC4132A799BDAD61845DDB7, B45F9D3A71FC8A73AED3C5B8CF6F14A25EBDD3D4D47C9F39FFCD75C7D22F4A9E ] msgpiowin32 C:\WINDOWS\System32\drivers\msgpiowin32.sys
02:05:57.0679 0x31ac msgpiowin32 - ok
02:05:57.0684 0x31ac mshidkmdf - ok
02:05:57.0707 0x31ac [ 9E90FE6DF363D2427A5C773120E7B27D, 1FDB7E28CCAF757603C4B754E1AC9C470E5E60E85DE067375902F108F5E34608 ] mshidumdf C:\WINDOWS\System32\drivers\mshidumdf.sys
02:05:57.0712 0x31ac mshidumdf - ok
02:05:57.0722 0x31ac msisadrv - ok
02:05:57.0740 0x31ac MSiSCSI - ok
02:05:57.0745 0x31ac msiserver - ok
02:05:57.0765 0x31ac MsKeyboardFilter - ok
02:05:57.0775 0x31ac MSKSSRV - ok
02:05:57.0797 0x31ac [ 9FB5040C8CEAE4C32B7884ECBBCAFDAF, 0EC3E53C5B1B202440DE22A5BF7E1EBE9AF5BBB6BA69DB9D018A6D8EC97B477E ] MsLldp C:\WINDOWS\system32\drivers\mslldp.sys
02:05:57.0802 0x31ac MsLldp - ok
02:05:57.0806 0x31ac MSPCLOCK - ok
02:05:57.0811 0x31ac MSPQM - ok
02:05:57.0822 0x31ac MsQuic - ok
02:05:57.0826 0x31ac MsRPC - ok
02:05:57.0837 0x31ac MsSecFlt - ok
02:05:57.0841 0x31ac mssmbios - ok
02:05:57.0841 0x31ac MSTEE - ok
02:05:57.0846 0x31ac MTConfig - ok
02:05:57.0846 0x31ac Mup - ok
02:05:57.0852 0x31ac mvumis - ok
02:05:57.0857 0x31ac NativeWifiP - ok
02:05:57.0857 0x31ac NaturalAuthentication - ok
02:05:57.0884 0x31ac [ D47A20839608B8213065D7AFC8C42195, 7B0187BE9705ED2F925616C13B3744BAC0A9C96B21BE503D96BC9EE7EE125B33 ] NcaSvc C:\WINDOWS\System32\ncasvc.dll
02:05:57.0906 0x31ac NcaSvc - ok
02:05:57.0921 0x31ac NcbService - ok
02:05:57.0931 0x31ac [ 8C938E851CDF2CE30BBEA14555B61820, F853F526C811893BD40B1124BAEC543099381E7BF091729B6A6665DF3CE10B94 ] NcdAutoSetup C:\WINDOWS\System32\NcdAutoSetup.dll
02:05:57.0936 0x31ac NcdAutoSetup - ok
02:05:57.0941 0x31ac ndfltr - ok
02:05:57.0946 0x31ac NDIS - ok
02:05:57.0972 0x31ac [ 6BEC0929C7A7BF2A7C44F585ECC7DAEB, 5F6395268CBD26A4B90960479040C114B2C8A3F24C188C2D5F62D6AB43A637D1 ] NdisCap C:\WINDOWS\system32\drivers\ndiscap.sys
02:05:57.0977 0x31ac NdisCap - ok
02:05:57.0977 0x31ac NdisImPlatform - ok
02:05:58.0000 0x31ac NdisTapi - ok
02:05:58.0000 0x31ac Ndisuio - ok
02:05:58.0005 0x31ac NdisVirtualBus - ok
02:05:58.0015 0x31ac NdisWan - ok
02:05:58.0020 0x31ac ndiswanlegacy - ok
02:05:58.0030 0x31ac [ 33CDAEDC7CBE8339A8324CEC2461BFB4, DAAEACDB4506D2BDDED61957D92FB4983E11D9CE6E7B25119B4CBFB431C945F4 ] NDKPing C:\WINDOWS\system32\drivers\NDKPing.sys
02:05:58.0035 0x31ac NDKPing - ok
02:05:58.0040 0x31ac ndproxy - ok
02:05:58.0053 0x31ac [ 77621E74FD79B267071A0D12C643A48A, 8228B7D1237A0FFABCCC150B299EA494C8F0CB4CCB51AB0DBFF08CBAA9EFC4BB ] Ndu C:\WINDOWS\system32\drivers\Ndu.sys
02:05:58.0057 0x31ac Ndu - ok
02:05:58.0072 0x31ac NetAdapterCx - ok
02:05:58.0072 0x31ac NetBIOS - ok
02:05:58.0077 0x31ac NetBT - ok
02:05:58.0082 0x31ac Netlogon - ok
02:05:58.0087 0x31ac Netman - ok
02:05:58.0102 0x31ac netprofm - ok
02:05:58.0107 0x31ac NetSetupSvc - ok
02:05:58.0207 0x31ac [ B9D455C60292DF5FCB064834CA5802AA, 75DCE4E5FA08CCEAF4D3D30FE8E26903FCDD14CC852E820F63B40F374C706DBD ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:05:58.0209 0x31ac NetTcpPortSharing - ok
02:05:58.0221 0x31ac netvsc - ok
02:05:58.0237 0x31ac NgcCtnrSvc - ok
02:05:58.0237 0x31ac NgcSvc - ok
02:05:58.0253 0x31ac NlaSvc - ok
02:05:58.0253 0x31ac Npfs - ok
02:05:58.0260 0x31ac npsvctrig - ok
02:05:58.0260 0x31ac nsi - ok
02:05:58.0265 0x31ac nsiproxy - ok
02:05:58.0270 0x31ac Ntfs - ok
02:05:58.0275 0x31ac Null - ok
02:05:58.0280 0x31ac nvdimm - ok
02:05:58.0280 0x31ac nvraid - ok
02:05:58.0285 0x31ac nvstor - ok
02:05:58.0295 0x31ac OneSyncSvc - ok
02:05:58.0341 0x31ac [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:05:58.0346 0x31ac ose - ok
02:05:58.0364 0x31ac p2pimsvc - ok
02:05:58.0384 0x31ac [ DA97CD5815EC123BC88382C08D465B9E, 46F5EA2E3D590FB10E14BC811612B6EF87C805B359A652D2C6BFE4840D5D6AA2 ] p2psvc C:\WINDOWS\system32\p2psvc.dll
02:05:58.0453 0x31ac p2psvc - ok
02:05:58.0462 0x31ac Parport - ok
02:05:58.0472 0x31ac partmgr - ok
02:05:58.0501 0x31ac PcaSvc - ok
02:05:58.0516 0x31ac pci - ok
02:05:58.0530 0x31ac pciide - ok
02:05:58.0567 0x31ac pcmcia - ok
02:05:58.0572 0x31ac pcw - ok
02:05:58.0607 0x31ac pdc - ok
02:05:58.0620 0x31ac PEAUTH - ok
02:05:58.0653 0x31ac PeerDistSvc - ok
02:05:58.0682 0x31ac perceptionsimulation - ok
02:05:58.0687 0x31ac percsas2i - ok
02:05:58.0692 0x31ac percsas3i - ok
02:05:58.0766 0x31ac [ 2FC7CFCEDBF7E038351C7CEB1036D2E1, 41D7DA706F0CF613DF768B6795CD09C5C1035F9F101051FB58F5042EB4352DB6 ] PerfHost C:\WINDOWS\SysWow64\perfhost.exe
02:05:58.0782 0x31ac PerfHost - ok
02:05:58.0821 0x31ac PhoneSvc - ok
02:05:58.0831 0x31ac PimIndexMaintenanceSvc - ok
02:05:58.0846 0x31ac PktMon - ok
02:05:58.0890 0x31ac [ 9E431A5D697432DD6F4DB48C9A185104, 44C16E194258C9143A45F4022F9C5DE229E217D6FF7F944F105FE631BE9EF4A7 ] pla C:\WINDOWS\system32\pla.dll
02:05:58.0945 0x31ac pla - ok
02:05:58.0962 0x31ac PlugPlay - ok
02:05:58.0967 0x31ac pmem - ok
02:05:58.0982 0x31ac [ 2769F200292C0F941A10BD60C33EA4A6, B8345C32585C45E6248D7194B1071F2B8617718E7C9B270AAF44C132D029DB4C ] PNPMEM C:\WINDOWS\System32\drivers\pnpmem.sys
02:05:58.0982 0x31ac PNPMEM - ok
02:05:58.0992 0x31ac [ 6AAAC8AD69AEFBE5FE04738B687EE85E, 83427082298E2FC021D5D39A43DB4A5783D95213F2CA8D3A997DB6C815BD9CB2 ] PNRPAutoReg C:\WINDOWS\system32\pnrpauto.dll
02:05:58.0997 0x31ac PNRPAutoReg - ok
02:05:59.0002 0x31ac PNRPsvc - ok
02:05:59.0021 0x31ac PolicyAgent - ok
02:05:59.0021 0x31ac portcfg - ok
02:05:59.0031 0x31ac Power - ok
02:05:59.0037 0x31ac PptpMiniport - ok
02:05:59.0142 0x31ac [ 127682EFCBC718AE83C591CF12EDBE9E, EDA3BBCA39385ECFC53D6726E2E0311F86033F2E29BB2744A92339947D2498BD ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
02:05:59.0232 0x31ac PrintNotify - ok
02:05:59.0237 0x31ac PrintWorkflowUserSvc - ok
02:05:59.0256 0x31ac Processor - ok
02:05:59.0274 0x31ac ProfSvc - ok
02:05:59.0277 0x31ac Psched - ok
02:05:59.0290 0x31ac PushToInstall - ok
02:05:59.0313 0x31ac [ 2F3808790D517E5E5E6ABF7177875C02, BE1A79A6498697EB86FC29638324A853197B49BC06AE3EB1130793F710926998 ] QWAVE C:\WINDOWS\system32\qwave.dll
02:05:59.0332 0x31ac QWAVE - ok
02:05:59.0361 0x31ac [ CE51A9A997D2830C6C64A36D7F8D8879, 706D683CAF92C259C121222446D34ED43F6E8872407C3615E2ED118ACD24D21D ] QWAVEdrv C:\WINDOWS\system32\drivers\qwavedrv.sys
02:05:59.0361 0x31ac QWAVEdrv - ok
02:05:59.0366 0x31ac Ramdisk - ok
02:05:59.0371 0x31ac RasAcd - ok
02:05:59.0381 0x31ac RasAgileVpn - ok
02:05:59.0386 0x31ac RasAuto - ok
02:05:59.0391 0x31ac Rasl2tp - ok
02:05:59.0401 0x31ac RasMan - ok
02:05:59.0401 0x31ac RasPppoe - ok
02:05:59.0406 0x31ac RasSstp - ok
02:05:59.0411 0x31ac rdbss - ok
02:05:59.0437 0x31ac [ B7BAD23CA994EFF8EA11261626326004, 056495FB4A54984CE9D28D7B45550990D4A4B0736669F0F69138BEF51A695EFA ] rdpbus C:\WINDOWS\System32\drivers\rdpbus.sys
02:05:59.0437 0x31ac rdpbus - ok
02:05:59.0457 0x31ac RDPDR - ok
02:05:59.0472 0x31ac RdpVideoMiniport - ok
02:05:59.0492 0x31ac [ B4A6F3BFB5A07DAF4E18C14A6337A226, F906865E349390D24A3DCBC563154BBB9F307B97361832BE93BC9D44A9F3B486 ] rdyboost C:\WINDOWS\system32\drivers\rdyboost.sys
02:05:59.0497 0x31ac rdyboost - ok
02:05:59.0520 0x31ac ReFS - ok
02:05:59.0536 0x31ac ReFSv1 - ok
02:05:59.0557 0x31ac RemoteAccess - ok
02:05:59.0569 0x31ac [ 58B3C0A2B0C130838588EF519ADCE495, 60360DD8EA1802C8F95EB93531FF9666BE1148253E6A1BD706D4CA98955C0F6E ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
02:05:59.0616 0x31ac RemoteRegistry - ok
02:05:59.0626 0x31ac RetailDemo - ok
02:05:59.0652 0x31ac [ D2EE9CCE0187C616E50D61EB30ECA262, 825C918D22FC8DBF3EE9BDB41D121A0AC3CCBFFBA147E2B26F0197552E0675DE ] RFCOMM C:\WINDOWS\System32\drivers\rfcomm.sys
02:05:59.0657 0x31ac RFCOMM - ok
02:05:59.0689 0x31ac [ 4DD0EFE49F0C020DAFEAE6F5F231362C, DF04978AF6CD34C8251B3DDE381CD77518684DCB1D2B16BD2DAFEE63AC9D5858 ] rhproxy C:\WINDOWS\System32\drivers\rhproxy.sys
02:05:59.0691 0x31ac rhproxy - ok
02:05:59.0696 0x31ac RmSvc - ok
02:05:59.0706 0x31ac RpcEptMapper - ok
02:05:59.0736 0x31ac [ D45676C47616B9ABBFAEC97DD3B240A8, E13985D667F66B7A0082356F23270F61A57B8C2DD211B1E09D66D7970D7B4D6A ] RpcLocator C:\WINDOWS\system32\locator.exe
02:05:59.0737 0x31ac RpcLocator - ok
02:05:59.0752 0x31ac RpcSs - ok
02:05:59.0787 0x31ac [ EABD30C39742A79913B595A5B6F809D4, 9067160F566220A2B21FEEE181729A796A3F3EECF75FFB75815BE5CCC7BBA64F ] rspndr C:\WINDOWS\system32\drivers\rspndr.sys
02:05:59.0787 0x31ac rspndr - ok
02:05:59.0872 0x31ac [ FD4D8A0A6B96B8E8FCB8C5A311F76287, 2E69C1D37536B71DD3BF4F587A58B580F7BB9DEA00FE980DF30C3AEBB6DCE5D2 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
02:05:59.0882 0x31ac RtkAudioService - ok
02:05:59.0937 0x31ac [ 37B0328266FECDC5EF35AEB3976BE93A, 3A49F7FA64CC5354B6891813281E583198F4DCA9683A814801AF1FB3124CAF9E ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
02:05:59.0987 0x31ac RTSUER - ok
02:06:00.0002 0x31ac [ 5914CC0C1E99A3C1711BDB1E224526D1, 54BB8636F27282B396D487B3FEA8BD73F2F6FE6DA4DE8D718EE498F75A6A5DCE ] s3cap C:\WINDOWS\System32\drivers\vms3cap.sys
02:06:00.0007 0x31ac s3cap - ok
02:06:00.0032 0x31ac SamSs - ok
02:06:00.0047 0x31ac sbp2port - ok
02:06:00.0052 0x31ac SCardSvr - ok
02:06:00.0057 0x31ac ScDeviceEnum - ok
02:06:00.0062 0x31ac scfilter - ok
02:06:00.0082 0x31ac Schedule - ok
02:06:00.0087 0x31ac scmbus - ok
02:06:00.0092 0x31ac SCPolicySvc - ok
02:06:00.0097 0x31ac sdbus - ok
02:06:00.0111 0x31ac [ 3200667DB433F0A2032FAF4DC02E2089, 5E940CA63AD21CEA08C334AC61D985BAFDBA7DCB2D388F355B5C72EFA3E23E0A ] SDFRd C:\WINDOWS\System32\drivers\SDFRd.sys
02:06:00.0111 0x31ac SDFRd - ok
02:06:00.0121 0x31ac SDRSVC - ok
02:06:00.0126 0x31ac sdstor - ok
02:06:00.0146 0x31ac [ 016706A76857F914C99D2472B1E79BF9, 39A114EB591E243E0429DA7279413F046626DE7B52E057DDBCD26A0A1BF327FB ] seclogon C:\WINDOWS\system32\seclogon.dll
02:06:00.0179 0x31ac seclogon - ok
02:06:00.0194 0x31ac SecurityHealthService - ok
02:06:00.0204 0x31ac SEMgrSvc - ok
02:06:00.0225 0x31ac [ 1EA7972A4C7163FF1D3EFE9988404D4E, 56A94B1617815C1E8A79D832B0F0CBA683C3080105CC4C87DBB9B8EAB4CD2690 ] SENS C:\WINDOWS\System32\sens.dll
02:06:00.0230 0x31ac SENS - ok
02:06:00.0262 0x31ac Sense - ok
02:06:00.0267 0x31ac SensorDataService - ok
02:06:00.0287 0x31ac SensorService - ok
02:06:00.0307 0x31ac [ 0BCFFAD6F3B180DD60C941B01768F733, A0B73C1BF636F14504B69606999287B6FE148C958A4F6E31E9022FF129A048E0 ] SensrSvc C:\WINDOWS\system32\sensrsvc.dll
02:06:00.0317 0x31ac SensrSvc - ok
02:06:00.0317 0x31ac SerCx - ok
02:06:00.0325 0x31ac SerCx2 - ok
02:06:00.0330 0x31ac Serenum - ok
02:06:00.0330 0x31ac Serial - ok
02:06:00.0335 0x31ac sermouse - ok
02:06:00.0340 0x31ac SessionEnv - ok
02:06:00.0345 0x31ac sfloppy - ok
02:06:00.0372 0x31ac [ C05648C2BE6176BE557D9C7F02916388, C65D8FEDDCD9A52B04F42C64DAD2A499BF51246D36042E8DC09DD04C4C0B7BEE ] SgrmAgent C:\WINDOWS\system32\drivers\SgrmAgent.sys
02:06:00.0377 0x31ac SgrmAgent - ok
02:06:00.0377 0x31ac SgrmBroker - ok
02:06:00.0387 0x31ac SharedAccess - ok
02:06:00.0437 0x31ac SharedRealitySvc - ok
02:06:00.0472 0x31ac [ BE44F2B19C4F61FED874C7FE26DF92AA, 07888C7575A1D7D46AE375B1CE6C13665CCEE0F0672EA8FDE71B955B5BC0EA70 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
02:06:00.0527 0x31ac ShellHWDetection - ok
02:06:00.0532 0x31ac shpamsvc - ok
02:06:00.0537 0x31ac SiSRaid2 - ok
02:06:00.0546 0x31ac SiSRaid4 - ok
02:06:00.0546 0x31ac SmartSAMD - ok
02:06:00.0567 0x31ac [ FF75E3F42E77904238AED44E4E03BAEF, 535013A9E3324198E1016963EBF306F3D34583F7031EE753EC6095B15E2D492C ] smbdirect C:\WINDOWS\system32\DRIVERS\smbdirect.sys
02:06:00.0567 0x31ac smbdirect - ok
02:06:00.0590 0x31ac smphost - ok
02:06:00.0605 0x31ac SmsRouter - ok
02:06:00.0625 0x31ac [ 1971BBC71602B928CF9257759E3C05E8, 9D665698FF26ED333AD385B4B7A6C0F2B6806371D278E281FA4188002A5317E8 ] SNMPTRAP C:\WINDOWS\System32\snmptrap.exe
02:06:00.0655 0x31ac SNMPTRAP - ok
02:06:00.0677 0x31ac [ 27B7D9E872939EBB34C30343F991893D, 879AFDC8C50487ED0D3CB58C70A206E185F94BE75C25C31C387F3F08740771F9 ] spaceparser C:\WINDOWS\system32\drivers\spaceparser.sys
02:06:00.0682 0x31ac spaceparser - ok
02:06:00.0707 0x31ac spaceport - ok
02:06:00.0737 0x31ac [ AB3BDEC793187CEDF1229AC98BB7DEDF, D2EA0C5FC534C89310207AA26A8816B30FEEF3F2708A067D8BB93D3CFF9C3936 ] SpatialGraphFilter C:\WINDOWS\system32\drivers\SpatialGraphFilter.sys
02:06:00.0742 0x31ac SpatialGraphFilter - ok
02:06:00.0752 0x31ac SpbCx - ok
02:06:00.0762 0x31ac spectrum - ok
02:06:00.0773 0x31ac Spooler - ok
02:06:00.0773 0x31ac sppsvc - ok
02:06:00.0789 0x31ac srv2 - ok
02:06:00.0803 0x31ac srvnet - ok
02:06:00.0817 0x31ac SSDPSRV - ok
02:06:00.0851 0x31ac ssh-agent - ok
02:06:00.0863 0x31ac SstpSvc - ok
02:06:00.0889 0x31ac [ DB1FA4DDD8641E5631969744695DA856, 7D0B4E051C0644C50A079C407ADAC029858FF5E151F420F8A8B44CE1D2B64BB8 ] ssudmdm C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
02:06:00.0889 0x31ac ssudmdm - ok
02:06:00.0909 0x31ac StateRepository - ok
02:06:01.0046 0x31ac [ 4EAAE0BE59462ABEC74649F0FABFA7A9, DDE81D5926A57001B3D98FF83D1F4B9B08ECFD2EB0F46569BC8927385E65909D ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
02:06:01.0097 0x31ac Steam Client Service - ok
02:06:01.0126 0x31ac stexstor - ok
02:06:01.0163 0x31ac stisvc - ok
02:06:01.0163 0x31ac storahci - ok
02:06:01.0182 0x31ac storflt - ok
02:06:01.0202 0x31ac stornvme - ok
02:06:01.0202 0x31ac storqosflt - ok
02:06:01.0217 0x31ac StorSvc - ok
02:06:01.0227 0x31ac storufs - ok
02:06:01.0232 0x31ac storvsc - ok
02:06:01.0237 0x31ac svsvc - ok
02:06:01.0277 0x31ac swenum - ok
02:06:01.0282 0x31ac swprv - ok
02:06:01.0314 0x31ac Synth3dVsc - ok
02:06:01.0339 0x31ac SysMain - ok
02:06:01.0363 0x31ac SystemEventsBroker - ok
02:06:01.0382 0x31ac TabletInputService - ok
02:06:01.0382 0x31ac TapiSrv - ok
02:06:01.0387 0x31ac Tcpip - ok
02:06:01.0392 0x31ac Tcpip6 - ok
02:06:01.0447 0x31ac [ 57BE670CF1D93717B628271B404D658A, EDD4C58EDAB985C87D6101D9CA5620146EE2BB8A1B899C635DD4CD36541DD46E ] tcpipreg C:\WINDOWS\system32\drivers\tcpipreg.sys
02:06:01.0447 0x31ac tcpipreg - ok
02:06:01.0452 0x31ac tdx - ok
02:06:01.0472 0x31ac Telemetry - ok
02:06:01.0497 0x31ac [ C225B94F2B27AC97C3E66C0550AEA249, 6F88375DD12A648B77BB6EB4BE527FF6678EE76A2059DB5B4CC971CDB31D0DB8 ] terminpt C:\WINDOWS\System32\drivers\terminpt.sys
02:06:01.0497 0x31ac terminpt - ok
02:06:01.0502 0x31ac TermService - ok
02:06:01.0532 0x31ac [ 8EC4197962A0349DFFBDC11586099DB8, 8DD5348A4983C376F63E6B209227D4D02300555F8C80A0E0DB2EA16074ABC334 ] Themes C:\WINDOWS\system32\themeservice.dll
02:06:01.0552 0x31ac Themes - ok
02:06:01.0557 0x31ac TieringEngineService - ok
02:06:01.0557 0x31ac TimeBrokerSvc - ok
02:06:01.0572 0x31ac TokenBroker - ok
02:06:01.0577 0x31ac TPM - ok
02:06:01.0605 0x31ac [ 62636F77E0C51D59F043D9197C897AD4, F121E79E0A15ED6E362D7DEF72F9C1D2D5CC50BBEC3541DFAB91691BC3AFB191 ] TrkWks C:\WINDOWS\System32\trkwks.dll
02:06:01.0615 0x31ac TrkWks - ok
02:06:01.0634 0x31ac TroubleshootingSvc - ok
02:06:01.0697 0x31ac TrustedInstaller - ok
02:06:01.0727 0x31ac [ F613A8618CC19DD96D1E0C81C5DCB7D1, AD6DE675AC033BE6BF75FF6303EAED4B5C672689D3AEC6DB94816D60E19B7030 ] TsUsbFlt C:\WINDOWS\system32\drivers\tsusbflt.sys
02:06:01.0727 0x31ac TsUsbFlt - ok
02:06:01.0747 0x31ac TsUsbGD - ok
02:06:01.0757 0x31ac tsusbhub - ok
02:06:01.0771 0x31ac [ 6244FD1056BF170E38245B4B9042BFDF, C32908B3C5800CD52EF9BDD26C77B8162831CFD19DBF1D399941B17FB909AD94 ] tunnel C:\WINDOWS\system32\drivers\tunnel.sys
02:06:01.0776 0x31ac tunnel - ok
02:06:01.0804 0x31ac tzautoupdate - ok
02:06:01.0857 0x31ac UASPStor - ok
02:06:01.0885 0x31ac UcmCx0101 - ok
02:06:01.0937 0x31ac [ 229B33B8499F4F2AAB1F3B590423611F, E70A2D9EEEF0C6894A0DB7990CFF6ECE3B8F389FD30B7B1949FCBDD3300B6148 ] UcmTcpciCx0101 C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
02:06:01.0963 0x31ac UcmTcpciCx0101 - ok
02:06:02.0012 0x31ac [ 7FDC3A6FD8547468CE554C8821640103, 3626760AEE42EE36E047DA6899A81E0646DFBA344A234270EAE5D635F049BE37 ] UcmUcsiAcpiClient C:\WINDOWS\System32\drivers\UcmUcsiAcpiClient.sys
02:06:02.0032 0x31ac UcmUcsiAcpiClient - ok
02:06:02.0064 0x31ac UcmUcsiCx0101 - ok
02:06:02.0095 0x31ac Ucx01000 - ok
02:06:02.0117 0x31ac UdeCx - ok
02:06:02.0127 0x31ac udfs - ok
02:06:02.0164 0x31ac UdkUserSvc - ok
02:06:02.0220 0x31ac UEFI - ok
02:06:02.0235 0x31ac UevAgentDriver - ok
02:06:02.0240 0x31ac UevAgentService - ok
02:06:02.0240 0x31ac Ufx01000 - ok
02:06:02.0255 0x31ac UfxChipidea - ok
02:06:02.0267 0x31ac ufxsynopsys - ok
02:06:02.0406 0x31ac [ 3CE7ADECE2CDAD638CFC04A685D132D3, CFC126A7F129D8D24511B500411FDDB07D0608F5DE838424CDF6C35AEBAF7ABE ] uhssvc C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
02:06:02.0416 0x31ac uhssvc - ok
02:06:02.0421 0x31ac umbus - ok
02:06:02.0426 0x31ac UmPass - ok
02:06:02.0442 0x31ac UmRdpService - ok
02:06:02.0447 0x31ac UnistoreSvc - ok
02:06:02.0472 0x31ac upnphost - ok
02:06:02.0487 0x31ac [ 5C33B91675BE0C9693358C1AAA723D20, A5BB54ABBB0F7B13ACCA0997F567A81395688C6D68EB87F67F688737DC16918F ] UrsChipidea C:\WINDOWS\System32\DriverStore\FileRepository\urschipidea.inf_amd64_78ad1c14e33df968\urschipidea.sys
02:06:02.0487 0x31ac UrsChipidea - ok
02:06:02.0517 0x31ac [ ADFAB87405AE22290E24D0E8E6141AF1, BC0982BEFE4CABEA1E260C8A3266EA18A4CA158A07D1C5176890A04CC3B6A84A ] UrsCx01000 C:\WINDOWS\system32\drivers\urscx01000.sys
02:06:02.0517 0x31ac UrsCx01000 - ok
02:06:02.0552 0x31ac [ BBDE7BF496327115DD744E7D4105C7BC, 5A8CC47603A1C9D58A30A5E897F1BCDC56199B08317B9FF319D469D6DD6CAAF0 ] UrsSynopsys C:\WINDOWS\System32\DriverStore\FileRepository\urssynopsys.inf_amd64_057fa37902020500\urssynopsys.sys
02:06:02.0552 0x31ac UrsSynopsys - ok
02:06:02.0557 0x31ac usbaudio - ok
02:06:02.0595 0x31ac [ FB9F25ACEBCBAEABFE30CACCB17D4EE6, 7D38FA294DA179E5535E3E481746F07E2AE47CE57192C2D1C5B780B583FD9C6D ] usbaudio2 C:\WINDOWS\System32\drivers\usbaudio2.sys
02:06:02.0601 0x31ac usbaudio2 - ok
02:06:02.0606 0x31ac usbccgp - ok
02:06:02.0637 0x31ac [ 11561FC5BAA2DEB5AC8B179B591A882E, 2AD595BF4ABC146D8F533981848FF8271E983038566937BEB48A6A8F09BC60FB ] usbcir C:\WINDOWS\System32\drivers\usbcir.sys
02:06:02.0640 0x31ac usbcir - ok
02:06:02.0641 0x31ac usbehci - ok
02:06:02.0646 0x31ac usbhub - ok
02:06:02.0651 0x31ac USBHUB3 - ok
02:06:02.0661 0x31ac usbohci - ok
02:06:02.0697 0x31ac usbprint - ok
02:06:02.0697 0x31ac usbser - ok
02:06:02.0707 0x31ac USBSTOR - ok
02:06:02.0707 0x31ac usbuhci - ok
02:06:02.0722 0x31ac usbvideo - ok
02:06:02.0727 0x31ac USBXHCI - ok
02:06:02.0732 0x31ac UserDataSvc - ok
02:06:02.0767 0x31ac UserManager - ok
02:06:02.0795 0x31ac UsoSvc - ok
02:06:02.0813 0x31ac VacSvc - ok
02:06:02.0822 0x31ac VaultSvc - ok
02:06:02.0827 0x31ac vdrvroot - ok
02:06:02.0855 0x31ac vds - ok
02:06:02.0860 0x31ac VerifierExt - ok
02:06:02.0867 0x31ac vhdmp - ok
02:06:02.0872 0x31ac vhf - ok
02:06:02.0885 0x31ac Vid - ok
02:06:02.0915 0x31ac [ 129165F67CCBB25BE6BE8AE2F0C15DDA, 1A1E57CB0DD7CA08D96BBB1B6CE667E3273702C13A7ECF86839B7642EF8255E0 ] ViGEmBus C:\WINDOWS\System32\drivers\ViGEmBus.sys
02:06:02.0915 0x31ac ViGEmBus - ok
02:06:02.0950 0x31ac [ B37F0BF662BB504F0A9C247F24C281AD, 6281D573D9AD9AA204778C3823737726E882B17657B23CF5458C012FF7990E52 ] VirtualRender C:\WINDOWS\System32\DriverStore\FileRepository\vrd.inf_amd64_81fbd405ff2470fc\vrd.sys
02:06:02.0950 0x31ac VirtualRender - ok
02:06:02.0974 0x31ac vmbus - ok
02:06:02.0977 0x31ac VMBusHID - ok
02:06:03.0000 0x31ac [ E5BB075B6B5A1DA3C3F48CA5DFF54E77, E13E8F9523F51F976084561C9D0A843CAF550FA233521FF13FFE1C5634CA6472 ] vmgid C:\WINDOWS\System32\drivers\vmgid.sys
02:06:03.0000 0x31ac vmgid - ok
02:06:03.0023 0x31ac vmicguestinterface - ok
02:06:03.0027 0x31ac vmicheartbeat - ok
02:06:03.0032 0x31ac vmickvpexchange - ok
02:06:03.0057 0x31ac vmicrdv - ok
02:06:03.0057 0x31ac vmicshutdown - ok
02:06:03.0065 0x31ac vmictimesync - ok
02:06:03.0067 0x31ac vmicvmsession - ok
02:06:03.0072 0x31ac vmicvss - ok
02:06:03.0077 0x31ac volmgr - ok
02:06:03.0086 0x31ac volmgrx - ok
02:06:03.0096 0x31ac volsnap - ok
02:06:03.0101 0x31ac volume - ok
02:06:03.0116 0x31ac [ A37A7788DABE4FF6E33FE50D7A33D8E8, 9E99D9D27BA3DFA6F89C77B9AD91BE495F15E4F612BB63B209157DFA13BCD7E0 ] vpci C:\WINDOWS\system32\drivers\vpci.sys
02:06:03.0117 0x31ac vpci - ok
02:06:03.0127 0x31ac vsmraid - ok
02:06:03.0157 0x31ac VSS - ok
02:06:03.0167 0x31ac VSTXRAID - ok
02:06:03.0182 0x31ac vwifibus - ok
02:06:03.0187 0x31ac vwififlt - ok
02:06:03.0187 0x31ac W32Time - ok
02:06:03.0195 0x31ac WaaSMedicSvc - ok
02:06:03.0200 0x31ac WacomPen - ok
02:06:03.0220 0x31ac WalletService - ok
02:06:03.0230 0x31ac wanarp - ok
02:06:03.0235 0x31ac wanarpv6 - ok
02:06:03.0267 0x31ac [ 8449398F11D49864117105679B539816, 8FD3B9C72066D6A983D062DE72EEF9769339EACBF4E0D303B9E12343C9D5DE6C ] WarpJITSvc C:\WINDOWS\System32\Windows.WARP.JITService.dll
02:06:03.0322 0x31ac WarpJITSvc - ok
02:06:03.0347 0x31ac wbengine - ok
02:06:03.0372 0x31ac WbioSrvc - ok
02:06:03.0377 0x31ac wcifs - ok
02:06:03.0397 0x31ac Wcmsvc - ok
02:06:03.0402 0x31ac wcncsvc - ok
02:06:03.0412 0x31ac wcnfs - ok
02:06:03.0437 0x31ac WdBoot - ok
02:06:03.0457 0x31ac Wdf01000 - ok
02:06:03.0462 0x31ac WdFilter - ok
02:06:03.0487 0x31ac [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiServiceHost C:\WINDOWS\system32\wdi.dll
02:06:03.0497 0x31ac WdiServiceHost - ok
02:06:03.0505 0x31ac [ BB37AF6E45E0F69222E057A74B4AFE1E, 4662064205BEC0DB7B10F1412E0A09A6E5E3B16DE443AEF7F79ACA3ACE24A51D ] WdiSystemHost C:\WINDOWS\system32\wdi.dll
02:06:03.0515 0x31ac WdiSystemHost - ok
02:06:03.0520 0x31ac wdiwifi - ok
02:06:03.0551 0x31ac [ A6C92A5F2982EBB8788E0690C19048C4, 85C54A99DD43DC1FAC7FD2A31288CEC7501F795DE8FA86857790F4CCD5AF7C18 ] WdmCompanionFilter C:\WINDOWS\system32\drivers\WdmCompanionFilter.sys
02:06:03.0551 0x31ac WdmCompanionFilter - ok
02:06:03.0556 0x31ac WdNisDrv - ok
02:06:03.0614 0x31ac WdNisSvc - ok
02:06:03.0629 0x31ac WebClient - ok
02:06:03.0634 0x31ac Wecsvc - ok
02:06:03.0659 0x31ac [ CBA85827716DE89106F8E4AD7430620C, EF2FEAD68FE003DAC52BC2098962F397DF80B7DCD79A8F45012A050C7C0E2DB1 ] WEPHOSTSVC C:\WINDOWS\system32\wephostsvc.dll
02:06:03.0677 0x31ac WEPHOSTSVC - ok
02:06:03.0707 0x31ac wercplsupport - ok
02:06:03.0740 0x31ac WerSvc - ok
02:06:03.0757 0x31ac WFDSConMgrSvc - ok
02:06:03.0773 0x31ac WFPLWFS - ok
02:06:03.0787 0x31ac WiaRpc - ok
02:06:03.0811 0x31ac WIMMount - ok
02:06:03.0816 0x31ac WinDefend - ok
02:06:03.0853 0x31ac [ B434A84F46C70F4E67B70ED70F024B7F, 64EEB8093BA2590E83D83C5AF7C2A025B88AF5681143BCA83671104266FEEA99 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
02:06:03.0857 0x31ac WindowsTrustedRT - ok
02:06:03.0882 0x31ac [ 982774B74EE1419D641CEB66E394A4BA, 090C4CE6B76B3904B5AE73E4F1EEBCE619194C358874D7584537012F954C54BE ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
02:06:03.0882 0x31ac WindowsTrustedRTProxy - ok
02:06:03.0892 0x31ac WinHttpAutoProxySvc - ok
02:06:03.0912 0x31ac WinMad - ok
02:06:03.0937 0x31ac Winmgmt - ok
02:06:03.0942 0x31ac WinNat - ok
02:06:03.0947 0x31ac WinRM - ok
02:06:03.0987 0x31ac [ 91D3DC62C6EDDB6554CE14C0E0B4290F, 6F8F89B350FC6BC0D23A50C593F02514854AB7D6CD234D8C8AD4B5DDDD586BA0 ] WINUSB C:\WINDOWS\System32\drivers\WinUSB.SYS
02:06:03.0997 0x31ac WINUSB - ok
02:06:04.0012 0x31ac WinVerbs - ok
02:06:04.0037 0x31ac wisvc - ok
02:06:04.0042 0x31ac WlanSvc - ok
02:06:04.0087 0x31ac wlidsvc - ok
02:06:04.0100 0x31ac wlpasvc - ok
02:06:04.0115 0x31ac WManSvc - ok
02:06:04.0120 0x31ac WmiAcpi - ok
02:06:04.0144 0x31ac wmiApSrv - ok
02:06:04.0197 0x31ac WMPNetworkSvc - ok
02:06:04.0214 0x31ac Wof - ok
02:06:04.0240 0x31ac workfolderssvc - ok
02:06:04.0255 0x31ac WpcMonSvc - ok
02:06:04.0270 0x31ac WPDBusEnum - ok
02:06:04.0287 0x31ac [ 024924C9E79F51560B9133EEAB866BBF, F4D464BC02C7B96EF72AA9229A99A1AD32F56390F97972C33525EF0D85304261 ] WpdUpFltr C:\WINDOWS\system32\drivers\WpdUpFltr.sys
02:06:04.0302 0x31ac WpdUpFltr - ok
02:06:04.0322 0x31ac WpnService - ok
02:06:04.0342 0x31ac WpnUserService - ok
02:06:04.0362 0x31ac ws2ifsl - ok
02:06:04.0377 0x31ac wscsvc - ok
02:06:04.0382 0x31ac WSearch - ok
02:06:04.0389 0x31ac wuauserv - ok
02:06:04.0409 0x31ac [ 7FC0072ECE3F5F860990EF4E10D3F8F4, 15444A3E540EAD214A674FF0EB99CD42899D6A1139E59D69DE1C2B6BA364A9E0 ] WudfPf C:\WINDOWS\system32\drivers\WudfPf.sys
02:06:04.0414 0x31ac WudfPf - ok
02:06:04.0472 0x31ac [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFRd C:\WINDOWS\System32\drivers\WUDFRd.sys
02:06:04.0487 0x31ac WUDFRd - ok
02:06:04.0497 0x31ac [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdFs C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
02:06:04.0510 0x31ac WUDFWpdFs - ok
02:06:04.0525 0x31ac [ 24B093F34B25076A2A6605DDAC8A629B, 64BEEA0C054C91AD2CEB9F6B9238A8ED3696FC20B8CC4753D88B8BC482D766C0 ] WUDFWpdMtp C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
02:06:04.0530 0x31ac WUDFWpdMtp - ok
02:06:04.0545 0x31ac WwanSvc - ok
02:06:04.0545 0x31ac XblAuthManager - ok
02:06:04.0550 0x31ac XblGameSave - ok
02:06:04.0560 0x31ac xboxgip - ok
02:06:04.0565 0x31ac XboxGipSvc - ok
02:06:04.0582 0x31ac XboxNetApiSvc - ok
02:06:04.0647 0x31ac [ E031D482CE4EF80CB81B035AF7A0D669, 5A59961E3A3D404377684725BE304F6DC7AF3431147841F06F744633D5D97972 ] xhunter1 C:\Windows\xhunter1.sys
02:06:04.0682 0x31ac xhunter1 - ok
02:06:04.0697 0x31ac xinputhid - ok
02:06:04.0717 0x31ac [ BED094AB47C813697E5920049617F408, 1190B9FD9D1E2BDE9CA11CFC75305A87E9ECC8EAB1B1C48875DE2BD82F23EC67 ] xspirit C:\Windows\xspirit.sys
02:06:04.0717 0x31ac xspirit - ok
02:06:04.0747 0x31ac [ B5D4D7025A556A45837EC49BBBAADF6A, 809859D6C2C88568884C1DE6D8DA28E065700674A68ABC8ECA33EE58D573C3B9 ] xusb22 C:\WINDOWS\System32\drivers\xusb22.sys
02:06:04.0747 0x31ac xusb22 - ok
02:06:04.0757 0x31ac ================ Scan global ===============================
02:06:04.0797 0x31ac [ Global ] - ok
02:06:04.0797 0x31ac ================ Scan MBR ==================================
02:06:04.0832 0x31ac [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
02:06:04.0857 0x31ac \Device\Harddisk0\DR0 - ok
02:06:04.0862 0x31ac ================ Scan VBR ==================================
02:06:04.0867 0x31ac [ 88C9D9DFB01E9824ED86123217A2B298 ] \Device\Harddisk0\DR0\Partition1
02:06:04.0867 0x31ac \Device\Harddisk0\DR0\Partition1 - ok
02:06:04.0882 0x31ac [ 2E696BEDCD79837AB080C60EE3CE923A ] \Device\Harddisk0\DR0\Partition2
02:06:04.0887 0x31ac \Device\Harddisk0\DR0\Partition2 - ok
02:06:04.0897 0x31ac [ 16A290B7B53C4288D55CF13ECB2C1D89 ] \Device\Harddisk0\DR0\Partition3
02:06:04.0897 0x31ac \Device\Harddisk0\DR0\Partition3 - ok
02:06:04.0917 0x31ac [ 73D722AEB3AA1E4A7E29BD3C517BEFB6 ] \Device\Harddisk0\DR0\Partition4
02:06:04.0917 0x31ac \Device\Harddisk0\DR0\Partition4 - ok
02:06:04.0935 0x31ac [ D4A8F7CB5D241743652A28661AFF6B2A ] \Device\Harddisk0\DR0\Partition5
02:06:04.0935 0x31ac \Device\Harddisk0\DR0\Partition5 - ok
02:06:04.0937 0x31ac ================ Scan generic autorun ======================
02:06:04.0977 0x31ac [ 783C99AFD4C2AE6950FA5694389D2CFA, 570B37A7A3FFDAFCCECCC33CBC1968FEB857B73CA3CB4DFFEDC2E67E9ABD0878 ] C:\WINDOWS\system32\SecurityHealthSystray.exe
02:06:04.0982 0x31ac SecurityHealth - ok
02:06:05.0099 0x31ac [ 76BEC0984FBD2BEC624B213D5B10C9AD, 97EB0836D032392E88C520DB0F6814E4934C0D4C730C9E5399FDF704F7E28327 ] C:\Program Files\ESET\ESET Security\ecmdS.exe
02:06:05.0101 0x31ac egui - ok
02:06:05.0314 0x31ac [ D1AFCB5F332A3D2E33A8A9523D548C2E, 76E8DCC77B0597250430D3F067017AD9DB80948B5DFFB3020D5A6AAD61159685 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
02:06:05.0502 0x31ac RTHDVCPL - ok
02:06:05.0547 0x31ac [ 730E915C4AD707C3AB2FA85B95DD847D, B1B2AF0833E0E0D8A180FC016DF3DB8D9C09B50C2AE18263E0C356DF8B3B93E0 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
02:06:05.0574 0x31ac RtHDVBg - ok
02:06:05.0615 0x31ac [ 4C74E057F63570D4559A7916AC3AE3CA, 1700DEA2A98D85CEAC6F2E7F0B10A7FAB08D02DC6A89BAB4CF7F2D1C512053F3 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
02:06:05.0625 0x31ac SunJavaUpdateSched - ok
02:06:05.0716 0x31ac OneDriveSetup - ok
02:06:05.0762 0x31ac [ 251E51E2FEDCE8BB82763D39D631EF89, 2682086ACE1970D5573F971669591B731F87D749406927BD7A7A4B58C3C662E9 ] C:\Program Files (x86)\Windows Mail\wab.exe
02:06:05.0767 0x31ac WAB Migrate - ok
02:06:05.0767 0x31ac OneDriveSetup - ok
02:06:05.0797 0x31ac [ 251E51E2FEDCE8BB82763D39D631EF89, 2682086ACE1970D5573F971669591B731F87D749406927BD7A7A4B58C3C662E9 ] C:\Program Files (x86)\Windows Mail\wab.exe
02:06:05.0802 0x31ac WAB Migrate - ok
02:06:05.0907 0x31ac OneDrive - ok
02:06:06.0019 0x31ac [ 35C4D928BE190C842807667DB21EF985, FFC0541718F663955E4865C924BD4500197A8DD2D6E18C14495848C4DC96ECAA ] C:\Program Files (x86)\Steam\steam.exe
02:06:06.0122 0x31ac Steam - ok
02:06:06.0182 0x31ac [ 13E3F1E318224A1593F8783086ACA044, 9B2DE7E18319BC24FFADAC02E1A1ADC82571BE94B4C63B075435868F232E2724 ] C:\Users\USER\AppData\Local\Discord\Update.exe
02:06:06.0242 0x31ac Discord - ok
02:06:06.0322 0x31ac [ CAAB15630A285117523D04A6A287AEB8, 97147B218B4FBC15538A34BBFB0607E8D996522D3E9B168043959470C3834385 ] C:\Program Files (x86)\Battle.net\Battle.net.exe
02:06:06.0347 0x31ac Battle.net - ok
02:06:06.0407 0x31ac EpicGamesLauncher - ok
02:06:06.0416 0x31ac Waiting for KSN requests completion. In queue: 128
02:06:07.0502 0x31ac AV detected via SS2: ESET Security, C:\Program Files\ESET\ESET Security\ecmds.exe ( 15.0.21.0 ), 0x40000 ( disabled : updated )
02:06:07.0502 0x31ac AV detected via SS2: Windows Defender, windowsdefender:// ( ), 0x60100 ( disabled : updated )
02:06:07.0502 0x31ac AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.207 ), 0x61000 ( enabled : updated )
02:06:07.0507 0x31ac AV detected via SS2: ESET Security, C:\Program Files\ESET\ESET Security\ecmds.exe ( 15.0.21.0 ), 0x40000 ( disabled : updated )
02:06:07.0516 0x31ac Win FW state via NFP2: enabled ( trusted )
02:06:08.0122 0x31ac ============================================================
02:06:08.0122 0x31ac Scan finished
02:06:08.0122 0x31ac ============================================================
02:06:08.0147 0x2ad8 Detected object count: 0
02:06:08.0147 0x2ad8 Actual detected object count: 0
Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Users\USER\Downloads\RogueKiller_portable64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/12/19 08:32:01
Type : Scan
Aborted : No
Scan Mode : Custom
Duration : 4407
Found items : 10
Total scanned : 580027
Signatures Version : 20211216_132143
Truesight Driver : Yes
Updates Count : 4
************************* Warnings *************************
(17:57791) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7
[+] message : LONG_FOLDER_SCAN
[+] int1 : 17
[+] int2 : 57791
(18:58003) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6
[+] message : LONG_FOLDER_SCAN
[+] int1 : 18
[+] int2 : 58003
(35:0) C:\Windows\servicing\LCU, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU
[+] message : LONG_FOLDER_SCAN
[+] int1 : 35
[+] int2 : 0
(36:4) C:\Windows\servicing, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing
[+] message : LONG_FOLDER_SCAN
[+] int1 : 36
[+] int2 : 4
(48:30) C:\Windows, LONG_FOLDER_SCAN
[+] path : C:\Windows
[+] message : LONG_FOLDER_SCAN
[+] int1 : 48
[+] int2 : 30
************************* Updates *************************
VLC media player (64-bit), version 3.0.6
[+] Available Version : 3.0.16
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC
WinRAR 5.61 (64-bit) (64-bit), version 5.61.0
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\
Discord (64-bit), version 0.0.309
[+] Available Version : 1.0.9003
[+] Size : 64.6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\USER\AppData\Local\Discord
Zoom (64-bit), version 5.7.7 (1105)
[+] Available Version : 5.8.7
[+] Size : 9.76 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\USER\AppData\Roaming\Zoom\bin
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
>>>>>> O87 - Firewall
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2A0828D8-A8B8-4941-98AD-0F35E572C78D}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe|Name=among us.exe|Desc=among us.exe|Defer=User| (missing) -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FEF4EE02-6CC8-4BCA-8385-BA61D2C542C9}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe|Name=among us.exe|Desc=among us.exe|Defer=User| (missing) -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4CECD110-DE74-48CF-83BC-B92C966A0B23}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe|Name=among us.exe|Desc=among us.exe|Defer=User| (missing) -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{52E49AB1-A25A-4455-960F-80FCAF26D7C1}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe -- v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe|Name=among us.exe|Desc=among us.exe|Defer=User| (missing) -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{485D67DC-2A2A-4DBE-9221-513E742D01FF}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe|Name=among us.exe|Desc=among us.exe| -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{981BC0B2-36A8-4DE4-AA29-F32DAC2FF54A}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe|Name=among us.exe|Desc=among us.exe| -> Encontrado
├── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5FCCCC92-BB44-4253-9EB4-BF46F5CC4625}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Encontrado
└── [Suspicious.Path (Potencialmente Malicioso)] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1ECEDD55-4585-4F49-8734-DD4F0D7EC713}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe -- v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe|Name=chrome.exe|Desc=chrome.exe| -> Encontrado
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
[PUP.OnlineIO (Potencialmente Malicioso)] (folder) AdvinstAnalytics -- C:\Users\USER\AppData\Local\AdvinstAnalytics -> Encontrado
[PUP.OnlineIO (Potencialmente Malicioso)] (folder) AdvinstAnalytics -- C:\Users\USER\AppData\Local\AdvinstAnalytics -> Encontrado
************************* Web Browsers *************************
************************* Antirootkit *************************
Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Users\USER\Downloads\RogueKiller_portable64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/12/19 12:55:04
Type : Removal
Aborted : No
Scan Mode : Custom
Duration : 4407
Found items : 10
Total scanned : 580027
Signatures Version : 20211216_132143
Truesight Driver : Yes
Updates Count : 4
************************* Warnings *************************
(17:57791) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7
[+] message : LONG_FOLDER_SCAN
[+] int1 : 17
[+] int2 : 57791
(18:58003) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6
[+] message : LONG_FOLDER_SCAN
[+] int1 : 18
[+] int2 : 58003
(35:0) C:\Windows\servicing\LCU, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU
[+] message : LONG_FOLDER_SCAN
[+] int1 : 35
[+] int2 : 0
(36:4) C:\Windows\servicing, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing
[+] message : LONG_FOLDER_SCAN
[+] int1 : 36
[+] int2 : 4
(48:30) C:\Windows, LONG_FOLDER_SCAN
[+] path : C:\Windows
[+] message : LONG_FOLDER_SCAN
[+] int1 : 48
[+] int2 : 30
************************* Removal *************************
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2A0828D8-A8B8-4941-98AD-0F35E572C78D}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe -- [%localappdata%\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe] -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2A0828D8-A8B8-4941-98AD-0F35E572C78D}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe
[+] value : [%localappdata%\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FEF4EE02-6CC8-4BCA-8385-BA61D2C542C9}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe -- [%localappdata%\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe] -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{FEF4EE02-6CC8-4BCA-8385-BA61D2C542C9}C:\users\user\appdata\local\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe
[+] value : [%localappdata%\temp\rar$exa14036.20835\among.us.v2020.9.9s-jefh\among us.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4CECD110-DE74-48CF-83BC-B92C966A0B23}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe -- [%localappdata%\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe] -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{4CECD110-DE74-48CF-83BC-B92C966A0B23}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe
[+] value : [%localappdata%\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{52E49AB1-A25A-4455-960F-80FCAF26D7C1}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe -- [%localappdata%\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe] -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{52E49AB1-A25A-4455-960F-80FCAF26D7C1}C:\users\user\appdata\local\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe
[+] value : [%localappdata%\temp\rar$exa14036.8246\among.us.v2020.9.9s-jefh\among us.exe]
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{485D67DC-2A2A-4DBE-9221-513E742D01FF}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe -- -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{485D67DC-2A2A-4DBE-9221-513E742D01FF}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 4
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{981BC0B2-36A8-4DE4-AA29-F32DAC2FF54A}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe -- -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{981BC0B2-36A8-4DE4-AA29-F32DAC2FF54A}C:\users\user\appdata\local\temp\rar$exa13648.19714\amongus zsg\among us.exe
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 5
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5FCCCC92-BB44-4253-9EB4-BF46F5CC4625}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe -- -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5FCCCC92-BB44-4253-9EB4-BF46F5CC4625}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 6
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potencialmente Malicioso)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1ECEDD55-4585-4F49-8734-DD4F0D7EC713}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe -- -> Borrado
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1ECEDD55-4585-4F49-8734-DD4F0D7EC713}C:\users\user\appdata\local\temp\rar$exa12032.31176\chrome-bin\chrome.exe
[+] Type : Registry
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 7
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[PUP.OnlineIO (Potencialmente Malicioso)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Borrado
[+] scan_what : 1
[+] vendors : PUP.OnlineIO
[+] Name : AdvinstAnalytics
[+] value : %localappdata%\AdvinstAnalytics
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 8
[+] status : 3
[+] status_str : Borrado
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[PUP.OnlineIO (Potencialmente Malicioso)] AdvinstAnalytics -- %localappdata%\AdvinstAnalytics -> Eliminado al reiniciar [2]
[+] scan_what : 1
[+] vendors : PUP.OnlineIO
[+] Name : AdvinstAnalytics
[+] value : %localappdata%\AdvinstAnalytics
[+] Type : File/Folder
[+] file_vtscore : -1
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 9
[+] status : 5
[+] status_str : Eliminado al reiniciar [2]
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
Perfecto! Todos los programas han realizado su función! Quiero asegurarme de una cosa, pasale de nuevo el programa: “RogueKiller” siguiendo su “Manual de Uso” como lo ha estado realizando correctamente y me manda de nuevo dicho “Informe” cuando haya finalizado dicho proceso de Análisis Completo.
Si te pide reiniciar el programa para poder eliminar dichas infección “REINICIAS”, si el programa “NO” te pide Reiniciar “NO” reinicie.
Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Users\USER\Downloads\RogueKiller_portable64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : User
User is Admin : Yes
Date : 2021/12/20 01:57:49
Type : Scan
Aborted : No
Scan Mode : Custom
Duration : 4185
Found items : 0
Total scanned : 580007
Signatures Version : 20211216_132143
Truesight Driver : Yes
Updates Count : 4
************************* Warnings *************************
(16:57791) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1348.1.7
[+] message : LONG_FOLDER_SCAN
[+] int1 : 16
[+] int2 : 57791
(17:58003) C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~19041.1415.1.6
[+] message : LONG_FOLDER_SCAN
[+] int1 : 17
[+] int2 : 58003
(33:0) C:\Windows\servicing\LCU, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing\LCU
[+] message : LONG_FOLDER_SCAN
[+] int1 : 33
[+] int2 : 0
(34:4) C:\Windows\servicing, LONG_FOLDER_SCAN
[+] path : C:\Windows\servicing
[+] message : LONG_FOLDER_SCAN
[+] int1 : 34
[+] int2 : 4
(45:30) C:\Windows, LONG_FOLDER_SCAN
[+] path : C:\Windows
[+] message : LONG_FOLDER_SCAN
[+] int1 : 45
[+] int2 : 30
************************* Updates *************************
VLC media player (64-bit), version 3.0.6
[+] Available Version : 3.0.16
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\VideoLAN\VLC
WinRAR 5.61 (64-bit) (64-bit), version 5.61.0
[+] Available Version : 6.02
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\
Discord (64-bit), version 0.0.309
[+] Available Version : 1.0.9003
[+] Size : 64.6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\USER\AppData\Local\Discord
Zoom (64-bit), version 5.7.7 (1105)
[+] Available Version : 5.8.7
[+] Size : 9.76 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\USER\AppData\Roaming\Zoom\bin
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
He revisado TODOS los Informes generados por todos los programas que se le han ido pasando y puedo casi asegurar que tu ordenador está completamente libre de infecciones.
De todas formas:
Reinicie el ordenador y comente que tal funciona ahora y comente si se le ha solucionado el problema por el cual abrió este TEMA.
Es decir: ¿Cómo funciona tu ordenador respecto al problema inicial planteado por el cual abriste este tema?
A la espera de su respuesta.
Buenas tardes, disculpe la demora he estado un poco delicado de salud y ya pude observar que la computadora esta mejor que antes e incluso muchos ventanas pop up que solían salirme al abrir el navegador ya no están e incluso ahora con mayor seguridad me advierten si alguna pagina o contenido de descarga es peligroso para mi, en serio muchas gracias por su tiempo y dedicación al ayudarme con mi problema.
Gracias a ti por tu paciencia que has tenido en la realización de los procedimientos que se han realizado.
Por mi parte podemos dar el tema por solucionado, para ello, busca en este mismo TEMA la opción que pone: Solución ó Solucionado para poder dar por finalizado el problema por el cual abriste este TEMA.
Para la próxima vez que te ocurra cualquier problema con tu ordenador puedes abrir un nuevo TEMA y estaremos encantados de ayudarle de ayudarlo.
Te indicaré como debes de cerrar el tema.
No olvides de marcar el tema como Solucionado. Para ello miras el enlace que te he pasado y marcas como solución alguna de las respuestas.
Como consejo/apunte final, te invito a que nos sigas en nuestras redes sociales para estar al tanto y prevenida de los nuevos tipos de malwares y de otros temas relacionados que puedan ser de tu interés.
Ha sido un placer ayudarte en ayudarte a dar por SOLUCIONADO EL TEMA y en esta parte final de este. Has tenido paciencia y has sido muy fácil de llevar a lo largo del tema. Muchas gracias por confiar en ForoSpyware.