Virus detectados ¿quedan rastros?

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2021 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 02/21/2021 01:31:49 AM in x64 mode.
Windows Version: Windows 8.1 Single Language 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

malwarebytes1.txt (1,9 KB) malwarebytes2.txt (1,5 KB)

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-20-2021
# Duration: 00:01:31
# OS:       Windows 8.1 Single Language
# Scanned:  3037
# Detected: 24


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.TweakBit           C:\ProgramData\BSD\DriverHive

***** [ Files ] *****

PUP.Optional.Reimage            C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.DriverUpdatePlus   HKLM\Software\Wow6432Node\BSD
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy             HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Legacy             HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
PUP.Optional.Legacy             HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
PUP.Optional.Reimage            HKCU\Software\Reimage
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine.1
PUP.Optional.Reimage            HKLM\Software\Reimage

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2140 octets] - [26/07/2018 01:25:34]
AdwCleaner[C00].txt - [2068 octets] - [26/07/2018 01:26:47]
AdwCleaner[S01].txt - [6845 octets] - [01/08/2018 21:46:59]
AdwCleaner[C01].txt - [6270 octets] - [01/08/2018 21:51:02]
AdwCleaner[S02].txt - [1506 octets] - [12/09/2018 19:21:27]
AdwCleaner[S03].txt - [2434 octets] - [14/03/2019 00:36:45]
AdwCleaner[C03].txt - [2418 octets] - [14/03/2019 00:37:57]
AdwCleaner[S04].txt - [1689 octets] - [17/03/2019 19:05:21]
AdwCleaner[S05].txt - [1926 octets] - [08/04/2019 21:36:16]
AdwCleaner[C05].txt - [2054 octets] - [08/04/2019 21:37:09]
AdwCleaner[S06].txt - [1872 octets] - [30/04/2019 22:52:04]
AdwCleaner[S07].txt - [3044 octets] - [28/07/2019 04:44:19]
AdwCleaner[C07].txt - [3160 octets] - [28/07/2019 04:56:46]
AdwCleaner[S08].txt - [2131 octets] - [28/07/2019 05:08:08]
AdwCleaner_Debug.log - [5702 octets] - [17/11/2019 16:20:45]
AdwCleaner[S09].txt - [2254 octets] - [17/11/2019 16:24:43]
AdwCleaner[S10].txt - [3328 octets] - [24/01/2020 04:21:06]
AdwCleaner[C10].txt - [3618 octets] - [24/01/2020 04:31:14]
AdwCleaner[S11].txt - [2517 octets] - [12/02/2020 00:27:05]
AdwCleaner[C11].txt - [2707 octets] - [12/02/2020 00:27:21]
AdwCleaner[S12].txt - [2639 octets] - [12/02/2020 01:07:07]
AdwCleaner[S13].txt - [2700 octets] - [15/04/2020 01:23:36]
AdwCleaner[S14].txt - [3681 octets] - [11/06/2020 23:27:04]
AdwCleaner[C14].txt - [3960 octets] - [11/06/2020 23:28:11]
AdwCleaner[S15].txt - [2883 octets] - [17/06/2020 19:47:29]
AdwCleaner[C15].txt - [3290 octets] - [17/06/2020 19:53:07]
AdwCleaner[S16].txt - [3256 octets] - [19/09/2020 22:04:13]
AdwCleaner[C16].txt - [3587 octets] - [19/09/2020 22:04:41]
AdwCleaner[S17].txt - [4656 octets] - [06/10/2020 05:04:52]
AdwCleaner[C17].txt - [3584 octets] - [06/10/2020 05:08:48]
AdwCleaner[S18].txt - [4708 octets] - [29/01/2021 00:24:54]
AdwCleaner[C18].txt - [5256 octets] - [29/01/2021 00:26:26]
AdwCleaner[S19].txt - [3371 octets] - [01/02/2021 20:13:46]
AdwCleaner[S20].txt - [3432 octets] - [12/02/2021 20:10:23]
AdwCleaner[C20].txt - [3839 octets] - [12/02/2021 20:12:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S21].txt ##########

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-11.1 (Local)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    02-20-2021
# Duration: 00:00:04
# OS:       Windows 8.1 Single Language
# Cleaned:  24
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\BSD\DriverHive

***** [ Files ] *****

Deleted       C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\Reimage
Deleted       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKLM\Software\Classes\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\BSD
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted       HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted       HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2140 octets] - [26/07/2018 01:25:34]
AdwCleaner[C00].txt - [2068 octets] - [26/07/2018 01:26:47]
AdwCleaner[S01].txt - [6845 octets] - [01/08/2018 21:46:59]
AdwCleaner[C01].txt - [6270 octets] - [01/08/2018 21:51:02]
AdwCleaner[S02].txt - [1506 octets] - [12/09/2018 19:21:27]
AdwCleaner[S03].txt - [2434 octets] - [14/03/2019 00:36:45]
AdwCleaner[C03].txt - [2418 octets] - [14/03/2019 00:37:57]
AdwCleaner[S04].txt - [1689 octets] - [17/03/2019 19:05:21]
AdwCleaner[S05].txt - [1926 octets] - [08/04/2019 21:36:16]
AdwCleaner[C05].txt - [2054 octets] - [08/04/2019 21:37:09]
AdwCleaner[S06].txt - [1872 octets] - [30/04/2019 22:52:04]
AdwCleaner[S07].txt - [3044 octets] - [28/07/2019 04:44:19]
AdwCleaner[C07].txt - [3160 octets] - [28/07/2019 04:56:46]
AdwCleaner[S08].txt - [2131 octets] - [28/07/2019 05:08:08]
AdwCleaner_Debug.log - [5702 octets] - [17/11/2019 16:20:45]
AdwCleaner[S09].txt - [2254 octets] - [17/11/2019 16:24:43]
AdwCleaner[S10].txt - [3328 octets] - [24/01/2020 04:21:06]
AdwCleaner[C10].txt - [3618 octets] - [24/01/2020 04:31:14]
AdwCleaner[S11].txt - [2517 octets] - [12/02/2020 00:27:05]
AdwCleaner[C11].txt - [2707 octets] - [12/02/2020 00:27:21]
AdwCleaner[S12].txt - [2639 octets] - [12/02/2020 01:07:07]
AdwCleaner[S13].txt - [2700 octets] - [15/04/2020 01:23:36]
AdwCleaner[S14].txt - [3681 octets] - [11/06/2020 23:27:04]
AdwCleaner[C14].txt - [3960 octets] - [11/06/2020 23:28:11]
AdwCleaner[S15].txt - [2883 octets] - [17/06/2020 19:47:29]
AdwCleaner[C15].txt - [3290 octets] - [17/06/2020 19:53:07]
AdwCleaner[S16].txt - [3256 octets] - [19/09/2020 22:04:13]
AdwCleaner[C16].txt - [3587 octets] - [19/09/2020 22:04:41]
AdwCleaner[S17].txt - [4656 octets] - [06/10/2020 05:04:52]
AdwCleaner[C17].txt - [3584 octets] - [06/10/2020 05:08:48]
AdwCleaner[S18].txt - [4708 octets] - [29/01/2021 00:24:54]
AdwCleaner[C18].txt - [5256 octets] - [29/01/2021 00:26:26]
AdwCleaner[S19].txt - [3371 octets] - [01/02/2021 20:13:46]
AdwCleaner[S20].txt - [3432 octets] - [12/02/2021 20:10:23]
AdwCleaner[C20].txt - [3839 octets] - [12/02/2021 20:12:52]
AdwCleaner[S21].txt - [5965 octets] - [20/02/2021 18:17:01]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C21].txt ##########

Otra cosa que percaté es que cuando abro el administrador de tareas, el cpu se encuentra al 99% e inmediatamente baja a 0%; además de que system está usando un 4% de cpu y disco

Hola, buenas.

Trae el log del ESET. El Reimage es un malware de tipo Adware.

Comentas como va la máquina actualmente.

Hola, no me detectó nada, creo que ya estaría limpio. De igual forma el tema del cpu y disco alto al abrir el administrador de tareas sigue; no se si es por algún malware o por el hardware que ya tiene como 7 años

Hola, buenas @Diarasas

He visto tu otro tema con las indicaciones del compañero @frica, quizás ambos problemas puedan estar relacionados. Así que yo en este tema descartaría que tu máquina este libre de malwares que quizás podrían llegar a causar dicho problema. Una vez hayamos solventado/comprobado esto, pues ya seguirias si fuese el caso en el otro tema con el compañero.

De todas formas trae el reporte de ESET que te pedí aunque este, esté limpio. Así como realizas lo siguiente:

0) Descargas FSS a tu escritorio. Ejecutas FSS (presiona clic derecho y seleccionas Ejecutar como Administrador)

Marca todas las opciones que aparezcan marcadas en al siguiente imagen:

Presionas el botón de Scan y esperas a que finalice su análisis.

1) Descarga IFS

• Desactiva tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
• Cierra todos los programas que tengas abiertos.
• Ejecuta IFS.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
• Pulsar en el botón Analizar, y espera a que se realice el proceso. Puede tardar varios minutos.
• Al terminar se abrirá un informe, lo adjuntas en tu próxima respuesta (puedes encontrarlo en C:\IFS.log).
• Habilita nuevamente tu antivirus y cualquier programa de seguridad que tengas activado.

Traes ambos reportes pedidos + el de ESET y comentas como sigue/se comporta el ordenador respecto al problema inicial planteado.

Salu2.

Holaa

Perdón pero el reporte de ESET lo eliminé, el archivos temporales no lo encuentro ¿hago el scan de nuevo?

Subo los reportes de los otros dos FSS.txt (2,9 KB)

[CODE][B]~~~~~~~~~~~| Inicio: [/B]

*IFS (InfoSpyware First Steps) v 1.3
*www.InfoSpyware.com | www.ForoSpyware.com
*Iniciado: 23/02/2021 a las 20h.05m.59s

[B]~~~~~~~~~~~|  Información del Sistema:[/B]

OS: Microsoft Windows 8.1 Single Language x64 
Idioma: Spanish (Argentina) (Argentina|es-AR)
Permisos de Administrador / ON
Windows se Inició en   Modo Normal
Drive: C:\WINDOWS (Install: \Device\HarddiskVolume5)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: LENOVO
CPU Modelo: 20150
Procesador: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (x64-BasedPC)
Memoria RAM: 8 Gb. En Uso: 18 %
Video: Intel(R) HD Graphics 4000
Chip: Intel(R) HD Graphics Family Capacidad video:-1984 MB (Internal)

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|Windows8_OS] - [650.8 Gb][434.2 Gb][216.6 Gb]
D: [FIXED|NTFS|LENOVO] - [25 Gb][19.1 Gb][5.9 Gb]
E: [CDROM]
[COLOR=#FF0000][B]C:\ Fragmentación total 20.00% - Desfragmentar unidad [/B][/COLOR]
D:\ Fragmentación total 0.00% - Correcto

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto
Security Center: Correcto (Servicio Activo)
Windows Update: [COLOR=#FF0000][B]El servicio no está activo[/B][/COLOR] [LST: 2021-02-03 00:44:29][LD: 2021-02-16 21:34:55][LI: 2020-12-16 23:49:03][NDT: 2021-02-24 14:04:52]
AV: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / [COLOR=#FF0000][B]Actualizar[/B][/COLOR]*
AV: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualización vía la Nube*
SP: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / [COLOR=#FF0000][B]Actualizar[/B][/COLOR]*
SP: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualización vía la Nube*
FW: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR]*
FW: Windows Firewall *Habilitado*

[B]~~~~~~~~~~~|  Update Check[/B]

Internet Explorer Versión Instalada 11
Adobe Reader Versión instalada 11.0.17

[B]~~~~~~~~~~~| Process List[/B] 

avp.exe (Kaspersky)

[B]~~~~~~~~~~~| Install Check[/B] 

CCleaner [5.76]

[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run(x64): [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM\Run(x64): [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM\Run: [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKLM\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKLM\Run: [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
Winlogon(x64): Shell = explorer.exe
Winlogon: Shell = explorer.exe
Userinit(x64): Userinit = userinit.exe,
Userinit: Userinit = userinit.exe,

[HKCR\.\.open\command] -> No se pudo obtener la información. 

[B]~~~~~~~~~~~| PUPs Check[/B]

C:\Users\Gastón.idea-PC\AppData\Roaming\dvdvideosoft

[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[20/02/2021 18:28] - C:\WINDOWS\ntbtlog.txt
[20/02/2021 18:28] - C:\WINDOWS\setupact.log
[20/02/2021 18:28] - C:\WINDOWS\setuperr.log
[21/02/2021 12:51] - C:\WINDOWS\wininit.ini
[23/02/2021 19:50] - C:\FSTool

[B]~~~~~~~~~~~| C:\WINDOWS\Tasks:[/B]


[B]~~~~~~~~~~~| End Report[/B]
*Finalizado 20:09:40
*Se limpiaron los archivos temporales
*[1599815] C:\Users\Gastón.idea-PC\Desktop\IFS.exe
*Herramienta de Análisis e investigación [/CODE]

El problema del cpu y disco alto sigue al momento de abrir el administrador de tareas. El system igual, pero oscila

De momento no.

Respecto IFS >> veo que tienes la unidad C con fragmentación, aparte tienes dos antivirus y esto es fatal por la máquina. Si quieres más información: ¿Por qué no es bueno usar dos antivirus a la misma vez? | InfoSpyware

¿Qué antivirus de los dos que tienes es el que utilizas de forma residente/habitual en tu ordenador?

Aparte se ha detectado algún resto de Adware.

EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas).

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.

Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.

1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.

• Realizas un Análisis Personalizado, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:

• Pulsar en “Eliminar Seleccionados” para enviar las infecciones a la cuarentena y Reinicias el ordenador.
• Para acceder posteriormente al informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el informe en tu próxima respuesta.

2) Descarga Adwcleaner en el escritorio.

• Desactiva tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
• Ejecuta Adwcleaner.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
• Pulsar en el botón Analizar Ahora, y espera a que se termine el análisis. Inmediatamente pulsa sobre el botón Iniciar Reparación.
• Espera a que termine y sigue las instrucciones que te aparezcan. Si te pidiera Reiniciar, pues reinicias el ordenador pulsando en Aceptar.
• Si no encuentra nada, pulsa en Omitir Reparación.
• El log lo encontrarás en la pestaña Informes, volviendo a abrir el programa, si es necesario o en la siguiente ubicación: C:\AdwCleaner\Logs\AdwCleaner[C0].txt.
• Para más información aquí te dejo su manual: Manual de Adwcleaner.
• Activa de nuevo tu antivirus y cualquier programa de seguridad que tengas activado.

3) Descarga JunkwareRemoval Tool en el escritorio.

• Ejecuta JRT.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
• Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
• Al finalizar, se guardará el siguiente registro en el escritorio: JRT.txt.

4) Descarga, instala y ejecuta ZHP Cleaner siguiendo su manual, lo descargas, instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

5) Utiliza nuevamente CCleaner tal como te dije en el punto 0.

Pegas los reportes de Malwarebytes, AdwCleaner, JRT y ZHP Cleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

• No realices pasos/acciones que NOSOTROS no te hayamos indicado.
• No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
• No instales NADA (programas/software/complementos/extensiones del navegador…).
• No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
• No realices por tu cuenta otros procedimientos.
• Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

Hola

Estuve instalando y desinstalando muchos antivirus durante todos estos años. Actualmente estoy con el Kaspersky Security Cloud. Veo que sale el Windows defender pero no lo uso, hace mucho seguí tutoriales de como desactivarlo ya que no se podía desinstalar.

Paso reportes:

Malwarebytes

-Detalles del registro-
Fecha del análisis: 23/2/21
Hora del análisis: 23:55
Archivo de registro: cbdc7420-764b-11eb-a9d4-002637bd3942.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1173
Versión del paquete de actualización: 1.0.37421
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: ideaPC\Gastón

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 505466
Amenazas detectadas: 3
Amenazas en cuarentena: 3
Tiempo transcurrido: 1 hr, 30 min, 16 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, , , , , A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Módulo: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, , , , , A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, 1.0.37421, 972A682E10544D0BE833CEF5, dds, 01128759, A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-24-2021
# Duration: 00:00:51
# OS:       Windows 8.1 Single Language
# Scanned:  3723
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S23].txt ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Single Language x64 
Ran by Gast¢n (Administrator) on 24/02/2021 at  2:02:57,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\wininit.ini (File) 


Registry: 0 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/02/2021 at  2:07:35,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHP Cleaner

~ ZHPCleaner v2021.2.23.282 by Nicolas Coolman (2021/02/23)
~ Run by Gastón (Administrator)  (24/02/2021 02:28:01)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Gastón.idea-PC\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Single Language, 64-bit  (Build 9600)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (40)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Users\lnvitado\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences    =>Préférences Chromium
MOVIDO archivo: C:\Program Files (x86)\Skillbrains  =>SUP.Optional.Skillbrains
MOVIDO archivo: C:\Users\Gastón.idea-PC\AppData\Local\Google\Update  =>Heuristic.Suspect


---\\  Registro ( Claves, Valores, Datos) (7)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B09C289-CF1B-4C59-B3A0-08F027A2FBD8}\\DhcpNameServer [Bad : 190.105.0.4 190.105.0.5]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 190.105.0.4 190.105.0.5]  =>Hijacker.Browser
BORRADOS clave*: HKEY_USERS\S-1-5-21-4206844412-3915076-1266158226-1001\SOFTWARE\SkillBrains []  =>SUP.Optional.Skillbrains
BORRADOS clave**: HKCU\Software\SkillBrains []  =>SUP.Optional.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\Installer\Products\FE7BD9E83DD5E994ABA21A3F51A3D48F [Adobe Flash Player 9 ActiveX]  =>Riskware.FlashPlayer
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains []  =>SUP.Optional.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>SUP.Optional.Skillbrains


---\\  Resumen de elementos en su estación de trabajo (5)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/2019/01/sup-skillbrains  =>SUP.Optional.Skillbrains
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/  =>Riskware.FlashPlayer


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 1291
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas





~ End of clean in 00h02mn00s

---\\  Reporte (2)
ZHPCleaner-[S]-24022021-02_23_29.txt
ZHPCleaner-[R]-24022021-02_30_01.txt

Algo que comentar: cuando finalizó el análisis de malwarebytes me pidió reiniciar. Seleccione reiniciar y durante la reiniciada sale la pantalla azul. El código de error no se mostró (solo al final, pero fue muy rápido, menos de un segundo, no pude verlo)

Sobre el tema del cpu y disco, sigue.

Buenos días. Solo un apunte. Para no interferir en un posible futuro análisis de los errores de pantallazos azules, cuando uséis Clenaner, desmarcar la opción de Eliminar Dumps de Memoria. De esta forma se evita eliminar los dump de memoria creados por los pantallazos azules, los cuales necesitaría analizar en caso necesario. ¡Gracias!

Hola, buenas @frica ok lo tendré en cuenta todo y que si en el futuro debo de hacerle ejecutar nuevamente el CCleaner, pero en principio el user ya debe de haber ejecutado CCleaner ya que ya ha traído los logs pedidos. Así que por desgracia si había algún .dmp pues habrá volado. De todas formas, como digo si tiene que volver a usarlo ya se lo indicaré antes.

@Diarasas buenas…

OK.

Respecto Malwarebytes >> OK ha hecho lo que tenía que hacer.

Respecto AdwCleaner >> OK está limpio.

Respecto JRT >> OK ha hecho lo que tenía que hacer.

Respecto ZHP Cleaner >> OK ha hecho lo que tenía que hacer.

OK. Pues es importante de que le facilites dicho informa a @frica en el otro tema para que él te pueda ayudar en este problema de pantallazo azul.

EN BUSCA / ELIMINACIÓN DE MALWARE

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, USB, etc).

0) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.

1) Descarga Kasperky Virus Removal Tool Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y lo realizas tal y como se indica en su manual. En este caso no da reporte alguno, cuando finalice, presionas en la pestaña Report tal y como se indica en su manual y haces una captura de pantalla y la subes.

¿Como subir imágenes al Foro?

2) Realizas un análisis con Dr Web CureIt siguiendo las instrucciones de su manual perfectamente explicadas. Eso sí, descarga Dr web Cure It de: Download Dr.Web CureIt! Free tool to cure your PC from malware

RESTABLECER NAVEGADORES

Restablece todos los navegadores que tengas tal y como se indica en esta guía:

OJO, REALIZA SOLO LA PARTE QUE EMPIEZA EN: PUP/Adware en: Internet Explorer y hacia abajo todos los posts que siguen (PUP/Adware en: Mozilla Firefox, PUP/Adware en: Google Chrome) y si tienes algún navegador como Opera o Safari que no salen en la guía, pues haz procedimientos similares y extrapolas de los navegadores que sí que aparecen.

Guía de cómo eliminar Adwares/PUPs

PRÓXIMA RESPUESTA

Pegas los reportes de Eset Online Scaner, Kasperky Virus Removal Tool (captura), Dr Web CureIt y comentas como va el PC.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

• No realices pasos/acciones que NOSOTROS no te hayamos indicado.
• No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
• No instales NADA (programas/software/complementos/extensiones del navegador…).
• No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
• No realices por tu cuenta otros procedimientos.
• Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

Hola

Ok @frica. Lo “bueno” es que durante estos días me salieron algunos, así que ya lo tendré en cuenta cuando vuelva a usar el ccleaner.

Reportes

Eset Online Scaner

26/02/2021 22:19:55 p.m.
Archivos explorados: 407210
Archivos detectados: 0
Archivos desinfectados: 0
Tiempo total de exploración: 02:20:54
Estado de la exploración: Finalizado

Kasperky virus removal tool

Kaspersky Virus Removal Tool720×376 32.6 KB

Dr Web

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

F:\Thumbs.ms\desktop.ini - quarantined

Total 273379526032 bytes in 455561 files scanned (681717 objects)
Total 455528 files (681625 objects) are clean
Total 1 file are infected
Total 1 file are neutralized
Total 89 files are raised error condition
Scan time is 02:23:58.924

• Los Navegadores fueron restablecidos

• Durante el análisis del ESET se me fue la conexión, el adaptador de red wifi se desconectó, la notebook comenzó a calentarse y se congeló. Esto sucedió dos veces: en una salió pantalla azul y en la otra tuve que apagarlo con el botón.

• Sobre el tema inicial, este sigue.

Saludos y gracias a ambos por su ayuda

Hola, buenas @Diarasas

Respecto Eset Online Scaner > está limpio.

Respecto Kasperky virus removal tool > está limpio.

Respecto Dr Web > ha solventado una infección. Todo y que por lo que veo dice:

Total 89 files are raised error condition

Así que en todo el reporte que es super extenso, busca en alguna parte que diga: Total 89 files are raised error condition y tendrían que acabar con la palabra read error.

Pues traes toda esa parte donde aparezcan los 89 archivos (será así o algo parecido en cuanto a los mensajes que indico).

OK.

OK. Del otro tema trátalo con @frica, aquí solo nos aseguraremos que el equipo este libre de infecciones y ya esta. Que de haber infecciones, pues las había.

EN TU PRÓXIMA RESPUESTA

• Traes las líneas pedidas de Dr web cureit.

Salu2.

Hola, traigo lo pedido, saludos

E: - read error
F:\AUTORUN.INF - read error
C:\WINDOWS\system32\catroot2\edb.log - read error
C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error
C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error
C:\WINDOWS\system32\config\BBI - read error
C:\WINDOWS\system32\config\BBI.LOG1 - read error
C:\WINDOWS\system32\config\BBI.LOG2 - read error
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\DEFAULT.LOG1 - read error
C:\WINDOWS\system32\config\DEFAULT.LOG2 - read error
C:\WINDOWS\system32\config\sam - read error
C:\WINDOWS\system32\config\SAM.LOG1 - read error
C:\WINDOWS\system32\config\SAM.LOG2 - read error
C:\WINDOWS\system32\config\security - read error
C:\WINDOWS\system32\config\SECURITY.LOG1 - read error
C:\WINDOWS\system32\config\SECURITY.LOG2 - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG1 - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG2 - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG1 - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG2 - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\RegBack\DEFAULT - read error
C:\WINDOWS\system32\config\RegBack\SAM - read error
C:\WINDOWS\system32\config\RegBack\SECURITY - read error
C:\WINDOWS\system32\config\RegBack\SOFTWARE - read error
C:\WINDOWS\system32\config\RegBack\SYSTEM - read error

Hola @Diarasas OK.

EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas.

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Ejecuta un Full Análisis con UsbFix y adjuntas su log. Aquí te dejo su manual: Manual de UsbFix , para que sepas como usarlo y configurarlo correctamente. Recuerda conectar todos tus dispositivos extraíbles (USBs, discos duros, Micro SD, etc).

• En caso de detectar amenazas, selecciona todo los elementos detectados y presiona “Limpiar todo”
• Si te pide reiniciar el sistema, Aceptas.
• Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado. Pon el reporte en tu próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio).

Una vez terminado el análisis, con todas las unidades conectadas, vuelve a ejecutar USBFix como Administrador, y vacunas los mismos, siguiendo los pasos del Manual.

Nota: UsbFix creará una carpeta oculta llamada “$RECYCLE.BIN” “autorun.inf” en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimines estas carpetas de ningún lugar en el que se hayan creado, ya que estas ayudará a prevenir y proteger tus dispositivos extraíbles y particiones de futuras infecciones.

1) Manual Malwarebytes Anti-Rootkit Beta sigues las instrucciones de su manual y me traes sus correspondientes Informes de análisis: Mbar-log.txt y System-log.txt tal como se indica en su manual.

2) Descarga, instala y ejecuta TDSKiller de acuerdo a su Manual TDSKiller. Marca todas las casillas (Loaded Modules, Verify file digital signatures y Detect TDLFS file system). Sí te pide reiniciar lo haces, ejecutas de nuevo la herramienta y al marcar nuevamente las casillas que te he dicho, ya te dejara analizar.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

• No realices pasos/acciones que NOSOTROS no te hayamos indicado.
• No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
• No instales NADA (programas/software/complementos/extensiones del navegador…).
• No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
• No realices por tu cuenta otros procedimientos.
• Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

EN TU PRÓXIMA RESPUESTA

• Traes los reportes de UsbFix, Malwarebytes Anti-Rootkit y TDSKiller.
• Comentas el estado en general del ordenador respecto al problema inicial planteado.

Salu2.

Hola, dejo reportes

UsbFix

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Versión : 11.032
# Base de datos :  
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Gastón (Administrador)
# Dispositivo : IDEAPC
# Comenzó : 01/03/2021 19:31:03
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(436GB/651GB)	[Fixed] 
D:\	NTFS	(19GB/25GB)	[Fixed] 
F:\	FAT32	(3GB/7GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

Restorado! F:\System Volume Information_20
Restorado! F:\System Volume Information_24
Restorado! F:\System Volume Information_7
Restorado! F:\System Volume Information_85
Restorado! F:\Thumbs.ms

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\System32\userinit.exe,
04 - HKCU\..\Run : [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKCU\..\Run : [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
04 - HKCU\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKCU\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe  --disable-domain-reliability --disable-features=TabHoverCards,TextFragmentAnchor,AutofillEnableAccountWalletStorage,WebOTP,NotificationTriggers,PasswordCheck,NetworkTimeServiceQuerying,PrivacySettingsRedesign,AutofillServerCommunication,IdleDetection,SignedExchangeSubresourcePrefetch,SafeBrowsingEnhancedProtection --enable-dom-distiller --enable-features=LegacyTLSEnforced,WebUIDarkMode,PrefetchPrivacyChanges,PasswordImport,ReducedReferrerGranularity,AutoupgradeMixedContent,WinrtGeolocationImplementation --extension-content-verification=enforce_strict --extensions-install-verification=enforce --lso-url=https://no-thanks.invalid --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --variations-server-url=https://variations.brave.com/seed --restore-last-session
04 - HKLM\..\Run : [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
04 - [x64] HKLM\..\Run : [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe  --disable-domain-reliability --disable-features=TabHoverCards,TextFragmentAnchor,AutofillEnableAccountWalletStorage,WebOTP,NotificationTriggers,PasswordCheck,NetworkTimeServiceQuerying,PrivacySettingsRedesign,AutofillServerCommunication,IdleDetection,SignedExchangeSubresourcePrefetch,SafeBrowsingEnhancedProtection --enable-dom-distiller --enable-features=LegacyTLSEnforced,WebUIDarkMode,PrefetchPrivacyChanges,PasswordImport,ReducedReferrerGranularity,AutoupgradeMixedContent,WinrtGeolocationImplementation --extension-content-verification=enforce_strict --extensions-install-verification=enforce --lso-url=https://no-thanks.invalid --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --variations-server-url=https://variations.brave.com/seed --restore-last-session
04GS - PdaNet Desktop.lnk : C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
04GS - Acelerador de inicio de AutoCAD.lnk : C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe

------------ | Tasks |

Task - BraveSoftwareUpdateTaskMachineCore --> C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
Task - BraveSoftwareUpdateTaskMachineUA --> C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - Google Updater and Installer --> C:\Users\Gastón\AppData\Local\Google\Update\GoogleUpdate.exe /c
Task - Java Update Scheduler --> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task - Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1001
Task - Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1007
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{D0131F77-8FB7-4A31-BDCA-D4D9306430A7} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[13/06/2020 - 21:28:43 | A | 0 Ko] - DelFix.txt
[12/02/2021 - 21:13:44 | A | 1 Ko] - TDSSKiller.3.1.0.28_12.02.2021_21.13.36_log.txt
[12/02/2021 - 21:25:24 | A | 242 Ko] - TDSSKiller.3.1.0.28_12.02.2021_21.13.47_log.txt
[27/02/2021 - 12:43:38 | D] - Config.Msi
[13/04/2020 - 21:54:10 | A | 0 Ko] - WLAN_Setup.log
[13/09/2020 - 00:30:39 | A | 473 Ko] - LTTS_7-EngineFull.log
[13/09/2020 - 00:31:48 | A | 2353 Ko] - LTTS_7-SDK.log
[13/09/2020 - 00:37:52 | A | 282 Ko] - LTTS_7-Spanish.log
[13/09/2020 - 00:42:38 | A | 273 Ko] - LTTS_7-Carlos_HQ.log
[13/09/2020 - 00:43:08 | A | 275 Ko] - LTTS_7-Jorge_HQ.log
[13/09/2020 - 00:43:44 | A | 273 Ko] - LTTS_7-Soledad_HQ.log
[13/09/2020 - 00:44:45 | A | 273 Ko] - LTTS_7-Carmen_HQ.log
[23/02/2021 - 20:10:52 | A | 4 Ko] - IFS.log
[05/04/2020 - 23:44:41 | D] - autorun.inf
[08/07/2020 - 21:29:33 | N | 12 Ko] - bootsqm.dat
[22/07/2020 - 23:02:26 | A | 0 Ko] - WirelessDiagLog.csv
[22/01/2018 - 21:55:15 | SHD] - $Recycle.Bin
[20/05/2018 - 23:48:53 | A | 0 Ko] - Autoexec.bat
[09/10/2012 - 21:07:57 | RASH | 8 Ko] - BOOTSECT.BAK
[06/03/2017 - 21:26:23 | SHD] - found.000
[26/07/2012 - 00:44:30 | RASH | 389 Ko] - bootmgr
[11/10/2012 - 13:56:46 | SHD] - Boot
[18/06/2013 - 07:42:56 | D] - UserGuidePDF
[18/06/2013 - 09:18:29 | N | 0 Ko] - BOOTNXT
[22/08/2013 - 11:45:52 | SHD] - Documents and Settings
[22/08/2013 - 12:22:35 | D] - PerfLogs
[05/06/2014 - 14:47:46 | SHD] - Archivos de programa
[04/07/2014 - 03:58:16 | D] - sources
[24/12/2014 - 23:06:47 | D] - Cos
[25/12/2014 - 00:37:39 | D] - Spacekace
[12/01/2015 - 15:15:12 | SHD] - Recovery
[12/01/2015 - 16:08:04 | A | 0 Ko] - asc_rdflag
[24/03/2015 - 20:45:08 | D] - OETemp
[25/10/2015 - 14:45:07 | D] - Python27
[21/12/2015 - 13:56:07 | D] - Intel
[04/09/2016 - 21:49:40 | AH | 0 Ko] - 864D1D4926C0
[04/09/2016 - 21:49:40 | N | 0 Ko] - 8EB7F86C9C33
[22/01/2018 - 21:54:23 | D] - Users
[22/04/2018 - 05:43:37 | SHD] - 82ace7d6-0197-474d-bf4b-a2043e72329b
[26/07/2018 - 01:26:43 | D] - AdwCleaner
[06/01/2019 - 20:43:53 | RHD] - MSOCache
[17/03/2019 - 19:37:43 | D] - Laxify
[13/09/2019 - 03:30:44 | AD] - adb
[09/02/2020 - 00:34:31 | HD] - VTRoot
[12/02/2020 - 19:46:28 | D] - KVRT_Data
[01/03/2020 - 22:29:11 | D] - Tmp
[25/04/2020 - 08:05:07 | AH | 0 Ko] - D85A4D11DAC1
[03/05/2020 - 22:08:47 | D] - temp
[25/06/2020 - 19:56:22 | D] - RegBackup
[22/07/2020 - 22:23:16 | D] - SWTOOLS
[20/09/2020 - 02:17:20 | D] - drivers
[29/01/2021 - 00:43:54 | D] - FRST
[23/02/2021 - 20:09:44 | D] - FSTool
[23/02/2021 - 23:42:26 | D] - Program Files
[27/02/2021 - 02:59:57 | D] - KVRT2020_Data
[27/02/2021 - 16:36:49 | HD] - ProgramData
[27/02/2021 - 16:38:04 | AD] - Windows
[01/03/2021 - 19:27:49 | RD] - Program Files (x86)

------------ | D:\ - Disco fijo (NTFS) |

[05/04/2020 - 23:44:41 | D] - autorun.inf
[17/01/2018 - 01:34:40 | SHD] - $RECYCLE.BIN
[18/06/2013 - 07:55:59 | D] - drivers
[04/07/2014 - 03:24:42 | D] - Application
[17/08/2014 - 17:28:39 | D] - Lenovo
[09/04/2016 - 20:13:58 | D] - Drivers Backup
[22/04/2018 - 05:43:37 | SHD] - Recovery
[20/09/2020 - 04:46:32 | D] - Archivos de descargas

------------ | F:\ - Disco extraíble (FAT32) |

[22/10/2020 - 13:59:34 | A | 78 Ko] - Parte B - Tabla.xlsx
[28/10/2014 - 15:52:14 | A | 5589 Ko] - ~WRL1584.tmp
[24/02/2021 - 01:42:16 | D] - Thumbs.ms
[24/02/2021 - 01:42:18 | SH | 0 Ko] - desktop.ini
[25/08/2017 - 19:13:52 | H | 0 Ko] - AUTORUN.INF
[01/03/2021 - 17:54:26 | A | 17 Ko] - DETALLES PERÍODO DE INTENSIFICACIÓN.docx
[02/11/2014 - 23:47:38 | D] - Archivos Wxp
[03/05/2020 - 12:39:14 | D] - Traccion de Acero
[30/03/2019 - 03:57:18 | D] - Mis fotos

Elemento(s) infectado(s) : 5
Elementos analizados : 69076 en 00h 00m 10s

# UsbFix-Report-01.txt [9920B]

------------ | E.O.F  |

Malwarebytes Anti-Rootkit

Mbar-log-txt

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2021.03.01.09
  rootkit: v2021.03.01.09

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.19867
Gastón :: IDEAPC [administrator]

01/03/2021 07:41:52 p.m.
mbar-log-2021-03-01 (19-41-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 289820
Time elapsed: 54 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.19867

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8449183744, free: 7304851456

Downloaded database version: v2021.03.01.09
Downloaded database version: v2021.03.01.09
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     03/01/2021 19:41:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\SeLow_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\system32\DRIVERS\ts_athrx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\system32\drivers\logi_joy_bus_enum.sys
\SystemRoot\system32\drivers\logi_joy_xlcore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\WINDOWS\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\logi_joy_vir_hid.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\DRIVERS\ssudbus.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\ssudmdm.sys
\SystemRoot\system32\drivers\modem.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\467354ED.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.03.01.09
  rootkit: v2021.03.01.09

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00070d29460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00070d28260, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00070d287f0, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe00070d29460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0006fc94060, DeviceName: \Device\00000034\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 3D63DBBB

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 557227010
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid 8a6fbf67-6428-4b64-a144-4de0a2a0277
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 557227010
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid 8a6fbf67-6428-4b64-a144-4de0a2a0277
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 7bd11e14-143d-476c-8bbf-561493cebe3c
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 983f6af-3b1a-4770-9cac-f46686e769b6
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 4ae1054f-40a3-4877-984a-302d58bab285
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 401fe5ff-9af7-421a-b349-43e9652dc58a
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 297f597b-2b62-4ee1-b171-461449dd12d8
    FirstLBA 4892672  Last LBA 1369853951
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eba66397-d88a-473c-b213-8e2e62d352b
    FirstLBA 1369853952  Last LBA 1370775551
    Attributes 1
    Partition Name                                     

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 22b1f3e6-1f36-4e08-a8f5-3c477b463f96
    FirstLBA 1370775552  Last LBA 1423204351
    Attributes 0
    Partition Name                 Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID efd4189c-d2ed-48d6-b668-a86d2592e284
    FirstLBA 1423204352  Last LBA 1465147391
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe000742a2270, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000757e9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000742a2270, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000751921b0, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1FA605C6

Partition information:

    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 15130017
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 7747397632 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt (672,5 KB)

Saludos!

Hola @Diarasas

Disculpa que haya tardado en contestar.

Respecto a UsbFix >> ha detectado algunos elementos infectados del disco extraíble. Pero ha hecho lo que tenía que hacer.

Respecto Malwarebytes Anti-Rootkit >> esta límpio.

Respecto TDSKiller >> ha detectado algunas cosas, pero he visto que en todas ellas o bien te decía SKIP o tu mismo has puesto algunos en SKIP. ¿Verdad? Pues si hace falta ya investigaremos más sobre estos, ya que podrían ser falsos positivos y simplemente que los detecte como sospechosos por falta de una firma válida por parte de estos o bien menos probable, pero tampoco imposible de que no sean falsos positivos.

Comenta como sigue el ordenador y seguimos.

Salu2.

Hola, no pasa nada

Respecto al TDSkiller, el skip estaba por defecto, lo dejé así siguiendo lo que decía el manual.

El problema persiste

Hola @Diarasas

Es decir el problema que sigue es este:

O este otro:

Es decir todo y que recuerdo bastante el problema. Refréscame un poco la memoria y dime ahora exactamente cuál de esos sigue siendo el problema.

¿También has realizado a día de hoy cosas que te haya dicho @frica del otro tema que te esta él ayudando?

Salu2.

Hola, ambos.

Y no, no hice nada de frica del otro tema ya que me habías dicho que no era bueno hacer ambas cosas al mismo tiempo, que prosiga con el otro una vez que se haya verificado que no haya nada de malwares

OK entendido @Diarasas

Desactivas tu antivirus Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). ¿Cómo saber si mi Windows es de 32 o 64 bits.?

Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

Farbar Recovery Scan Tool

1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.

4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

• No realices pasos/acciones que NOSOTROS no te hayamos indicado.
• No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
• No instales NADA (programas/software/complementos/extensiones del navegador…).
• No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
• No realices por tu cuenta otros procedimientos.
• Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

Muy Importante Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

report703×272 3.73 KB

Salu2.

Hola, dejo los reportes, saludos

FRST

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 28-02-2021
Ejecutado por Gastón (administrador) sobre IDEAPC (LENOVO 20150) (04-03-2021 20:00:12)
Ejecutado desde C:\Users\Gastón.idea-PC\Desktop
Perfiles cargados: Gastón
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Español (España, internacional)
Navegador predeterminado: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [Archivo no firmado]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792272 2021-02-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2166216 2021-02-24] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [STUISpeedLauncher] => "C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe" -speedlauncher -minVer:6.6.58.0
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [52240 2016-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\WINDOWS\system32\nitrolocalmon2.dll [29704 2012-12-13] (Nitro PDF Software -> Nitro PDF Software)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [31256 2016-09-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\89.1.21.73\Installer\chrmstp.exe [2021-03-03] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acelerador de inicio de AutoCAD.lnk [2016-06-16]
ShortcutTarget: Acelerador de inicio de AutoCAD.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc -> Autodesk, Inc)
Startup: C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2021-02-20]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
BootExecute: autocheck autochk * sdnclean64.exe
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {0813AF20-659B-4445-9E56-BB8FC5CF3346} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0CE4F5A8-F4CA-45E4-AC54-6834A43B5988} - System32\Tasks\Microsoft\Windows\PLA\WPPTracingSession => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "WPPTracingSession" "$(Arg0)"
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {11E4D3ED-D620-4FD8-AF84-A6B789DA242D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {139788A8-F7FD-4B88-BC47-F66A3AC2EFCD} - System32\Tasks\UsbFix Monitor => C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe [1239176 2020-12-02] (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> )
Task: {1808EBE6-33B6-4E4B-AC95-DF54ACD237EE} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1ACBE919-7AC7-4EFB-A076-17E61FB13151} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B1C8F00-FA30-49C9-8A04-B4F9FBEEB9B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {2EA21998-14F2-44C7-946A-1070CFA87DCF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {2FDCE8D8-DC52-4CBD-897C-FDE12823E88E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineCore" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineUA" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Java Update Scheduler" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {67A9884E-E842-4593-AA7F-A3C9388232A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F69A34-524B-4901-92FD-05FBDD8D0C08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8626F4D6-2AE4-4526-AF36-E08513EFCD54} - System32\Tasks\Google Updater and Installer => C:\Users\Gastón\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-12] (Google Inc -> Google Inc.)
Task: {88A4F2D3-5D09-4C2D-945D-E8041C360C09} - System32\Tasks\UsbFix Boot Scan => C:\Program Files (x86)\UsbFix\UsbFix.exe [2053256 2020-12-02] (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> )
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {9D080B6F-914C-4B49-8F56-68CE7D609E7F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F982064-3372-400C-B7A8-EE8DFA35BDFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A93978FA-15D9-4C85-BE53-CE2788E74212} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABC584C4-7B63-4D2E-8686-B9777D34D832} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {ECA9C953-9493-41ED-8707-CBE0E969D7A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C4FD96-1DB7-43F1-B0F0-7C94A9AB7D97} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 190.105.0.4 190.105.0.5
Tcpip\..\Interfaces\{5C517605-40D6-45EB-BF01-0EF24F14546E}: [NameServer] 10.129.132.1
Tcpip\..\Interfaces\{6FA458E3-03A5-460E-85BC-F581433F1F05}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8B09C289-CF1B-4C59-B3A0-08F027A2FBD8}: [DhcpNameServer] 190.105.0.4 190.105.0.5

FireFox:
========
FF ProfilePath: C:\Users\Gastón.idea-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4JP5qivp.default [2021-02-20]
FF Extension: (Avira Password Manager) - C:\Users\Gastón.idea-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4JP5qivp.default\Extensions\[email protected] [2020-04-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [Ningún archivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-08-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-4206844412-3915076-1266158226-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gastón.idea-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Gastón.idea-PC\AppData\Local\Google\Chrome\User Data\Default [2021-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gastón.idea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-10-06]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-03-04]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Video Downloader professional) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]
BRA Extension: (Secure Bookmarks) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\leocjgngiajhfiikjolfhcpiokgbinep [2020-07-21]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-20]
BRA Extension: (Brave User Model Installer) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\ahiocclicnhmiobhocikfdamfccbehhn [2020-12-20]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-03-04]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-11-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\golcdmhaefcpmdoofahgnhnfldidgjfl [2021-03-04]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-20]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-02]
BRA Extension: (Origin Trials Updates) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\OriginTrials [2020-10-02]
BRA Extension: (Brave Ad Block Updater (EasyList Spanish)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\pdecoifadfkklajdlmndjpkhabpklldh [2021-03-04]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-06-21] (Autodesk, Inc -> Autodesk)
S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-21] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10897296 2021-02-22] (Logitech Inc -> Logitech, Inc.)
S4 LmpcService; C:\Program Files\Lock My PC 4\LmpcServ.exe [52592 2007-06-12] (FSPro Labs -> )
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software -> Nitro PDF Software)
S4 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [70152 2012-12-13] (Nitro PDF Software -> Nalpeiron Ltd.)
S3 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [508488 2018-04-25] (HP Inc. -> )
S4 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-04-11] (Samsung Electronics CO., LTD. -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Archivo no firmado]

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [195584 2011-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [44640 2014-04-22] (AVAST Software a.s. -> The OpenVPN Project)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 fwdrv; C:\WINDOWS\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart -> Web Solution Mart)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-05-14] (Martin Malik - REALiX -> REALiX(tm))
S1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_arkmon_F72F513E; C:\ProgramData\Kaspersky Lab\AVP21.3\Temp\F72F513E72BB3F8E3F39DFAA1323484A\klupd_klif_arkmon.sys [230976 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-22] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2021-02-22] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2021-02-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2021-02-22] (Logitech Inc -> Logitech)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58280 2018-07-27] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [38432 2018-03-10] (SoftEther Corporation -> SoftEther Corporation)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
S3 phantomtap; C:\WINDOWS\system32\DRIVERS\phantomtap.sys [35664 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [50888 2018-06-09] (SoftEther Corporation -> SoftEther Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\system32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\system32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 TS_ARN5416; C:\WINDOWS\system32\DRIVERS\ts_athrx.sys [3508584 2017-05-11] (TamoSoft Ltd -> TamoSoft)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29576 2020-08-02] (WireGuard LLC -> WireGuard LLC)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
U4 amdlog; no ImagePath
U4 autotimesvc; no ImagePath
U4 BcastDVRUserService; no ImagePath
U2 camsvc; no ImagePath
U4 CaptureService; no ImagePath
U2 cbdhsvc; no ImagePath
U4 CDPUserSvc; no ImagePath
U2 ConsentUxUserSvc; no ImagePath
U4 CscService; no ImagePath
U2 DeviceAssociationBrokerSvc; no ImagePath
U2 DevicePickerUserSvc; no ImagePath
U2 DevicesFlowUserSvc; no ImagePath
U4 diagnosticshub.standardcollector.service; no ImagePath
U4 diagsvc; no ImagePath
U4 dmwappushservice; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 DsSvc; no ImagePath
U4 DusmSvc; no ImagePath
U4 edgeupdate; no ImagePath
U4 edgeupdatem; no ImagePath
U4 FrameServer; no ImagePath
U4 icssvc; no ImagePath
U4 IpxlatCfgSvc; no ImagePath
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U4 MapsBroker; no ImagePath
U4 MessagingService; no ImagePath
U4 MicrosoftEdgeElevationService; no ImagePath
U4 NfsClnt; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U4 perceptionsimulation; no ImagePath
U4 PhoneSvc; no ImagePath
U4 PimIndexMaintenanceSvc; no ImagePath
U4 RetailDemo; no ImagePath
U4 RmSvc; no ImagePath
U4 SEMgrSvc; no ImagePath
U4 SensorDataService; no ImagePath
U4 SensorService; no ImagePath
U4 SharedRealitySvc; no ImagePath
U4 shpamsvc; no ImagePath
U4 ssh-agent; no ImagePath
U4 TroubleshootingSvc; no ImagePath
U4 tzautoupdate; no ImagePath
U2 UnistoreSvc; no ImagePath
U4 UserDataSvc; no ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\Gastón.idea-PC\AppData\Local\Temp\tmpDD75.tmp [X] <==== ATENCIÓN
U4 wisvc; no ImagePath
U4 WpcMonSvc; no ImagePath

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-03-04 20:00 - 2021-03-04 20:01 - 000031680 _____ C:\Users\Gastón.idea-PC\Desktop\FRST.txt
2021-03-04 19:57 - 2021-03-04 19:57 - 000009307 _____ C:\Users\Gastón.idea-PC\Desktop\UsbFix_Report.txt
2021-03-04 19:55 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-03-04 19:55 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-03-04 19:12 - 2021-03-04 19:12 - 002301440 _____ (Farbar) C:\Users\Gastón.idea-PC\Desktop\FRST64.exe
2021-03-01 21:54 - 2021-03-01 21:54 - 000688640 _____ C:\Users\Gastón.idea-PC\Desktop\TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt
2021-03-01 20:49 - 2021-03-01 20:55 - 000688640 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt
2021-03-01 20:41 - 2021-03-01 20:42 - 000009290 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.41.30_log.txt
2021-03-01 20:41 - 2021-03-01 20:41 - 000009124 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.41.18_log.txt
2021-03-01 20:40 - 2021-03-01 20:41 - 000000562 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.40.58_log.txt
2021-03-01 19:41 - 2021-03-01 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\467354ED.sys
2021-03-01 19:40 - 2021-03-01 20:39 - 000000000 ____D C:\Users\Gastón.idea-PC\Desktop\mbar
2021-03-01 19:31 - 2021-03-01 19:35 - 000009668 _____ C:\Users\Gastón.idea-PC\Desktop\UsbFix.txt
2021-03-01 19:27 - 2021-03-04 19:56 - 000001906 _____ C:\Users\Public\Desktop\UsbFix Anti-Malware.lnk
2021-03-01 19:27 - 2021-03-04 19:56 - 000001906 _____ C:\ProgramData\Desktop\UsbFix Anti-Malware.lnk
2021-03-01 19:27 - 2021-03-01 19:27 - 000003208 _____ C:\WINDOWS\system32\Tasks\UsbFix Monitor
2021-03-01 19:27 - 2021-03-01 19:27 - 000003206 _____ C:\WINDOWS\system32\Tasks\UsbFix Boot Scan
2021-03-01 19:27 - 2021-03-01 19:27 - 000000000 ____D C:\Program Files (x86)\UsbFix
2021-03-01 19:09 - 2021-03-01 19:09 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Gastón.idea-PC\Desktop\mbar-1.10.3.1001.exe
2021-03-01 19:09 - 2021-03-01 19:09 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Gastón.idea-PC\Desktop\tdsskiller.exe
2021-03-01 19:09 - 2021-03-01 19:09 - 004868504 _____ (SOSVirus) C:\Users\Gastón.idea-PC\Desktop\UsbFix_2020.exe
2021-02-27 03:01 - 2021-02-27 03:02 - 238184200 _____ C:\Users\Gastón.idea-PC\Desktop\kv1pvqjq.exe
2021-02-27 02:59 - 2021-02-27 02:59 - 000000000 ____D C:\KVRT2020_Data
2021-02-27 02:56 - 2021-02-27 02:56 - 100704688 _____ (AO Kaspersky Lab) C:\Users\Gastón.idea-PC\Desktop\KVRT.exe
2021-02-26 20:54 - 2021-02-27 01:52 - 000000576 _____ C:\Users\Gastón.idea-PC\Desktop\ESET Online Scanner.lnk
2021-02-26 20:53 - 2021-02-26 20:53 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Gastón.idea-PC\Desktop\esetonlinescanner.exe
2021-02-24 03:06 - 2021-03-04 19:57 - 000575950 _____ C:\WINDOWS\ntbtlog.txt
2021-02-24 02:33 - 2021-02-24 02:33 - 000000608 _____ C:\Users\Gastón.idea-PC\Desktop\cc_20210224_023308.reg
2021-02-24 02:10 - 2021-02-24 02:30 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\ZHP
2021-02-24 02:10 - 2021-02-24 02:10 - 000000895 _____ C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner.lnk
2021-02-24 02:10 - 2021-02-24 02:10 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\ZHP
2021-02-23 23:53 - 2021-02-23 23:53 - 000006618 _____ C:\Users\Gastón.idea-PC\Desktop\cc_20210223_235311.reg
2021-02-23 23:44 - 2021-02-23 23:45 - 003324568 _____ (Nicolas Coolman) C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner.exe
2021-02-23 23:44 - 2021-02-23 23:44 - 001790024 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\JRT.exe
2021-02-23 23:43 - 2021-02-23 23:44 - 008463216 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\adwcleaner_8.1.exe
2021-02-23 23:42 - 2021-02-23 23:42 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-23 23:41 - 2021-02-23 23:41 - 002084016 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\MBSetup.exe
2021-02-23 23:20 - 2021-03-02 16:32 - 000024982 _____ C:\Users\Gastón.idea-PC\Desktop\PROFESOReset.txt
2021-02-23 19:50 - 2021-02-23 20:09 - 000000000 ____D C:\FSTool
2021-02-22 20:42 - 2021-03-04 19:59 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\LGHUB
2021-02-22 20:42 - 2021-03-04 19:54 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\LGHUB
2021-02-22 20:42 - 2021-02-22 20:42 - 000000718 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-02-22 20:42 - 2021-02-22 20:42 - 000000718 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-22 20:42 - 2021-02-22 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-22 20:42 - 2021-02-22 20:42 - 000000000 ____D C:\Program Files\LGHUB
2021-02-22 20:40 - 2021-02-22 20:40 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2021-02-22 20:40 - 2021-02-22 20:40 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2021-02-22 20:40 - 2021-02-22 20:40 - 000026672 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2021-02-22 20:39 - 2021-02-22 20:42 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-20 17:40 - 2021-02-20 18:17 - 000000000 ____D C:\ProgramData\BSD
2021-02-20 15:15 - 2021-02-20 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2021-02-20 15:15 - 2021-02-20 15:15 - 000000000 ____D C:\Program Files (x86)\PdaNet for Android
2021-02-20 15:15 - 2011-11-25 01:25 - 000015360 _____ (June Fabrics Technology Inc.) C:\WINDOWS\system32\Drivers\pneteth.sys
2021-02-12 21:13 - 2021-02-12 21:25 - 000247654 _____ C:\TDSSKiller.3.1.0.28_12.02.2021_21.13.47_log.txt
2021-02-12 21:13 - 2021-02-12 21:13 - 000000562 _____ C:\TDSSKiller.3.1.0.28_12.02.2021_21.13.36_log.txt
2021-02-12 20:13 - 2021-02-12 20:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3153729B.sys
2021-02-12 04:16 - 2021-02-12 04:16 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\ESET
2021-02-06 17:59 - 2021-02-06 17:59 - 000000000 _____ C:\Users\Gastón.idea-PC\AppData\Local\{98D9E10F-DDCB-469D-B4F6-02657790FD20}
2021-02-02 06:11 - 2021-02-02 06:11 - 000002048 _____ C:\Users\Gastón.idea-PC\Desktop\Memory Cleaner.lnk
2021-02-02 06:11 - 2021-02-02 06:11 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\KoshyJohn.com
2021-02-02 06:11 - 2021-02-02 06:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-03-04 20:00 - 2019-11-22 23:43 - 000000000 ____D C:\FRST
2021-03-04 19:58 - 2014-06-12 11:44 - 000003592 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1001
2021-03-04 19:57 - 2020-04-27 03:54 - 000000000 ____D C:\Program Files\Common Files\AV
2021-03-04 19:57 - 2017-11-28 02:38 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-03-04 19:57 - 2014-07-05 00:25 - 000000000 ____D C:\Program Files\CCleaner
2021-03-04 19:56 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
2021-03-04 19:56 - 2013-08-22 10:25 - 000262144 _____ C:\WINDOWS\system32\config\ELAM
2021-03-04 19:55 - 2012-07-26 05:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-04 19:53 - 2015-01-12 20:05 - 000000000 __SHD C:\Users\Gastón\IntelGraphicsProfiles
2021-03-04 19:52 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-04 18:13 - 2021-01-21 05:23 - 000001232 _____ C:\Users\Gastón.idea-PC\Desktop\Roblox Studio.lnk
2021-03-04 18:13 - 2019-09-21 21:44 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-03-03 21:32 - 2020-09-13 00:45 - 000000000 ____D C:\Users\Gastón.idea-PC\.Loquendo
2021-03-03 20:48 - 2015-12-26 22:42 - 000000000 ____D C:\Users\Gastón.idea-PC\Documents\Camtasia Studio
2021-03-03 20:45 - 2020-07-22 02:39 - 000002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-03 20:45 - 2020-07-22 02:39 - 000002329 _____ C:\Users\Public\Desktop\Brave.lnk
2021-03-03 20:45 - 2020-07-22 02:39 - 000002329 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-01 20:39 - 2017-07-30 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-03-01 16:52 - 2015-01-12 19:27 - 000000000 ____D C:\Users\Gastón.idea-PC
2021-02-28 17:37 - 2017-01-19 16:25 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\Nitro PDF
2021-02-28 16:14 - 2017-07-10 01:21 - 000000000 ____D C:\ProgramData\Doctor Web
2021-02-27 01:34 - 2018-04-29 22:14 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-26 20:54 - 2014-09-24 12:25 - 001104098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-26 20:54 - 2014-09-24 11:40 - 000164164 _____ C:\WINDOWS\system32\perfc00A.dat
2021-02-26 20:54 - 2014-09-24 11:40 - 000090690 _____ C:\WINDOWS\system32\perfh00A.dat
2021-02-24 02:29 - 2015-01-12 18:29 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\Google
2021-02-23 23:52 - 2015-02-13 20:13 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-23 23:52 - 2012-07-26 05:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-23 23:26 - 2020-07-22 02:36 - 000003474 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-02-23 23:26 - 2014-07-05 00:25 - 000002806 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-02-23 23:26 - 2014-06-21 18:14 - 000003704 _____ C:\WINDOWS\system32\Tasks\Java Update Scheduler
2021-02-23 23:25 - 2020-07-22 02:36 - 000003346 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-02-23 19:25 - 2020-04-14 04:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-02-22 20:42 - 2015-12-31 00:46 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\CrashDumps
2021-02-22 20:38 - 2016-04-10 02:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-22 16:44 - 2017-09-09 21:42 - 000007597 _____ C:\Users\Gastón.idea-PC\AppData\Local\Resmon.ResmonCfg
2021-02-21 12:51 - 2019-06-17 03:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-02-21 12:51 - 2017-01-07 20:39 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-02-21 12:51 - 2015-01-12 20:19 - 000000000 ___RD C:\Users\Gastón.idea-PC\Desktop\UT
2021-02-21 01:01 - 2018-09-16 18:39 - 000000132 _____ C:\Users\Gastón.idea-PC\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2021-02-20 17:47 - 2013-08-22 10:25 - 000000259 _____ C:\WINDOWS\win.ini
2021-02-16 18:56 - 2015-01-12 18:04 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\Packages
2021-02-16 18:34 - 2014-10-08 02:15 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-12 20:13 - 2020-06-10 21:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 07:24 - 2013-06-18 07:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-02-12 07:23 - 2016-04-05 23:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2021-02-05 17:58 - 2013-08-22 10:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI

==================== Archivos en la raíz de algunos directorios ========

2007-10-04 12:00 - 2007-10-04 12:00 - 000003134 __RSH () C:\Program Files (x86)\Common Files\Logo.ico
2018-03-10 18:49 - 2018-03-10 18:49 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\fv3_input
2019-11-09 18:22 - 2019-11-09 18:46 - 000000141 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\jjv5conf.json
2018-09-16 18:39 - 2021-02-21 01:01 - 000000132 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2017-12-26 20:45 - 2018-01-04 05:00 - 000000013 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\rbx_hook
2015-10-02 18:31 - 2015-10-02 18:31 - 000001167 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.1.txt
2015-10-02 18:43 - 2015-10-02 18:43 - 000000905 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.txt
2015-10-02 18:31 - 2015-10-02 18:43 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-12-26 20:45 - 2017-12-31 16:10 - 000000024 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\version
2015-11-22 12:28 - 2015-11-22 12:28 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\F999.tmp
2019-04-18 20:51 - 2019-04-18 20:51 - 000001111 _____ () C:\Users\Gastón.idea-PC\AppData\Local\gamma_ramp.reg
2019-07-24 22:07 - 2019-07-25 18:53 - 001313336 _____ (Roblox Corporation) C:\Users\Gastón.idea-PC\AppData\Local\Installer.exe
2017-09-09 21:42 - 2021-02-22 16:44 - 000007597 _____ () C:\Users\Gastón.idea-PC\AppData\Local\Resmon.ResmonCfg
2015-01-16 03:29 - 2015-01-16 03:29 - 000000003 _____ () C:\Users\Gastón.idea-PC\AppData\Local\updater.log
2015-04-24 22:56 - 2020-10-22 07:10 - 000000424 _____ () C:\Users\Gastón.idea-PC\AppData\Local\UserProducts.xml
2020-07-23 02:44 - 2020-07-23 02:44 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{3AA36954-D573-4BC4-8233-7EE0A681818B}
2021-02-06 17:59 - 2021-02-06 17:59 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{98D9E10F-DDCB-469D-B4F6-02657790FD20}
2015-05-22 15:47 - 2015-05-22 15:47 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{A508A5A3-761F-428E-8BB0-9DAE1C482C92}
2017-01-20 20:10 - 2017-01-20 20:10 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{EC9B42B7-A186-4455-AE3A-F9BCE67525D6}

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2021-03-04 18:35
==================== Final de FRST.txt ========================