Virus detectados ¿quedan rastros?

Hola, buenas @Diarasas

He visto tu otro tema con las indicaciones del compañero @frica, quizás ambos problemas puedan estar relacionados. Así que yo en este tema descartaría que tu máquina este libre de malwares que quizás podrían llegar a causar dicho problema. Una vez hayamos solventado/comprobado esto, pues ya seguirias si fuese el caso en el otro tema con el compañero.

De todas formas trae el reporte de ESET que te pedí aunque este, esté limpio. Así como realizas lo siguiente:

0) Descargas FSS a tu escritorio. Ejecutas FSS (presiona clic derecho y seleccionas Ejecutar como Administrador)

Marca todas las opciones que aparezcan marcadas en al siguiente imagen:

Captura de pantalla de 2021-02-14 02-32-57

Presionas el botón de Scan y esperas a que finalice su análisis.

1) Descarga IFS

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
  • Cierra todos los programas que tengas abiertos.
  • Ejecuta IFS.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar, y espera a que se realice el proceso. Puede tardar varios minutos.
  • Al terminar se abrirá un informe, lo adjuntas en tu próxima respuesta (puedes encontrarlo en C:\IFS.log).
  • Habilita nuevamente tu antivirus y cualquier programa de seguridad que tengas activado.

Traes ambos reportes pedidos + el de ESET y comentas como sigue/se comporta el ordenador respecto al problema inicial planteado.

Salu2.

Holaa

Perdón pero el reporte de ESET lo eliminé, el archivos temporales no lo encuentro ¿hago el scan de nuevo?

Subo los reportes de los otros dos FSS.txt (2,9 KB)


[CODE][B]~~~~~~~~~~~| Inicio: [/B]

*IFS (InfoSpyware First Steps) v 1.3
*www.InfoSpyware.com | www.ForoSpyware.com
*Iniciado: 23/02/2021 a las 20h.05m.59s

[B]~~~~~~~~~~~|  Información del Sistema:[/B]

OS: Microsoft Windows 8.1 Single Language x64 
Idioma: Spanish (Argentina) (Argentina|es-AR)
Permisos de Administrador / ON
Windows se Inició en   Modo Normal
Drive: C:\WINDOWS (Install: \Device\HarddiskVolume5)

[B]~~~~~~~~~~~| Arquitectura Fisica:[/B]

CPU: LENOVO
CPU Modelo: 20150
Procesador: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz (x64-BasedPC)
Memoria RAM: 8 Gb. En Uso: 18 %
Video: Intel(R) HD Graphics 4000
Chip: Intel(R) HD Graphics Family Capacidad video:-1984 MB (Internal)

[B]~~~~~~~~~~~| Unidades[/B]

C: [FIXED|NTFS|Windows8_OS] - [650.8 Gb][434.2 Gb][216.6 Gb]
D: [FIXED|NTFS|LENOVO] - [25 Gb][19.1 Gb][5.9 Gb]
E: [CDROM]
[COLOR=#FF0000][B]C:\ Fragmentación total 20.00% - Desfragmentar unidad [/B][/COLOR]
D:\ Fragmentación total 0.00% - Correcto

[B]~~~~~~~~~~~| Seguridad del SO[/B]

SafeBoot: Inicio en Modo seguro Correcto
Security Center: Correcto (Servicio Activo)
Windows Update: [COLOR=#FF0000][B]El servicio no está activo[/B][/COLOR] [LST: 2021-02-03 00:44:29][LD: 2021-02-16 21:34:55][LI: 2020-12-16 23:49:03][NDT: 2021-02-24 14:04:52]
AV: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / [COLOR=#FF0000][B]Actualizar[/B][/COLOR]*
AV: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualización vía la Nube*
SP: Windows Defender *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / [COLOR=#FF0000][B]Actualizar[/B][/COLOR]*
SP: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR] / Actualización vía la Nube*
FW: Kaspersky Security Cloud *[COLOR=#FF0000][B]Protección Residente [OFF][/B][/COLOR]*
FW: Windows Firewall *Habilitado*

[B]~~~~~~~~~~~|  Update Check[/B]

Internet Explorer Versión Instalada 11
Adobe Reader Versión instalada 11.0.17

[B]~~~~~~~~~~~| Process List[/B] 

avp.exe (Kaspersky)

[B]~~~~~~~~~~~| Install Check[/B] 

CCleaner [5.76]

[B]~~~~~~~~~~~| Registry Check[/B]

HKLM\Run(x64): [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
HKLM\Run(x64): [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\Run: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
HKLM\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
HKLM\Run: [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
HKLM\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
HKLM\Run: [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
Winlogon(x64): Shell = explorer.exe
Winlogon: Shell = explorer.exe
Userinit(x64): Userinit = userinit.exe,
Userinit: Userinit = userinit.exe,

[HKCR\.\.open\command] -> No se pudo obtener la información. 

[B]~~~~~~~~~~~| PUPs Check[/B]

C:\Users\Gastón.idea-PC\AppData\Roaming\dvdvideosoft

[B]~~~~~~~~~~~| Listado 7 Días (Predeterminado)[/B]

[20/02/2021 18:28] - C:\WINDOWS\ntbtlog.txt
[20/02/2021 18:28] - C:\WINDOWS\setupact.log
[20/02/2021 18:28] - C:\WINDOWS\setuperr.log
[21/02/2021 12:51] - C:\WINDOWS\wininit.ini
[23/02/2021 19:50] - C:\FSTool

[B]~~~~~~~~~~~| C:\WINDOWS\Tasks:[/B]


[B]~~~~~~~~~~~| End Report[/B]
*Finalizado 20:09:40
*Se limpiaron los archivos temporales
*[1599815] C:\Users\Gastón.idea-PC\Desktop\IFS.exe
*Herramienta de Análisis e investigación [/CODE]

El problema del cpu y disco alto sigue al momento de abrir el administrador de tareas. El system igual, pero oscila

De momento no.

Respecto IFS >> veo que tienes la unidad C con fragmentación, aparte tienes dos antivirus y esto es fatal por la máquina. Si quieres más información: ¿Por qué no es bueno usar dos antivirus a la misma vez? | InfoSpyware

¿Qué antivirus de los dos que tienes es el que utilizas de forma residente/habitual en tu ordenador?

Aparte se ha detectado algún resto de Adware.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas).

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Descarga Ccleaner Aquí te dejo su manual: Manual de CCleaner , para que sepas como usarlo y configurarlo correctamente.

Lo instalas y lo ejecutas. En la pestaña Limpieza personalizada dejas la configuración predeterminada. Haces clic en Analizar y esperas a que termine. Seguidamente haz clic en Ejecutar Limpiador. Clic en la pestaña Registro > clic en Buscar Problemas esperas que termine. Finalmente clic en Reparar Seleccionadas y realizas una Copia de Seguridad del registro de Windows.

1) Descarga, instala, actualiza y ejecuta Malwarebytes’ Anti-Malware. Aquí te dejo su manual: Manual de Malwarebytes, para que sepas como usarlo y configurarlo correctamente.

  • Realizas un Análisis Personalizado, marcando Todas las casillas de la Derecha y de la Izquierda, actualizando si te lo pide. Es decir: conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas, incluida la que me has dicho anteriormente y marcas todas las unidades de disco disponibles y las siguientes casillas:

1. Analizar objetos en memoria

2. Analizar configuracion de inicio y registro

3. Analizar dentro de los archivos

  • Pulsar en “Eliminar Seleccionados” para enviar las infecciones a la cuarentena y Reinicias el ordenador.
  • Para acceder posteriormente al informe del análisis te diriges a: Informes >> Registro de análisis >> pulsas en Exportar >> Copiar al Portapapeles y pones el informe en tu próxima respuesta.

2) Descarga Adwcleaner en el escritorio.

  • Desactiva tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.
  • Ejecuta Adwcleaner.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Pulsar en el botón Analizar Ahora, y espera a que se termine el análisis. Inmediatamente pulsa sobre el botón Iniciar Reparación.
  • Espera a que termine y sigue las instrucciones que te aparezcan. Si te pidiera Reiniciar, pues reinicias el ordenador pulsando en Aceptar.
  • Si no encuentra nada, pulsa en Omitir Reparación.
  • El log lo encontrarás en la pestaña Informes, volviendo a abrir el programa, si es necesario o en la siguiente ubicación: C:\AdwCleaner\Logs\AdwCleaner[C0].txt.
  • Para más información aquí te dejo su manual: Manual de Adwcleaner.
  • Activa de nuevo tu antivirus y cualquier programa de seguridad que tengas activado.

3) Descarga JunkwareRemoval Tool en el escritorio.

  • Ejecuta JRT.exe (Si usas Windows Vista/7/8 u 10 presiona clic derecho y selecciona “Ejecutar como Administrador.”)
  • Presiona cualquier tecla para continuar y espera pacientemente a que termine su proceso.
  • Al finalizar, se guardará el siguiente registro en el escritorio: JRT.txt.

4) Descarga, instala y ejecuta ZHP Cleaner siguiendo su manual, lo descargas, instalas y ejecutas. Cuando termine, elimina todo lo que encuentre.

5) Utiliza nuevamente CCleaner tal como te dije en el punto 0.

Pegas los reportes de Malwarebytes, AdwCleaner, JRT y ZHP Cleaner y comentas como va el problema inicial planteado por el cual abriste este tema. También responde a las preguntas que te haya realizado a lo largo de este Post.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

Hola

Estuve instalando y desinstalando muchos antivirus durante todos estos años. Actualmente estoy con el Kaspersky Security Cloud. Veo que sale el Windows defender pero no lo uso, hace mucho seguí tutoriales de como desactivarlo ya que no se podía desinstalar.

Paso reportes:

Malwarebytes

-Detalles del registro-
Fecha del análisis: 23/2/21
Hora del análisis: 23:55
Archivo de registro: cbdc7420-764b-11eb-a9d4-002637bd3942.json

-Información del software-
Versión: 4.3.0.98
Versión de los componentes: 1.0.1173
Versión del paquete de actualización: 1.0.37421
Licencia: Prueba

-Información del sistema-
SO: Windows 8.1
CPU: x64
Sistema de archivos: NTFS
Usuario: ideaPC\Gastón

-Resumen del análisis-
Tipo de análisis: Análisis personalizado
Análisis iniciado por:: Manual
Resultado: Completado
Objetos analizados: 505466
Amenazas detectadas: 3
Amenazas en cuarentena: 3
Tiempo transcurrido: 1 hr, 30 min, 16 seg

-Opciones de análisis-
Memoria: Activado
Inicio: Activado
Sistema de archivos: Activado
Archivo: Activado
Rootkits: Desactivado
Heurística: Activado
PUP: Detectar
PUM: Detectar

-Detalles del análisis-
Proceso: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, , , , , A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Módulo: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, , , , , A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Clave del registro: 0
(No hay elementos maliciosos detectados)

Valor del registro: 0
(No hay elementos maliciosos detectados)

Datos del registro: 0
(No hay elementos maliciosos detectados)

Secuencia de datos: 0
(No hay elementos maliciosos detectados)

Carpeta: 0
(No hay elementos maliciosos detectados)

Archivo: 1
Malware.AI.3895709429, F:\LOCKDIR.EXE, En cuarentena, 1000000, 0, 1.0.37421, 972A682E10544D0BE833CEF5, dds, 01128759, A6AA7644F80AED71B1817F5F3D6DD396, 1E7F6F5F87CC694AF060BA2467CC7AB6812422049AF3E504923B8CCB365040F4

Sector físico: 0
(No hay elementos maliciosos detectados)

WMI: 0
(No hay elementos maliciosos detectados)


(end)

AdwCleaner

# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    02-24-2021
# Duration: 00:00:51
# OS:       Windows 8.1 Single Language
# Scanned:  3723
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S23].txt ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 8.1 Single Language x64 
Ran by Gast¢n (Administrator) on 24/02/2021 at  2:02:57,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 1 

Successfully deleted: C:\WINDOWS\wininit.ini (File) 


Registry: 0 



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/02/2021 at  2:07:35,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ZHP Cleaner

~ ZHPCleaner v2021.2.23.282 by Nicolas Coolman (2021/02/23)
~ Run by Gastón (Administrator)  (24/02/2021 02:28:01)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Reparar
~ Report : C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\Gastón.idea-PC\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ System Restore Point : OK
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Single Language, 64-bit  (Build 9600)


---\\  Alternate Data Stream (ADS). (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Servicios (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Navegadores de Internet (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Hosts carpeta (1)
~ El archivo hosts es legítimo (40)


---\\  Tareas automáticas programadas. (0)
~ No malintencionados o innecesarios artículos encontrados.


---\\  Explorador ( Archivos, Carpetas ) (3)
MOVIDO carpeta: C:\Users\lnvitado\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Preferences    =>Préférences Chromium
MOVIDO archivo: C:\Program Files (x86)\Skillbrains  =>SUP.Optional.Skillbrains
MOVIDO archivo: C:\Users\Gastón.idea-PC\AppData\Local\Google\Update  =>Heuristic.Suspect


---\\  Registro ( Claves, Valores, Datos) (7)
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8B09C289-CF1B-4C59-B3A0-08F027A2FBD8}\\DhcpNameServer [Bad : 190.105.0.4 190.105.0.5]  =>Hijacker.Browser
BORRADOS dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 190.105.0.4 190.105.0.5]  =>Hijacker.Browser
BORRADOS clave*: HKEY_USERS\S-1-5-21-4206844412-3915076-1266158226-1001\SOFTWARE\SkillBrains []  =>SUP.Optional.Skillbrains
BORRADOS clave**: HKCU\Software\SkillBrains []  =>SUP.Optional.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Classes\Installer\Products\FE7BD9E83DD5E994ABA21A3F51A3D48F [Adobe Flash Player 9 ActiveX]  =>Riskware.FlashPlayer
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains []  =>SUP.Optional.Skillbrains
BORRADOS clave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>SUP.Optional.Skillbrains


---\\  Resumen de elementos en su estación de trabajo (5)
https://nicolascoolman.eu/forum/Topic/repaquetage-et-infection/  =>Préférences Chromium
https://nicolascoolman.eu/2019/01/sup-skillbrains  =>SUP.Optional.Skillbrains
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser
https://nicolascoolman.eu/forum/Topic/flashplayer-logiciel-a-risque-riskware/  =>Riskware.FlashPlayer


---\\ Limpieza adicional. (5)
~ Clave de registro Tracing borrados (5)
~ Quitar los antiguos informes de ZHPCleaner. (0)


---\\ Resultado de la reparación.
~ Reparación llevada a cabo con éxito
~ Internet Explorer OK


---\\ STATISTIQUES
~ Items escaneado : 1291
~ Items encontrado : 0
~ artículos cancelados : 0
~ Ahorro de espacio (bytes) : 0
~ Items opciones : 9/17


---\\ OPCIONES NO ACTIVAS
~ Análisis temporal de archivos
~ Análisis temporal de carpetas
~ Análisis de CLSID de carpetas vacías
~ Vaciar otro análisis de carpetas
~ Análisis de carpetas locales vacías
~ Análisis de carpetas locales vacías
~ Análisis de archivos de instalación obsoleto
~ Iniciar navegadores con extensiones eliminadas





~ End of clean in 00h02mn00s

---\\  Reporte (2)
ZHPCleaner-[S]-24022021-02_23_29.txt
ZHPCleaner-[R]-24022021-02_30_01.txt

Algo que comentar: cuando finalizó el análisis de malwarebytes me pidió reiniciar. Seleccione reiniciar y durante la reiniciada sale la pantalla azul. El código de error no se mostró (solo al final, pero fue muy rápido, menos de un segundo, no pude verlo)

Sobre el tema del cpu y disco, sigue.

Buenos días. Solo un apunte. Para no interferir en un posible futuro análisis de los errores de pantallazos azules, cuando uséis Clenaner, desmarcar la opción de Eliminar Dumps de Memoria. De esta forma se evita eliminar los dump de memoria creados por los pantallazos azules, los cuales necesitaría analizar en caso necesario. ¡Gracias!

Hola, buenas @frica ok lo tendré en cuenta todo y que si en el futuro debo de hacerle ejecutar nuevamente el CCleaner, pero en principio el user ya debe de haber ejecutado CCleaner ya que ya ha traído los logs pedidos. Así que por desgracia si había algún .dmp pues habrá volado. De todas formas, como digo si tiene que volver a usarlo ya se lo indicaré antes.

@Diarasas buenas…

OK.

Respecto Malwarebytes >> OK ha hecho lo que tenía que hacer.

Respecto AdwCleaner >> OK está limpio.

Respecto JRT >> OK ha hecho lo que tenía que hacer.

Respecto ZHP Cleaner >> OK ha hecho lo que tenía que hacer.

OK. Pues es importante de que le facilites dicho informa a @frica en el otro tema para que él te pueda ayudar en este problema de pantallazo azul.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, USB, etc).

0) Descarga Eset Online Scaner Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y realizas un Análisis Personalizado tal y como se indica en su manual. Me traes su reporte.

1) Descarga Kasperky Virus Removal Tool Manual de Uso y realizas un análisis del PC, lee detalladamente las instrucciones y lo realizas tal y como se indica en su manual. En este caso no da reporte alguno, cuando finalice, presionas en la pestaña Report tal y como se indica en su manual y haces una captura de pantalla y la subes.

¿Como subir imágenes al Foro?

2) Realizas un análisis con Dr Web CureIt siguiendo las instrucciones de su manual perfectamente explicadas. Eso sí, descarga Dr web Cure It de: Download Dr.Web CureIt! free of charge

:two: RESTABLECER NAVEGADORES

Restablece todos los navegadores que tengas tal y como se indica en esta guía:

OJO, REALIZA SOLO LA PARTE QUE EMPIEZA EN: PUP/Adware en: Internet Explorer y hacia abajo todos los posts que siguen (PUP/Adware en: Mozilla Firefox, PUP/Adware en: Google Chrome) y si tienes algún navegador como Opera o Safari que no salen en la guía, pues haz procedimientos similares y extrapolas de los navegadores que sí que aparecen.

Guía de cómo eliminar Adwares/PUPs

:three: PRÓXIMA RESPUESTA

Pegas los reportes de Eset Online Scaner, Kasperky Virus Removal Tool (captura), Dr Web CureIt y comentas como va el PC.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

1 me gusta

Hola

Ok @frica. Lo “bueno” es que durante estos días me salieron algunos, así que ya lo tendré en cuenta cuando vuelva a usar el ccleaner.

Reportes

Eset Online Scaner

26/02/2021 22:19:55 p.m.
Archivos explorados: 407210
Archivos detectados: 0
Archivos desinfectados: 0
Tiempo total de exploración: 02:20:54
Estado de la exploración: Finalizado

Kasperky virus removal tool

Dr Web

-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------

F:\Thumbs.ms\desktop.ini - quarantined

Total 273379526032 bytes in 455561 files scanned (681717 objects)
Total 455528 files (681625 objects) are clean
Total 1 file are infected
Total 1 file are neutralized
Total 89 files are raised error condition
Scan time is 02:23:58.924
  • Los Navegadores fueron restablecidos

  • Durante el análisis del ESET se me fue la conexión, el adaptador de red wifi se desconectó, la notebook comenzó a calentarse y se congeló. Esto sucedió dos veces: en una salió pantalla azul y en la otra tuve que apagarlo con el botón.

  • Sobre el tema inicial, este sigue.

Saludos y gracias a ambos por su ayuda

Hola, buenas @Diarasas

Respecto Eset Online Scaner > está limpio.

Respecto Kasperky virus removal tool > está limpio.

Respecto Dr Web > ha solventado una infección. Todo y que por lo que veo dice:

Total 89 files are raised error condition

Así que en todo el reporte que es super extenso, busca en alguna parte que diga: Total 89 files are raised error condition y tendrían que acabar con la palabra read error.

Pues traes toda esa parte donde aparezcan los 89 archivos (será así o algo parecido en cuanto a los mensajes que indico).

OK.

OK. Del otro tema trátalo con @frica, aquí solo nos aseguraremos que el equipo este libre de infecciones y ya esta. Que de haber infecciones, pues las había.

EN TU PRÓXIMA RESPUESTA

  • Traes las líneas pedidas de Dr web cureit.

Salu2.

Hola, traigo lo pedido, saludos

E: - read error
F:\AUTORUN.INF - read error
C:\WINDOWS\system32\catroot2\edb.log - read error
C:\WINDOWS\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb - read error
C:\WINDOWS\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb - read error
C:\WINDOWS\system32\config\BBI - read error
C:\WINDOWS\system32\config\BBI.LOG1 - read error
C:\WINDOWS\system32\config\BBI.LOG2 - read error
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\DEFAULT.LOG1 - read error
C:\WINDOWS\system32\config\DEFAULT.LOG2 - read error
C:\WINDOWS\system32\config\sam - read error
C:\WINDOWS\system32\config\SAM.LOG1 - read error
C:\WINDOWS\system32\config\SAM.LOG2 - read error
C:\WINDOWS\system32\config\security - read error
C:\WINDOWS\system32\config\SECURITY.LOG1 - read error
C:\WINDOWS\system32\config\SECURITY.LOG2 - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG1 - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG2 - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG1 - read error
C:\WINDOWS\system32\config\SOFTWARE.LOG2 - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\RegBack\DEFAULT - read error
C:\WINDOWS\system32\config\RegBack\SAM - read error
C:\WINDOWS\system32\config\RegBack\SECURITY - read error
C:\WINDOWS\system32\config\RegBack\SOFTWARE - read error
C:\WINDOWS\system32\config\RegBack\SYSTEM - read error

Hola @Diarasas OK.

:one: EN BUSCA / ELIMINACIÓN DE MALWARE

(Mantén conectados todos tus dispositivos externos que tengas como: USBs, discos duros externos, etc).

Por favor, descarga todo el software de los enlaces que pongo/de sus respectivos manuales.

Ahora ejecutarás una serie de herramientas respetando el orden los pasos con todos los programas cerrados incluidos los navegadores.

Conectas todos tus dispositivos externos (todos los discos duros externos que tengas, así como todas las USB que tengas.

Realiza los pasos que te pongo a continuación, sin cambiar el orden y síguelos al pie de la letra:

0) Ejecuta un Full Análisis con UsbFix y adjuntas su log. Aquí te dejo su manual: Manual de UsbFix , para que sepas como usarlo y configurarlo correctamente. Recuerda conectar todos tus dispositivos extraíbles (USBs, discos duros, Micro SD, etc).

  • En caso de detectar amenazas, selecciona todo los elementos detectados y presiona “Limpiar todo
  • Si te pide reiniciar el sistema, Aceptas.
  • Una vez que se reinicie el equipo, se abrirá el reporte de USBFix indicando lo detectado y lo eliminado. Pon el reporte en tu próxima respuesta (en caso de que no se abra, el reporte se guarda con el nombre de UsbFix_Report.txt en el Escritorio).

Una vez terminado el análisis, con todas las unidades conectadas, vuelve a ejecutar USBFix como Administrador, y vacunas los mismos, siguiendo los pasos del Manual.

Nota: UsbFix creará una carpeta oculta llamada “$RECYCLE.BIN” “autorun.inf” en cada partición y cada unidad USB que se encuentre conectado al momento de ejecutar este. No elimines estas carpetas de ningún lugar en el que se hayan creado, ya que estas ayudará a prevenir y proteger tus dispositivos extraíbles y particiones de futuras infecciones.

1) Manual Malwarebytes Anti-Rootkit Beta sigues las instrucciones de su manual y me traes sus correspondientes Informes de análisis: Mbar-log.txt y System-log.txt tal como se indica en su manual.

2) Descarga, instala y ejecuta TDSKiller de acuerdo a su Manual TDSKiller. Marca todas las casillas (Loaded Modules, Verify file digital signatures y Detect TDLFS file system). Sí te pide reiniciar lo haces, ejecutas de nuevo la herramienta y al marcar nuevamente las casillas que te he dicho, ya te dejara analizar.

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

EN TU PRÓXIMA RESPUESTA

  • Traes los reportes de UsbFix, Malwarebytes Anti-Rootkit y TDSKiller.
  • Comentas el estado en general del ordenador respecto al problema inicial planteado.

Salu2.

Hola, dejo reportes

UsbFix

# ----------------------------------------------------
# UsbFix Antivirus Premium
# ----------------------------------------------------
# Versión : 11.032
# Base de datos :  
# Contacto : https://www.usb-antivirus.com/es/contacto
# ----------------------------------------------------
# Tipo de escaneo : Full
# Usuario : Gastón (Administrador)
# Dispositivo : IDEAPC
# Comenzó : 01/03/2021 19:31:03
# ----------------------------------------------------

------------ | Discos analizados |

C:\	NTFS	(436GB/651GB)	[Fixed] 
D:\	NTFS	(19GB/25GB)	[Fixed] 
F:\	FAT32	(3GB/7GB)	[Removable] 

------------ | Elemento(s) infectado(s) |

Restorado! F:\System Volume Information_20
Restorado! F:\System Volume Information_24
Restorado! F:\System Volume Information_7
Restorado! F:\System Volume Information_85
Restorado! F:\Thumbs.ms

------------ | Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\WINDOWS\System32\userinit.exe,
04 - HKCU\..\Run : [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
04 - HKCU\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKCU\..\Run : [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
04 - HKCU\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKCU\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe  --disable-domain-reliability --disable-features=TabHoverCards,TextFragmentAnchor,AutofillEnableAccountWalletStorage,WebOTP,NotificationTriggers,PasswordCheck,NetworkTimeServiceQuerying,PrivacySettingsRedesign,AutofillServerCommunication,IdleDetection,SignedExchangeSubresourcePrefetch,SafeBrowsingEnhancedProtection --enable-dom-distiller --enable-features=LegacyTLSEnforced,WebUIDarkMode,PrefetchPrivacyChanges,PasswordImport,ReducedReferrerGranularity,AutoupgradeMixedContent,WinrtGeolocationImplementation --extension-content-verification=enforce_strict --extensions-install-verification=enforce --lso-url=https://no-thanks.invalid --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --variations-server-url=https://variations.brave.com/seed --restore-last-session
04 - HKLM\..\Run : [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
04 - [x64] HKLM\..\Run : [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /t
04 - [x64] HKLM\..\Run : [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [f.lux] "C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\Run : [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
04 - HKU\S-1-5-21-4206844412-3915076-1266158226-1001\..\RunOnce : [Application Restart #0] C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe  --disable-domain-reliability --disable-features=TabHoverCards,TextFragmentAnchor,AutofillEnableAccountWalletStorage,WebOTP,NotificationTriggers,PasswordCheck,NetworkTimeServiceQuerying,PrivacySettingsRedesign,AutofillServerCommunication,IdleDetection,SignedExchangeSubresourcePrefetch,SafeBrowsingEnhancedProtection --enable-dom-distiller --enable-features=LegacyTLSEnforced,WebUIDarkMode,PrefetchPrivacyChanges,PasswordImport,ReducedReferrerGranularity,AutoupgradeMixedContent,WinrtGeolocationImplementation --extension-content-verification=enforce_strict --extensions-install-verification=enforce --lso-url=https://no-thanks.invalid --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=https://sync-v2.brave.com/v2 --variations-server-url=https://variations.brave.com/seed --restore-last-session
04GS - PdaNet Desktop.lnk : C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
04GS - Acelerador de inicio de AutoCAD.lnk : C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe

------------ | Tasks |

Task - BraveSoftwareUpdateTaskMachineCore --> C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
Task - BraveSoftwareUpdateTaskMachineUA --> C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
Task - CCleaner Update --> C:\Program Files\CCleaner\CCUpdate.exe
Task - CCleanerSkipUAC --> "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Task - Google Updater and Installer --> C:\Users\Gastón\AppData\Local\Google\Update\GoogleUpdate.exe /c
Task - Java Update Scheduler --> C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task - Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1001
Task - Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1007
Task - UsbFix Boot Scan --> "C:\Program Files (x86)\UsbFix\UsbFix.exe" -scanonstart
Task - UsbFix Monitor --> "C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe"
Task - User_Feed_Synchronization-{D0131F77-8FB7-4A31-BDCA-D4D9306430A7} --> C:\WINDOWS\system32\msfeedssync.exe sync

------------ | C:\ %SystemDrive% - Disco fijo (NTFS) |

[13/06/2020 - 21:28:43 | A | 0 Ko] - DelFix.txt
[12/02/2021 - 21:13:44 | A | 1 Ko] - TDSSKiller.3.1.0.28_12.02.2021_21.13.36_log.txt
[12/02/2021 - 21:25:24 | A | 242 Ko] - TDSSKiller.3.1.0.28_12.02.2021_21.13.47_log.txt
[27/02/2021 - 12:43:38 | D] - Config.Msi
[13/04/2020 - 21:54:10 | A | 0 Ko] - WLAN_Setup.log
[13/09/2020 - 00:30:39 | A | 473 Ko] - LTTS_7-EngineFull.log
[13/09/2020 - 00:31:48 | A | 2353 Ko] - LTTS_7-SDK.log
[13/09/2020 - 00:37:52 | A | 282 Ko] - LTTS_7-Spanish.log
[13/09/2020 - 00:42:38 | A | 273 Ko] - LTTS_7-Carlos_HQ.log
[13/09/2020 - 00:43:08 | A | 275 Ko] - LTTS_7-Jorge_HQ.log
[13/09/2020 - 00:43:44 | A | 273 Ko] - LTTS_7-Soledad_HQ.log
[13/09/2020 - 00:44:45 | A | 273 Ko] - LTTS_7-Carmen_HQ.log
[23/02/2021 - 20:10:52 | A | 4 Ko] - IFS.log
[05/04/2020 - 23:44:41 | D] - autorun.inf
[08/07/2020 - 21:29:33 | N | 12 Ko] - bootsqm.dat
[22/07/2020 - 23:02:26 | A | 0 Ko] - WirelessDiagLog.csv
[22/01/2018 - 21:55:15 | SHD] - $Recycle.Bin
[20/05/2018 - 23:48:53 | A | 0 Ko] - Autoexec.bat
[09/10/2012 - 21:07:57 | RASH | 8 Ko] - BOOTSECT.BAK
[06/03/2017 - 21:26:23 | SHD] - found.000
[26/07/2012 - 00:44:30 | RASH | 389 Ko] - bootmgr
[11/10/2012 - 13:56:46 | SHD] - Boot
[18/06/2013 - 07:42:56 | D] - UserGuidePDF
[18/06/2013 - 09:18:29 | N | 0 Ko] - BOOTNXT
[22/08/2013 - 11:45:52 | SHD] - Documents and Settings
[22/08/2013 - 12:22:35 | D] - PerfLogs
[05/06/2014 - 14:47:46 | SHD] - Archivos de programa
[04/07/2014 - 03:58:16 | D] - sources
[24/12/2014 - 23:06:47 | D] - Cos
[25/12/2014 - 00:37:39 | D] - Spacekace
[12/01/2015 - 15:15:12 | SHD] - Recovery
[12/01/2015 - 16:08:04 | A | 0 Ko] - asc_rdflag
[24/03/2015 - 20:45:08 | D] - OETemp
[25/10/2015 - 14:45:07 | D] - Python27
[21/12/2015 - 13:56:07 | D] - Intel
[04/09/2016 - 21:49:40 | AH | 0 Ko] - 864D1D4926C0
[04/09/2016 - 21:49:40 | N | 0 Ko] - 8EB7F86C9C33
[22/01/2018 - 21:54:23 | D] - Users
[22/04/2018 - 05:43:37 | SHD] - 82ace7d6-0197-474d-bf4b-a2043e72329b
[26/07/2018 - 01:26:43 | D] - AdwCleaner
[06/01/2019 - 20:43:53 | RHD] - MSOCache
[17/03/2019 - 19:37:43 | D] - Laxify
[13/09/2019 - 03:30:44 | AD] - adb
[09/02/2020 - 00:34:31 | HD] - VTRoot
[12/02/2020 - 19:46:28 | D] - KVRT_Data
[01/03/2020 - 22:29:11 | D] - Tmp
[25/04/2020 - 08:05:07 | AH | 0 Ko] - D85A4D11DAC1
[03/05/2020 - 22:08:47 | D] - temp
[25/06/2020 - 19:56:22 | D] - RegBackup
[22/07/2020 - 22:23:16 | D] - SWTOOLS
[20/09/2020 - 02:17:20 | D] - drivers
[29/01/2021 - 00:43:54 | D] - FRST
[23/02/2021 - 20:09:44 | D] - FSTool
[23/02/2021 - 23:42:26 | D] - Program Files
[27/02/2021 - 02:59:57 | D] - KVRT2020_Data
[27/02/2021 - 16:36:49 | HD] - ProgramData
[27/02/2021 - 16:38:04 | AD] - Windows
[01/03/2021 - 19:27:49 | RD] - Program Files (x86)

------------ | D:\ - Disco fijo (NTFS) |

[05/04/2020 - 23:44:41 | D] - autorun.inf
[17/01/2018 - 01:34:40 | SHD] - $RECYCLE.BIN
[18/06/2013 - 07:55:59 | D] - drivers
[04/07/2014 - 03:24:42 | D] - Application
[17/08/2014 - 17:28:39 | D] - Lenovo
[09/04/2016 - 20:13:58 | D] - Drivers Backup
[22/04/2018 - 05:43:37 | SHD] - Recovery
[20/09/2020 - 04:46:32 | D] - Archivos de descargas

------------ | F:\ - Disco extraíble (FAT32) |

[22/10/2020 - 13:59:34 | A | 78 Ko] - Parte B - Tabla.xlsx
[28/10/2014 - 15:52:14 | A | 5589 Ko] - ~WRL1584.tmp
[24/02/2021 - 01:42:16 | D] - Thumbs.ms
[24/02/2021 - 01:42:18 | SH | 0 Ko] - desktop.ini
[25/08/2017 - 19:13:52 | H | 0 Ko] - AUTORUN.INF
[01/03/2021 - 17:54:26 | A | 17 Ko] - DETALLES PERÍODO DE INTENSIFICACIÓN.docx
[02/11/2014 - 23:47:38 | D] - Archivos Wxp
[03/05/2020 - 12:39:14 | D] - Traccion de Acero
[30/03/2019 - 03:57:18 | D] - Mis fotos

Elemento(s) infectado(s) : 5
Elementos analizados : 69076 en 00h 00m 10s

# UsbFix-Report-01.txt [9920B]

------------ | E.O.F  |

Malwarebytes Anti-Rootkit

Mbar-log-txt

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org

Database version:
  main:    v2021.03.01.09
  rootkit: v2021.03.01.09

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.19867
Gastón :: IDEAPC [administrator]

01/03/2021 07:41:52 p.m.
mbar-log-2021-03-01 (19-41-52).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 289820
Time elapsed: 54 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System-log.txt

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.19867

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 8449183744, free: 7304851456

Downloaded database version: v2021.03.01.09
Downloaded database version: v2021.03.01.09
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
     03/01/2021 19:41:42
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\SeLow_x64.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\system32\DRIVERS\VBoxNetLwf.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
\SystemRoot\system32\DRIVERS\VBoxDrv.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\system32\DRIVERS\tap0901.sys
\SystemRoot\system32\DRIVERS\pneteth.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\TeeDriverx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C63x64.sys
\SystemRoot\system32\DRIVERS\ts_athrx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\system32\drivers\logi_joy_bus_enum.sys
\SystemRoot\system32\drivers\logi_joy_xlcore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\RtsUVStor.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\??\C:\WINDOWS\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\logi_joy_vir_hid.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\DRIVERS\ssudbus.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\SystemRoot\system32\DRIVERS\ssudmdm.sys
\SystemRoot\system32\drivers\modem.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\467354ED.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2021.03.01.09
  rootkit: v2021.03.01.09

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe00070d29460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe00070d28260, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe00070d287f0, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xffffe00070d29460, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0006fc94060, DeviceName: \Device\00000034\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\rndismp6.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BthLEEnum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 3D63DBBB

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 557227010
    GPT Header CurrentLba = 1 BackupLba 1465149167
    GPT Header FirstUsableLba 34  LastUsableLba 1465149134
    GPT Header Guid 8a6fbf67-6428-4b64-a144-4de0a2a0277
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 557227010
    Backup GPT header CurrentLba = 1465149167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1465149134
    Backup GPT header Guid 8a6fbf67-6428-4b64-a144-4de0a2a0277
    Backup GPT header Contains 128 partition entries starting at LBA 1465149135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 7bd11e14-143d-476c-8bbf-561493cebe3c
    FirstLBA 2048  Last LBA 2050047
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 983f6af-3b1a-4770-9cac-f46686e769b6
    FirstLBA 2050048  Last LBA 2582527
    Attributes 1
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
    Partition ID 4ae1054f-40a3-4877-984a-302d58bab285
    FirstLBA 2582528  Last LBA 4630527
    Attributes 1
    Partition Name                 Basic data partition

    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 401fe5ff-9af7-421a-b349-43e9652dc58a
    FirstLBA 4630528  Last LBA 4892671
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 297f597b-2b62-4ee1-b171-461449dd12d8
    FirstLBA 4892672  Last LBA 1369853951
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID eba66397-d88a-473c-b213-8e2e62d352b
    FirstLBA 1369853952  Last LBA 1370775551
    Attributes 1
    Partition Name                                     

    Partition 6 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 22b1f3e6-1f36-4e08-a8f5-3c477b463f96
    FirstLBA 1370775552  Last LBA 1423204351
    Attributes 0
    Partition Name                 Basic data partition

    Partition 7 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID efd4189c-d2ed-48d6-b668-a86d2592e284
    FirstLBA 1423204352  Last LBA 1465147391
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe000742a2270, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000757e9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000742a2270, DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000751921b0, DeviceName: \Device\00000083\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1FA605C6

Partition information:

    Partition 0 type is Other (0xb)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 15130017
    Partition is not bootable
    Partition file system is FAT32

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 7747397632 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rfcomm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHLEENUM.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthpan.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\bthport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BTHUSB.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\COMPOSITEBUS.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usb80236.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)
File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)
File "C:\Windows\System32\BthHFSrv.dll" is compressed (flags = 1)
File "C:\Windows\System32\CIRCoInst.dll" is compressed (flags = 1)
File "C:\Windows\System32\fsquirt.exe" is compressed (flags = 1)
File "C:\Windows\System32\streamci.dll" is compressed (flags = 1)
File "C:\Windows\System32\SysFxUI.dll" is compressed (flags = 1)
File "C:\Windows\System32\WMALFXGFXDSP.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtp.dll" is compressed (flags = 1)
File "C:\Windows\System32\WpdMtpUS.dll" is compressed (flags = 1)
File "C:\Windows\System32\iscsilog.dll" is compressed (flags = 1)
File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)
File "C:\Windows\System32\drivers\rndismp6.sys" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt (672,5 KB)

Saludos!

Hola @Diarasas

Disculpa que haya tardado en contestar.

Respecto a UsbFix >> ha detectado algunos elementos infectados del disco extraíble. Pero ha hecho lo que tenía que hacer.

Respecto Malwarebytes Anti-Rootkit >> esta límpio.

Respecto TDSKiller >> ha detectado algunas cosas, pero he visto que en todas ellas o bien te decía SKIP o tu mismo has puesto algunos en SKIP. ¿Verdad? Pues si hace falta ya investigaremos más sobre estos, ya que podrían ser falsos positivos y simplemente que los detecte como sospechosos por falta de una firma válida por parte de estos o bien menos probable, pero tampoco imposible de que no sean falsos positivos.

Comenta como sigue el ordenador y seguimos.

Salu2.

Hola, no pasa nada

Respecto al TDSkiller, el skip estaba por defecto, lo dejé así siguiendo lo que decía el manual.

El problema persiste

Hola @Diarasas

Es decir el problema que sigue es este:

O este otro:

Es decir todo y que recuerdo bastante el problema. Refréscame un poco la memoria y dime ahora exactamente cuál de esos sigue siendo el problema.

¿También has realizado a día de hoy cosas que te haya dicho @frica del otro tema que te esta él ayudando?

Salu2.

Hola, ambos.

Y no, no hice nada de frica del otro tema ya que me habías dicho que no era bueno hacer ambas cosas al mismo tiempo, que prosiga con el otro una vez que se haya verificado que no haya nada de malwares

OK entendido @Diarasas

:one: Desactivas tu antivirus :arrow_forward: Como deshabilitar temporalmente un antivirus y cualquier programa de seguridad que tengas activado.

LO DESCARGAS EN TU ESCRITORIO MUY IMPORTANTE (y no en otro sitio).

Descargas Farbar Recovery Scan Tool MUY IMPORTANTE >> seleccionas la versión adecuada para la arquitectura correspondiente de tu Ordenador (32 o 64bits). :arrow_forward: ¿Cómo saber si mi Windows es de 32 o 64 bits.?

:warning: Una vez descargado FRST, desconectas tu equipo de completamente de Internet (apagas el router) >> Super Importante. Acto seguido, cierras también cualquier otro programa que tengas abierto.

:two: Farbar Recovery Scan Tool

  1. Ejecutas el FRST.exe (Si utilizas Windows Vista/7/8 o 10, presionas click derecho y seleccionas Ejecutar como Administrador).

  2. Aparecerá una ventana con un mensaje de Disclaimer/Responsabilidad, presionas sobre Si o Yes.

  3. En la ventana principal del programa presionas sobre Analizar/Scan y esperas a que finalice el análisis.

  4. Aparecerán dos logs/reportes que serán: Frst.txt y Addition.txt, estos quedarán guardados en el escritorio.

:three: Activas de nuevo tu antivirus y cualquier programa de seguridad que tengas activado. También conectas nuevamente tu equipo a Internet.

:four: PRÓXIMA RESPUESTA

Pegas los reportes de FRST y Addition.txt. Debes de poner ambos reportes todos enteros con absolutamente todo su contenido. Deberás de realizar varios mensajes si recibes un mensaje de error/advertencia indicando que es muy largo dicho reporte que formará el mensaje (más de 50.000 carácteres aprox.).

NOTA IMPORTANTE

Por Favor, mientras estemos desinfectando tu maquina o terminando de hacerlo:

  • No realices pasos/acciones que NOSOTROS no te hayamos indicado.
  • No descargues NADA de Internet y/o conectes dispositivos externos a tu equipo.
  • No instales NADA (programas/software/complementos/extensiones del navegador…).
  • No ejecutes otros programas de seguridad (Antivirus, Antimalware, ANTINADA…).
  • No realices por tu cuenta otros procedimientos.
  • Usa tu equipo EXCLUSIVAMENTE para desinfectarlo siguiendo nuestras indicaciones.

:warning: Muy Importante :warning: Coloca los diferentes reportes que te he pedido como se muestra en la siguiente imagen:

Salu2.

Hola, dejo los reportes, saludos

FRST

Resultado del análisis realizado por Farbar Recovery Scan Tool (FRST) (x64) Versión: 28-02-2021
Ejecutado por Gastón (administrador) sobre IDEAPC (LENOVO 20150) (04-03-2021 20:00:12)
Ejecutado desde C:\Users\Gastón.idea-PC\Desktop
Perfiles cargados: Gastón
Platform: Windows 8.1 Single Language (Update) (X64) Idioma: Español (España, internacional)
Navegador predeterminado: "C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1
Modo de Inicio: Normal

==================== Procesos (Lista blanca) =================

(Si una entrada es incluida en el fixlist, el proceso será cerrado. El archivo no será movido.)

(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\StikyNot.exe

==================== Registro (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.) [Archivo no firmado]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [887968 2012-06-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel® Services Manager -> Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailCache] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [123792272 2021-02-22] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe [2166216 2021-02-24] (Brave Software, Inc. -> Brave Software, Inc.)
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [f.lux] => C:\Users\Gastón.idea-PC\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Michael Herf -> Flux Software LLC)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-28] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [STUISpeedLauncher] => "C:\Program Files\Samsung\Stylish UI Pack\TouchBasedUI.exe" -speedlauncher -minVer:6.6.58.0
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32721976 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\us005PC: C:\Windows\System32\spool\prtprocs\x64\us005pc.dll [52240 2016-09-15] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Codename Longhorn DDK provider)
HKLM\...\Print\Monitors\Nitro PDF Port Monitor: C:\WINDOWS\system32\nitrolocalmon2.dll [29704 2012-12-13] (Nitro PDF Software -> Nitro PDF Software)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\WINDOWS\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\us005 Langmon: C:\WINDOWS\system32\us005lm.dll [31256 2016-09-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\89.1.21.73\Installer\chrmstp.exe [2021-03-03] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\WINDOWS\system32\AthCredentialProvider.dll [2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acelerador de inicio de AutoCAD.lnk [2016-06-16]
ShortcutTarget: Acelerador de inicio de AutoCAD.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc -> Autodesk, Inc)
Startup: C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2021-02-20]
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe (June Fabrics Technology Inc. -> )
BootExecute: autocheck autochk * sdnclean64.exe
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN

==================== Tareas programadas (Lista blanca) ============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

Task: {0813AF20-659B-4445-9E56-BB8FC5CF3346} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {094CD275-5C71-4753-B57E-5566CA859498} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {0CE4F5A8-F4CA-45E4-AC54-6834A43B5988} - System32\Tasks\Microsoft\Windows\PLA\WPPTracingSession => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "WPPTracingSession" "$(Arg0)"
Task: {0F6DBBD1-1FA5-490B-A482-1F43FCC689E6} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {11E4D3ED-D620-4FD8-AF84-A6B789DA242D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {139788A8-F7FD-4B88-BC47-F66A3AC2EFCD} - System32\Tasks\UsbFix Monitor => C:\Program Files (x86)\UsbFix\Modules\UsbFixMonitor.exe [1239176 2020-12-02] (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> )
Task: {1808EBE6-33B6-4E4B-AC95-DF54ACD237EE} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {1ACBE919-7AC7-4EFB-A076-17E61FB13151} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B1C8F00-FA30-49C9-8A04-B4F9FBEEB9B3} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {2EA21998-14F2-44C7-946A-1070CFA87DCF} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-02-16] (Piriform Software Ltd -> Piriform)
Task: {2FDCE8D8-DC52-4CBD-897C-FDE12823E88E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineCore" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\BraveSoftwareUpdateTaskMachineUA" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\CCleaner Update" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\CCleanerSkipUAC" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\Java Update Scheduler" /ENABLE
Task: {618291D8-E52B-4E76-A3A6-187EA19C76C9} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {67A9884E-E842-4593-AA7F-A3C9388232A6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {69F69A34-524B-4901-92FD-05FBDD8D0C08} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8626F4D6-2AE4-4526-AF36-E08513EFCD54} - System32\Tasks\Google Updater and Installer => C:\Users\Gastón\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-12] (Google Inc -> Google Inc.)
Task: {88A4F2D3-5D09-4C2D-945D-E8041C360C09} - System32\Tasks\UsbFix Boot Scan => C:\Program Files (x86)\UsbFix\UsbFix.exe [2053256 2020-12-02] (SOSVIRUS (LE BOZEC CEDRIC, DOMINIQUE, MARIE) -> )
Task: {8B6759EE-1C08-4B8F-955C-774AB5A6544E} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {9D080B6F-914C-4B49-8F56-68CE7D609E7F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [978672 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {9F982064-3372-400C-B7A8-EE8DFA35BDFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27165752 2021-02-16] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A93978FA-15D9-4C85-BE53-CE2788E74212} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {ABC584C4-7B63-4D2E-8686-B9777D34D832} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle America, Inc. -> Oracle Corporation)
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {ECA9C953-9493-41ED-8707-CBE0E969D7A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [410792 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {F4C4FD96-1DB7-43F1-B0F0-7C94A9AB7D97} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)

(Si una entrada es incluida en el fixlist, el archivo de tarea (.job) será movido. El archivo que está siendo ejecutado por la tarea no será movido.)


==================== Internet (Lista blanca) ====================

(Si un elemento es incluido en el fixlist, y éste pertenece al registro, será eliminado o restaurado a su valor predeterminado.)

Tcpip\Parameters: [DhcpNameServer] 190.105.0.4 190.105.0.5
Tcpip\..\Interfaces\{5C517605-40D6-45EB-BF01-0EF24F14546E}: [NameServer] 10.129.132.1
Tcpip\..\Interfaces\{6FA458E3-03A5-460E-85BC-F581433F1F05}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{8B09C289-CF1B-4C59-B3A0-08F027A2FBD8}: [DhcpNameServer] 190.105.0.4 190.105.0.5

FireFox:
========
FF ProfilePath: C:\Users\Gastón.idea-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4JP5qivp.default [2021-02-20]
FF Extension: (Avira Password Manager) - C:\Users\Gastón.idea-PC\AppData\Roaming\Mozilla\Firefox\Profiles\4JP5qivp.default\Extensions\[email protected] [2020-04-27]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [Ningún archivo]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-08-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2012-12-13] (Nitro PDF Software -> Nitro PDF)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=3 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin-x32: @tools.brave.com/BraveSoftware Update;version=9 -> C:\Program Files (x86)\BraveSoftware\Update\1.3.99.0\npBraveUpdate3.dll [2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
FF Plugin HKU\S-1-5-21-4206844412-3915076-1266158226-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Gastón.idea-PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-08-28] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Gastón.idea-PC\AppData\Local\Google\Chrome\User Data\Default [2021-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gastón.idea-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-10-06]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm

Brave: 
=======
BRA DefaultProfile: Default
BRA Profile: C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-03-04]
BRA DefaultSearchURL: Default -> hxxps://duckduckgo.com/?q={searchTerms}&t=brave
BRA DefaultSearchKeyword: Default -> :d
BRA DefaultSuggestURL: Default -> hxxps://ac.duckduckgo.com/ac/?q={searchTerms}&type=list
BRA Extension: (Video Downloader professional) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2020-07-24]
BRA Extension: (Secure Bookmarks) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\leocjgngiajhfiikjolfhcpiokgbinep [2020-07-21]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-02-20]
BRA Extension: (Brave User Model Installer) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\ahiocclicnhmiobhocikfdamfccbehhn [2020-12-20]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-03-04]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-11-29]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\golcdmhaefcpmdoofahgnhnfldidgjfl [2021-03-04]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-02-20]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-03-02]
BRA Extension: (Origin Trials Updates) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\OriginTrials [2020-10-02]
BRA Extension: (Brave Ad Block Updater (EasyList Spanish)) - C:\Users\Gastón.idea-PC\AppData\Local\BraveSoftware\Brave-Browser\User Data\pdecoifadfkklajdlmndjpkhabpklldh [2021-03-04]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe

==================== Servicios (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S4 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [227456 2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
S4 Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [77944 2014-06-21] (Autodesk, Inc -> Autodesk)
S2 AVP21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe [384280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-04-21] (BattlEye Innovations e.K. -> )
S4 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S4 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157544 2020-07-22] (Brave Software, Inc. -> BraveSoftware Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation -> Microsoft Corporation)
S4 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-04-21] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 klvssbridge64_21.3; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe [479280 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10897296 2021-02-22] (Logitech Inc -> Logitech, Inc.)
S4 LmpcService; C:\Program Files\Lock My PC 4\LmpcServ.exe [52592 2007-06-12] (FSPro Labs -> )
S4 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software -> Nitro PDF Software)
S4 nlsX86cc; C:\WINDOWS\SysWOW64\NLSSRV32.EXE [70152 2012-12-13] (Nitro PDF Software -> Nalpeiron Ltd.)
S3 Samsung Printer Dianostics Service; C:\WINDOWS\SysWOW64\\spdsvc.exe [508488 2018-04-25] (HP Inc. -> )
S4 SamsungUPDUtilSvc; C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe [143664 2018-04-11] (Samsung Electronics CO., LTD. -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation)
S4 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-24] (Atheros) [Archivo no firmado]

===================== Controladores (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

S3 AMPPAL; C:\WINDOWS\System32\drivers\AMPPAL.sys [195584 2011-12-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
S3 aswTap; C:\WINDOWS\system32\DRIVERS\aswTap.sys [44640 2014-04-22] (AVAST Software a.s. -> The OpenVPN Project)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [250032 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 fwdrv; C:\WINDOWS\system32\DRIVERS\fwdrv.sys [27840 2014-03-22] (Web Solution Mart -> Web Solution Mart)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [27552 2020-05-14] (Martin Malik - REALiX -> REALiX(tm))
S1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110336 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [211704 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [126216 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [41656 2021-02-19] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [514840 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [657176 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1400584 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1042712 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [98040 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [112392 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [112904 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85256 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [96008 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [230976 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_arkmon_F72F513E; C:\ProgramData\Kaspersky Lab\AVP21.3\Temp\F72F513E72BB3F8E3F39DFAA1323484A\klupd_klif_arkmon.sys [230976 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [86656 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [101112 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
U3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [190952 2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [155912 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [327936 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300808 2021-02-19] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 LGHUBTemperatureService; C:\ProgramData\LGHUB\depots\73248\driver_cpu_temperature\logi_core_temp.sys [25448 2021-02-22] (Logitech Inc. -> Logitech)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [38136 2021-02-22] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [26672 2021-02-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [66808 2021-02-22] (Logitech Inc -> Logitech)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [58280 2018-07-27] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
S3 Neo_VPN; C:\WINDOWS\system32\DRIVERS\Neo_VPN.sys [38432 2018-03-10] (SoftEther Corporation -> SoftEther Corporation)
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [29888 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
S3 phantomtap; C:\WINDOWS\system32\DRIVERS\phantomtap.sys [35664 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [50888 2018-06-09] (SoftEther Corporation -> SoftEther Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 tap-tb-0901; C:\WINDOWS\system32\DRIVERS\tap-tb-0901.sys [38656 2015-08-10] (TunnelBear, Inc. -> The OpenVPN Project)
R3 tap0901; C:\WINDOWS\system32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 tapnordvpn; C:\WINDOWS\system32\DRIVERS\tapnordvpn.sys [35592 2018-07-24] (TEFINCOM S.A. -> The OpenVPN Project)
S3 tapprotonvpn; C:\WINDOWS\system32\DRIVERS\tapprotonvpn.sys [39864 2020-04-06] (ProtonVPN AG -> The OpenVPN Project)
S3 tapwindscribe0901; C:\WINDOWS\system32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 TS_ARN5416; C:\WINDOWS\system32\DRIVERS\ts_athrx.sys [3508584 2017-05-11] (TamoSoft Ltd -> TamoSoft)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-12-18] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-12-18] (Oracle Corporation -> Oracle Corporation)
S3 VBoxUSB; C:\WINDOWS\System32\Drivers\VBoxUSB.sys [125008 2015-11-10] (Oracle Corporation -> Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29576 2020-08-02] (WireGuard LLC -> WireGuard LLC)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-13] (CyberLink -> "CyberLink)
U4 amdlog; no ImagePath
U4 autotimesvc; no ImagePath
U4 BcastDVRUserService; no ImagePath
U2 camsvc; no ImagePath
U4 CaptureService; no ImagePath
U2 cbdhsvc; no ImagePath
U4 CDPUserSvc; no ImagePath
U2 ConsentUxUserSvc; no ImagePath
U4 CscService; no ImagePath
U2 DeviceAssociationBrokerSvc; no ImagePath
U2 DevicePickerUserSvc; no ImagePath
U2 DevicesFlowUserSvc; no ImagePath
U4 diagnosticshub.standardcollector.service; no ImagePath
U4 diagsvc; no ImagePath
U4 dmwappushservice; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 DsSvc; no ImagePath
U4 DusmSvc; no ImagePath
U4 edgeupdate; no ImagePath
U4 edgeupdatem; no ImagePath
U4 FrameServer; no ImagePath
U4 icssvc; no ImagePath
U4 IpxlatCfgSvc; no ImagePath
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U4 MapsBroker; no ImagePath
U4 MessagingService; no ImagePath
U4 MicrosoftEdgeElevationService; no ImagePath
U4 NfsClnt; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U4 perceptionsimulation; no ImagePath
U4 PhoneSvc; no ImagePath
U4 PimIndexMaintenanceSvc; no ImagePath
U4 RetailDemo; no ImagePath
U4 RmSvc; no ImagePath
U4 SEMgrSvc; no ImagePath
U4 SensorDataService; no ImagePath
U4 SensorService; no ImagePath
U4 SharedRealitySvc; no ImagePath
U4 shpamsvc; no ImagePath
U4 ssh-agent; no ImagePath
U4 TroubleshootingSvc; no ImagePath
U4 tzautoupdate; no ImagePath
U2 UnistoreSvc; no ImagePath
U4 UserDataSvc; no ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\Gastón.idea-PC\AppData\Local\Temp\tmpDD75.tmp [X] <==== ATENCIÓN
U4 wisvc; no ImagePath
U4 WpcMonSvc; no ImagePath

==================== NetSvcs (Lista blanca) ===================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)


==================== Un mes (creado) (Lista blanca) =========

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-03-04 20:00 - 2021-03-04 20:01 - 000031680 _____ C:\Users\Gastón.idea-PC\Desktop\FRST.txt
2021-03-04 19:57 - 2021-03-04 19:57 - 000009307 _____ C:\Users\Gastón.idea-PC\Desktop\UsbFix_Report.txt
2021-03-04 19:55 - 2021-02-19 21:08 - 001042712 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-03-04 19:55 - 2021-02-19 21:08 - 000514840 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-03-04 19:12 - 2021-03-04 19:12 - 002301440 _____ (Farbar) C:\Users\Gastón.idea-PC\Desktop\FRST64.exe
2021-03-01 21:54 - 2021-03-01 21:54 - 000688640 _____ C:\Users\Gastón.idea-PC\Desktop\TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt
2021-03-01 20:49 - 2021-03-01 20:55 - 000688640 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.49.46_log.txt
2021-03-01 20:41 - 2021-03-01 20:42 - 000009290 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.41.30_log.txt
2021-03-01 20:41 - 2021-03-01 20:41 - 000009124 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.41.18_log.txt
2021-03-01 20:40 - 2021-03-01 20:41 - 000000562 _____ C:\TDSSKiller.3.1.0.28_01.03.2021_20.40.58_log.txt
2021-03-01 19:41 - 2021-03-01 19:41 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\467354ED.sys
2021-03-01 19:40 - 2021-03-01 20:39 - 000000000 ____D C:\Users\Gastón.idea-PC\Desktop\mbar
2021-03-01 19:31 - 2021-03-01 19:35 - 000009668 _____ C:\Users\Gastón.idea-PC\Desktop\UsbFix.txt
2021-03-01 19:27 - 2021-03-04 19:56 - 000001906 _____ C:\Users\Public\Desktop\UsbFix Anti-Malware.lnk
2021-03-01 19:27 - 2021-03-04 19:56 - 000001906 _____ C:\ProgramData\Desktop\UsbFix Anti-Malware.lnk
2021-03-01 19:27 - 2021-03-01 19:27 - 000003208 _____ C:\WINDOWS\system32\Tasks\UsbFix Monitor
2021-03-01 19:27 - 2021-03-01 19:27 - 000003206 _____ C:\WINDOWS\system32\Tasks\UsbFix Boot Scan
2021-03-01 19:27 - 2021-03-01 19:27 - 000000000 ____D C:\Program Files (x86)\UsbFix
2021-03-01 19:09 - 2021-03-01 19:09 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Gastón.idea-PC\Desktop\mbar-1.10.3.1001.exe
2021-03-01 19:09 - 2021-03-01 19:09 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Gastón.idea-PC\Desktop\tdsskiller.exe
2021-03-01 19:09 - 2021-03-01 19:09 - 004868504 _____ (SOSVirus) C:\Users\Gastón.idea-PC\Desktop\UsbFix_2020.exe
2021-02-27 03:01 - 2021-02-27 03:02 - 238184200 _____ C:\Users\Gastón.idea-PC\Desktop\kv1pvqjq.exe
2021-02-27 02:59 - 2021-02-27 02:59 - 000000000 ____D C:\KVRT2020_Data
2021-02-27 02:56 - 2021-02-27 02:56 - 100704688 _____ (AO Kaspersky Lab) C:\Users\Gastón.idea-PC\Desktop\KVRT.exe
2021-02-26 20:54 - 2021-02-27 01:52 - 000000576 _____ C:\Users\Gastón.idea-PC\Desktop\ESET Online Scanner.lnk
2021-02-26 20:53 - 2021-02-26 20:53 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Gastón.idea-PC\Desktop\esetonlinescanner.exe
2021-02-24 03:06 - 2021-03-04 19:57 - 000575950 _____ C:\WINDOWS\ntbtlog.txt
2021-02-24 02:33 - 2021-02-24 02:33 - 000000608 _____ C:\Users\Gastón.idea-PC\Desktop\cc_20210224_023308.reg
2021-02-24 02:10 - 2021-02-24 02:30 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\ZHP
2021-02-24 02:10 - 2021-02-24 02:10 - 000000895 _____ C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner.lnk
2021-02-24 02:10 - 2021-02-24 02:10 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\ZHP
2021-02-23 23:53 - 2021-02-23 23:53 - 000006618 _____ C:\Users\Gastón.idea-PC\Desktop\cc_20210223_235311.reg
2021-02-23 23:44 - 2021-02-23 23:45 - 003324568 _____ (Nicolas Coolman) C:\Users\Gastón.idea-PC\Desktop\ZHPCleaner.exe
2021-02-23 23:44 - 2021-02-23 23:44 - 001790024 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\JRT.exe
2021-02-23 23:43 - 2021-02-23 23:44 - 008463216 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\adwcleaner_8.1.exe
2021-02-23 23:42 - 2021-02-23 23:42 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-23 23:41 - 2021-02-23 23:41 - 002084016 _____ (Malwarebytes) C:\Users\Gastón.idea-PC\Desktop\MBSetup.exe
2021-02-23 23:20 - 2021-03-02 16:32 - 000024982 _____ C:\Users\Gastón.idea-PC\Desktop\PROFESOReset.txt
2021-02-23 19:50 - 2021-02-23 20:09 - 000000000 ____D C:\FSTool
2021-02-22 20:42 - 2021-03-04 19:59 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\LGHUB
2021-02-22 20:42 - 2021-03-04 19:54 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\LGHUB
2021-02-22 20:42 - 2021-02-22 20:42 - 000000718 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2021-02-22 20:42 - 2021-02-22 20:42 - 000000718 _____ C:\ProgramData\Desktop\Logitech G HUB.lnk
2021-02-22 20:42 - 2021-02-22 20:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2021-02-22 20:42 - 2021-02-22 20:42 - 000000000 ____D C:\Program Files\LGHUB
2021-02-22 20:40 - 2021-02-22 20:40 - 000066808 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_xlcore.sys
2021-02-22 20:40 - 2021-02-22 20:40 - 000038136 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_bus_enum.sys
2021-02-22 20:40 - 2021-02-22 20:40 - 000026672 _____ (Logitech) C:\WINDOWS\system32\Drivers\logi_joy_vir_hid.sys
2021-02-22 20:39 - 2021-02-22 20:42 - 000000000 ____D C:\ProgramData\LGHUB
2021-02-20 17:40 - 2021-02-20 18:17 - 000000000 ____D C:\ProgramData\BSD
2021-02-20 15:15 - 2021-02-20 15:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2021-02-20 15:15 - 2021-02-20 15:15 - 000000000 ____D C:\Program Files (x86)\PdaNet for Android
2021-02-20 15:15 - 2011-11-25 01:25 - 000015360 _____ (June Fabrics Technology Inc.) C:\WINDOWS\system32\Drivers\pneteth.sys
2021-02-12 21:13 - 2021-02-12 21:25 - 000247654 _____ C:\TDSSKiller.3.1.0.28_12.02.2021_21.13.47_log.txt
2021-02-12 21:13 - 2021-02-12 21:13 - 000000562 _____ C:\TDSSKiller.3.1.0.28_12.02.2021_21.13.36_log.txt
2021-02-12 20:13 - 2021-02-12 20:13 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3153729B.sys
2021-02-12 04:16 - 2021-02-12 04:16 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\ESET
2021-02-06 17:59 - 2021-02-06 17:59 - 000000000 _____ C:\Users\Gastón.idea-PC\AppData\Local\{98D9E10F-DDCB-469D-B4F6-02657790FD20}
2021-02-02 06:11 - 2021-02-02 06:11 - 000002048 _____ C:\Users\Gastón.idea-PC\Desktop\Memory Cleaner.lnk
2021-02-02 06:11 - 2021-02-02 06:11 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\KoshyJohn.com
2021-02-02 06:11 - 2021-02-02 06:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com

==================== Un mes (modificado) ==================

(Si una entrada es incluida en el fixlist, el archivo/carpeta será eliminado/a.)

2021-03-04 20:00 - 2019-11-22 23:43 - 000000000 ____D C:\FRST
2021-03-04 19:58 - 2014-06-12 11:44 - 000003592 _____ C:\WINDOWS\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4206844412-3915076-1266158226-1001
2021-03-04 19:57 - 2020-04-27 03:54 - 000000000 ____D C:\Program Files\Common Files\AV
2021-03-04 19:57 - 2017-11-28 02:38 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2021-03-04 19:57 - 2014-07-05 00:25 - 000000000 ____D C:\Program Files\CCleaner
2021-03-04 19:56 - 2013-08-22 10:36 - 000000000 ____D C:\WINDOWS\Inf
2021-03-04 19:56 - 2013-08-22 10:25 - 000262144 _____ C:\WINDOWS\system32\config\ELAM
2021-03-04 19:55 - 2012-07-26 05:12 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-03-04 19:53 - 2015-01-12 20:05 - 000000000 __SHD C:\Users\Gastón\IntelGraphicsProfiles
2021-03-04 19:52 - 2013-08-22 11:45 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-03-04 18:13 - 2021-01-21 05:23 - 000001232 _____ C:\Users\Gastón.idea-PC\Desktop\Roblox Studio.lnk
2021-03-04 18:13 - 2019-09-21 21:44 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2021-03-03 21:32 - 2020-09-13 00:45 - 000000000 ____D C:\Users\Gastón.idea-PC\.Loquendo
2021-03-03 20:48 - 2015-12-26 22:42 - 000000000 ____D C:\Users\Gastón.idea-PC\Documents\Camtasia Studio
2021-03-03 20:45 - 2020-07-22 02:39 - 000002370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-03-03 20:45 - 2020-07-22 02:39 - 000002329 _____ C:\Users\Public\Desktop\Brave.lnk
2021-03-03 20:45 - 2020-07-22 02:39 - 000002329 _____ C:\ProgramData\Desktop\Brave.lnk
2021-03-01 20:39 - 2017-07-30 17:07 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-03-01 16:52 - 2015-01-12 19:27 - 000000000 ____D C:\Users\Gastón.idea-PC
2021-02-28 17:37 - 2017-01-19 16:25 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Roaming\Nitro PDF
2021-02-28 16:14 - 2017-07-10 01:21 - 000000000 ____D C:\ProgramData\Doctor Web
2021-02-27 01:34 - 2018-04-29 22:14 - 000004128 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-26 20:54 - 2014-09-24 12:25 - 001104098 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-26 20:54 - 2014-09-24 11:40 - 000164164 _____ C:\WINDOWS\system32\perfc00A.dat
2021-02-26 20:54 - 2014-09-24 11:40 - 000090690 _____ C:\WINDOWS\system32\perfh00A.dat
2021-02-24 02:29 - 2015-01-12 18:29 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\Google
2021-02-23 23:52 - 2015-02-13 20:13 - 000000000 ____D C:\WINDOWS\Minidump
2021-02-23 23:52 - 2012-07-26 05:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-02-23 23:26 - 2020-07-22 02:36 - 000003474 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-02-23 23:26 - 2014-07-05 00:25 - 000002806 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-02-23 23:26 - 2014-06-21 18:14 - 000003704 _____ C:\WINDOWS\system32\Tasks\Java Update Scheduler
2021-02-23 23:25 - 2020-07-22 02:36 - 000003346 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-02-23 19:25 - 2020-04-14 04:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-02-22 20:42 - 2015-12-31 00:46 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\CrashDumps
2021-02-22 20:38 - 2016-04-10 02:56 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-22 16:44 - 2017-09-09 21:42 - 000007597 _____ C:\Users\Gastón.idea-PC\AppData\Local\Resmon.ResmonCfg
2021-02-21 12:51 - 2019-06-17 03:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-02-21 12:51 - 2017-01-07 20:39 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-02-21 12:51 - 2015-01-12 20:19 - 000000000 ___RD C:\Users\Gastón.idea-PC\Desktop\UT
2021-02-21 01:01 - 2018-09-16 18:39 - 000000132 _____ C:\Users\Gastón.idea-PC\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2021-02-20 17:47 - 2013-08-22 10:25 - 000000259 _____ C:\WINDOWS\win.ini
2021-02-16 18:56 - 2015-01-12 18:04 - 000000000 ____D C:\Users\Gastón.idea-PC\AppData\Local\Packages
2021-02-16 18:34 - 2014-10-08 02:15 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-12 20:13 - 2020-06-10 21:47 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 07:24 - 2013-06-18 07:50 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-02-12 07:23 - 2016-04-05 23:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\COMODO
2021-02-05 17:58 - 2013-08-22 10:25 - 000524288 _____ C:\WINDOWS\system32\config\BBI

==================== Archivos en la raíz de algunos directorios ========

2007-10-04 12:00 - 2007-10-04 12:00 - 000003134 __RSH () C:\Program Files (x86)\Common Files\Logo.ico
2018-03-10 18:49 - 2018-03-10 18:49 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\fv3_input
2019-11-09 18:22 - 2019-11-09 18:46 - 000000141 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\jjv5conf.json
2018-09-16 18:39 - 2021-02-21 01:01 - 000000132 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
2017-12-26 20:45 - 2018-01-04 05:00 - 000000013 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\rbx_hook
2015-10-02 18:31 - 2015-10-02 18:31 - 000001167 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.1.txt
2015-10-02 18:43 - 2015-10-02 18:43 - 000000905 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.txt
2015-10-02 18:31 - 2015-10-02 18:43 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2017-12-26 20:45 - 2017-12-31 16:10 - 000000024 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\version
2015-11-22 12:28 - 2015-11-22 12:28 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\F999.tmp
2019-04-18 20:51 - 2019-04-18 20:51 - 000001111 _____ () C:\Users\Gastón.idea-PC\AppData\Local\gamma_ramp.reg
2019-07-24 22:07 - 2019-07-25 18:53 - 001313336 _____ (Roblox Corporation) C:\Users\Gastón.idea-PC\AppData\Local\Installer.exe
2017-09-09 21:42 - 2021-02-22 16:44 - 000007597 _____ () C:\Users\Gastón.idea-PC\AppData\Local\Resmon.ResmonCfg
2015-01-16 03:29 - 2015-01-16 03:29 - 000000003 _____ () C:\Users\Gastón.idea-PC\AppData\Local\updater.log
2015-04-24 22:56 - 2020-10-22 07:10 - 000000424 _____ () C:\Users\Gastón.idea-PC\AppData\Local\UserProducts.xml
2020-07-23 02:44 - 2020-07-23 02:44 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{3AA36954-D573-4BC4-8233-7EE0A681818B}
2021-02-06 17:59 - 2021-02-06 17:59 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{98D9E10F-DDCB-469D-B4F6-02657790FD20}
2015-05-22 15:47 - 2015-05-22 15:47 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{A508A5A3-761F-428E-8BB0-9DAE1C482C92}
2017-01-20 20:10 - 2017-01-20 20:10 - 000000000 _____ () C:\Users\Gastón.idea-PC\AppData\Local\{EC9B42B7-A186-4455-AE3A-F9BCE67525D6}

==================== SigCheck ============================

(No existe una corrección automática para los archivos que no pasan la verificación.)


LastRegBack: 2021-03-04 18:35
==================== Final de FRST.txt ========================

Addition parte 1

Resultados del Análisis Adicional de Farbar Recovery Scan Tool (x64) Versión: 28-02-2021
Ejecutado por Gastón (04-03-2021 20:02:34)
Ejecutado desde C:\Users\Gastón.idea-PC\Desktop
Windows 8.1 Single Language (Update) (X64) (2015-01-12 23:05:08)
Modo de Inicio: Normal
==========================================================


==================== Cuentas: =============================

Administrador (S-1-5-21-4206844412-3915076-1266158226-500 - Administrator - Disabled)
Gastón (S-1-5-21-4206844412-3915076-1266158226-1001 - Administrator - Enabled) => C:\Users\Gastón.idea-PC
HomeGroupUser$ (S-1-5-21-4206844412-3915076-1266158226-1006 - Limited - Enabled)
Invitado (S-1-5-21-4206844412-3915076-1266158226-501 - Limited - Disabled) => C:\Users\Invitado
lnvitado (S-1-5-21-4206844412-3915076-1266158226-1007 - Administrator - Enabled) => C:\Users\lnvitado

==================== Centro de Seguridad ========================

(Si una entrada es incluida en el fixlist, será eliminada.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Security Cloud (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Security Cloud (Disabled - Up to date) {F41710F6-65D1-4F66-2B68-CCCF63D4A09E}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}

==================== Programas instalados ======================

(Solo los programas de adware con indicador "Oculto", pueden ser añadidos al fixlist para hacerlos visibles. Los programas adware deben ser desinstalados manualmente.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 28.0.0.127 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Flash Player 9 ActiveX (HKLM-x32\...\{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}) (Version: 9.0.115.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.17) - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Analizador y SDK de MSXML 4.0 SP2 (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
AutoCAD 2007 - Español (HKLM-x32\...\{5783F2D7-5001-040A-0002-0060B0CE6BBA}) (Version: 17.0.54.110 - Autodesk)
Autodesk DWF Viewer (HKLM-x32\...\Autodesk DWF Viewer) (Version: 6.5 - Autodesk, Inc.)
Bentley IEG License Service (HKLM-x32\...\{D56865D0-28E9-4972-990E-01B1074FE4FE}) (Version: 2.0.11.0 - Bentley Systems Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 89.1.21.73 - Los creadores de Brave)
BuduLock (HKLM-x32\...\{7FA7F183-5284-4A79-BC87-429EABCBC5ED}) (Version: 1.1.2 - BuduSuite)
Camtasia 9 (HKLM\...\{5B345FC0-9E6D-4D22-9718-682DB0CF2414}) (Version: 9.0.0.1306 - TechSmith Corporation) Hidden
Camtasia 9 (HKLM-x32\...\{357abfe9-0513-4326-9e53-3b7654e9819d}) (Version: 9.0.0.1306 - TechSmith Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
f.lux (HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\Flux) (Version:  - )
f.lux (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\Flux) (Version:  - )
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Galería de fotos (HKLM-x32\...\{198CEF22-A27F-4DC7-9B66-2C22A4B1CA09}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Guía del usuario (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo) Hidden
Hardwipe 5.2.1 (HKLM\...\{0F322F97-B3FB-4423-B23E-4E486693CD16}) (Version: 5.2.1 - Big Angry Dog)
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Intel(R) Graphics Driver Software (HKLM-x32\...\{11fd8837-78a3-461c-810a-8857f36bfa18}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Graphics Driver Software (HKLM-x32\...\{1c5c7b65-90a8-44b8-b1f6-0f6bae9f3eb5}) (Version: 3.11.1.0 - Intel) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Iridium Browser (HKLM\...\{5ABE3355-9D56-41DC-BD0A-F160B823FC57}) (Version: 54.0.0 - The Iridium Authors)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Security Cloud (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Kaspersky Security Cloud (HKLM-x32\...\InstallWIX_{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lenovo Service Bridge (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\cbe8636f7dd0cf1d) (Version: 1.4.0.0 - Lenovo)
Lock My PC Free Edition 4.9.5 (HKLM\...\Lock My PC Free Edition_is1) (Version: 4.9.5 - )
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version:  - Logitech)
Loquendo TTS 7 Carlos Multimedia High Quality (HKLM-x32\...\{CCB512D7-4500-4E5F-A2EA-26D512E4B2BF}) (Version: 7.3.0 - Loquendo)
Loquendo TTS 7 Carmen Multimedia High Quality (HKLM-x32\...\{08E73A78-70C4-4168-BB68-98B6D7A9001F}) (Version: 7.3.0 - Loquendo)
Loquendo TTS 7 Engine Full Distribution (HKLM-x32\...\{16096EE7-3343-4835-B9AF-C63492BD89B3}) (Version: 7.5.0 - Loquendo)
Loquendo TTS 7 Jorge Multimedia High Quality (HKLM-x32\...\{22BF5757-B409-4936-B711-959FE897BD4A}) (Version: 7.3.0 - Loquendo)
Loquendo TTS 7 SDK Distribution (HKLM-x32\...\{30139AC2-AB19-4AEA-865F-2154240D851F}) (Version: 7.3.1 - Loquendo)
Loquendo TTS 7 Soledad Multimedia High Quality (HKLM-x32\...\{5A073D9F-DC37-4581-BD40-A88EEAB5048D}) (Version: 7.3.1 - Loquendo)
Loquendo TTS 7 Spanish (HKLM-x32\...\{02B7FE27-CF87-4380-B57B-9D7A543B1674}) (Version: 7.4.0 - Loquendo)
Macro Recorder 5.8.0 (HKLM-x32\...\Macro Recorder_is1) (Version: 5.8.0 - Jitbit Software)
Macromedia Flash Player 8 (HKLM-x32\...\ShockwaveFlash) (Version: 8 - Macromedia)
Memory Cleaner 2.70 (HKLM\...\MemClean) (Version: 2.70 - KoshyJohn.com)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219.473 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219.473 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61135 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61135 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61135 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61135 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61135 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127 (HKLM-x32\...\{282975d8-55fe-4991-bbbb-06a72581ce58}) (Version: 14.24.28127.4 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.25.28508 (HKLM-x32\...\{65e650ff-30be-469d-b63a-418d71ea1765}) (Version: 14.25.28508.3 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{9C82436F-F19C-42A4-B476-F87A28A95BF9}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Nitro Pro 8 (HKLM\...\{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}) (Version: 8.0.10.7 - Nitro)
Oracle VM VirtualBox 5.0.12 (HKLM\...\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}) (Version: 5.0.12 - Oracle Corporation)
Paquete de controladores de Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Paquete de controladores de Windows - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Paquete de controladores de Windows - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PdaNet+ for Android 5.23 (HKLM-x32\...\PdaNet_is1) (Version:  - June Fabrics Technology)
'PTC Places' Namespace Shell Extension (HKLM-x32\...\{B7715210-136C-4832-8A60-33BFF6CC0EF1}) (Version: 1.1.13 - PTC)
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10454 - Qualcomm)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
RAM Advanse 9.5 (HKLM-x32\...\{EB06BB46-ED24-4661-8996-A447F1EBC2E7}) (Version: 9.5.0 - Bentley Systems Inc.)
RAM License Support (HKLM-x32\...\{AD6331AF-466F-4D25-B467-EEB2AAF2032C}) (Version: 2.0.2.0 - Bentley Systems, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6675 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Roblox Player for Gastón (HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Player for Gastón (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\roblox-player) (Version:  - Roblox Corporation)
Roblox Player for Invitado (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - Roblox Corporation)
Roblox Studio for Gastón (HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\roblox-studio) (Version:  - Roblox Corporation)
Roblox Studio for Gastón (HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\roblox-studio) (Version:  - Roblox Corporation)
Roblox Studio for Gastón (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\roblox-studio) (Version:  - Roblox Corporation)
Roblox Studio for Invitado (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - Roblox Corporation)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
ThinkPad UltraNav Driver (HKLM\...\Elantech) (Version: 11.4.10.2 - ELAN Microelectronic Corp.)
Unity Web Player (HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\UnityWebPlayer) (Version: 5.2.0f3 - Unity Technologies ApS)
Update for Skype for Business 2016 (KB4484501) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5758925D-D737-4467-8928-BE143AB9699B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4484501) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{5758925D-D737-4467-8928-BE143AB9699B}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4484501) 64-Bit Edition (HKLM\...\{90160000-012B-0C0A-1000-0000000FF1CE}_Office16.PROPLUS_{5758925D-D737-4467-8928-BE143AB9699B}) (Version:  - Microsoft)
UsbFix Anti-Malware Premium (HKLM-x32\...\Usbfix) (Version: 11.0.3.2 - SOSVirus (SOSVirus.Net))
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
Windchill ProductPoint Client Manager (HKLM-x32\...\{129024FF-A6C9-4696-91BC-570C6C05193A}) (Version: 1.1.187 - PTC)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Yousician Launcher version 1.0 (HKLM-x32\...\{EF45EAE9-523E-47C3-8634-A81923B11DD5}_is1) (Version: 1.0 - Yousician)

Packages:
=========
AccuWeather for Windows 8 -> C:\Program Files\WindowsApps\AccuWeather.AccuWeatherforWindows8_4.1.0.31_x64__8zz2pj9h1h1d8 [2021-02-01] (AccuWeather)
Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_2.2.26.0_x86__k1h2ywk1493x8 [2021-02-01] (LENOVO INC.)
Evernote Touch -> C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2 [2021-02-01] (Evernote)
Juegos -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Corporation) [MS Ad]
Lenovo Support -> C:\Program Files\WindowsApps\E046963F.LenovoSupport_2.0.5.0_x86__k1h2ywk1493x8 [2021-02-01] (Lenovo, INC.)
Live TV -> C:\Program Files\WindowsApps\FilmOnLiveTVFree.FilmOnLiveTVFree_1.3.6.115_x64__zx03kxexxb716 [2021-02-01] (FilmOn TV Inc.)
PowerDVD for Lenovo Idea -> C:\Program Files\WindowsApps\CyberLinkCorp.id.PowerDVDforLenovoIdea_1.1.2618.24808_x86__hgg5mn3xps74a [2021-02-01] (CYBERLINK COM CORPORATION)
rara music -> C:\Program Files\WindowsApps\rara.com.rara.com_1.0.25.23_neutral__2tghmx54nqzjm [2021-02-01] (RARA MEDIA GROUP LIMITED)
Zinio -> C:\Program Files\WindowsApps\ZinioLLC.Zinio_2.1.0.317_x64__0q6dqzpp40p2e [2021-02-01] (Zinio LLC)

==================== Personalizado CLSID (Lista blanca): ==============

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4206844412-3915076-1266158226-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc. -> SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc. -> SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc. -> SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc. -> SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32-x32: [Identificador de icono superpuesto para firmas digitales de AutoCAD] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\SysWOW64\AcSignIcon.dll [2006-03-05] (Autodesk, Inc -> Autodesk)
ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> Ningún archivo
ContextMenuHandlers1-x32: [Autodesk.DWF.ContextMenu] -> {6C18531F-CA85-45F7-8278-FF33CF0A5964} => C:\Program Files (x86)\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll [2005-11-15] (Autodesk, Inc. -> Autodesk, Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2012-12-13] (Nitro PDF Software -> Nitro PDF)
ContextMenuHandlers1: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [BigAngryDog_HWipe] -> {B0FFE529-A5D3-4ECE-91C0-9E3585C373D8} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2017-04-03] (Big Angry Dog Ltd -> Big Angry Dog)
ContextMenuHandlers2: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers3: [BigAngryDog_HWipe] -> {8154B7C1-BB68-457C-931A-5BFABBA86CD9} => C:\Program Files\Hardwipe\hw-bin\hwshell.dll [2017-04-03] (Big Angry Dog Ltd -> Big Angry Dog)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll [2013-01-24] (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado]
ContextMenuHandlers3: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers4: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers4: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 21.3] -> {37303E08-14C9-4FC3-B1D9-7993682A4691} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\shellex.dll [2021-03-04] (Kaspersky Lab JSC -> AO Kaspersky Lab)
ContextMenuHandlers6: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers6: [SugarSync] -> [CC]{305BC11B-5175-492B-B569-866547FCDA40} =>  -> Ningún archivo
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-02-15] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Lista blanca) ====================

(Si una entrada es incluida en el fixlist, el elemento del registro será restaurado a su valor predeterminado o será eliminado. El archivo no será movido.)

HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2012-05-18] () [Archivo no firmado]

==================== Accesos directos & WMI ========================

(Las entradas pueden ser listadas para ser restauradas o eliminadas.)

ShortcutWithArgument: C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\bea1cfeb4774fda6\Iridium.lnk -> C:\Program Files\Iridium\iridium.exe (The browser authors) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\Gastón.idea-PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\200ce23fec0ce6d1\Iridium.lnk -> C:\Program Files\Iridium\iridium.exe (The browser authors) -> --profile-directory=Default

==================== Módulos cargados (Lista blanca) =============

2013-01-24 19:12 - 2013-01-24 19:12 - 000033408 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\CommApi.dll
2013-01-24 19:12 - 2013-01-24 19:12 - 000203392 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\FolderViewImpl.dll
2013-01-24 19:12 - 2013-01-24 19:12 - 000034432 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\ipc.dll
2013-01-24 19:13 - 2013-01-24 19:13 - 000290944 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\ShellContextExt.dll
2013-01-24 19:13 - 2013-01-24 19:13 - 000027264 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\TCPConnection.dll
2013-01-24 19:13 - 2013-01-24 19:13 - 000113280 _____ (Qualcomm Atheros -> Qualcomm Atheros Commnucations) [Archivo no firmado] C:\Program Files (x86)\Bluetooth Suite\utils.dll

==================== Alternate Data Streams (Lista blanca) ========

(Si una entrada es incluida en el fixlist, solamente los ADS serán eliminados.)

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [127]

==================== Modo Seguro (Lista blanca) ==================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El "AlternateShell" será restaurado.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\46616265.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LmpcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\46616265.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmpcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Asociación (Lista blanca) =================

==================== Internet Explorer (Lista blanca) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ar.yahoo.com?fr=fp-comodo&type=138430100005_12.1.0.6914_i_hp
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/
HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-4206844412-3915076-1266158226-501\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-4206844412-3915076-1266158226-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://ar.search_path.yahoo.com/search_path?p={searchTerms}&fr=chr-comodo&type=138430100005_12.1.0.6914_i_ds
SearchScopes: HKU\S-1-5-21-4206844412-3915076-1266158226-1007 -> {254400EB-C42E-48D7-89F3-F0C453074118} URL = 
SearchScopes: HKU\S-1-5-21-4206844412-3915076-1266158226-501 -> {254400EB-C42E-48D7-89F3-F0C453074118} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2020-08-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-06] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-06] (Oracle America, Inc. -> Oracle Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

Addition parte 2

(Si una entrada es incluida en el fixlist, será eliminada del registro.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Hay 7863 más sitios.

IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\1-2005-search.com -> www.1-2005-search.com

Hay 12653 más sitios.

IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\1-2005-search.com -> www.1-2005-search.com

Hay 12653 más sitios.

IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\1-2005-search.com -> www.1-2005-search.com

Hay 12653 más sitios.


==================== Hosts contenido: =========================

(Si es necesario, la directiva Hosts: puede ser incluida en el fixlist para restablecer Hosts.)

2013-08-22 10:25 - 2021-02-20 18:20 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Otras Áreas ===========================

(Actualmente no existe una corrección automática para esta sección.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter;;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files (x86)\Windows Live\Shared;C:\Python27;C:\Python27\Scripts;C:\adb
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-4206844412-3915076-1266158226-501\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 10.129.132.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Ningún archivo)
Firewall de Windows está habilitado.

Network Binding:
=============
Ethernet: SoftEther Lightweight Network Protocol -> selow (enabled) 
Ethernet: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
Conexión de red Bluetooth: SoftEther Lightweight Network Protocol -> selow (enabled) 
Wi-Fi: SoftEther Lightweight Network Protocol -> selow (enabled) 
Wi-Fi: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
PdaNet Broadband Connection: SoftEther Lightweight Network Protocol -> selow (enabled) 
PdaNet Broadband Connection: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
Ethernet 2: SoftEther Lightweight Network Protocol -> selow (enabled) 
Ethernet 2: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 
VirtualBox Host-Only Network: SoftEther Lightweight Network Protocol -> selow (enabled) 
VirtualBox Host-Only Network: VirtualBox NDIS6 Bridged Networking Driver -> oracle_vboxnetlwf (enabled) 

==================== MSCONFIG/TASK MANAGER elementos deshabilitados ==

(Si una entrada es incluida en el fixlist, será eliminada.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdobeUpdateService => 2
MSCONFIG\Services: AGMService => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Autodesk Licensing Service => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: brave => 2
MSCONFIG\Services: bravem => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: CxAudMsg => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: EasyAntiCheat => 3
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LmpcService => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: NitroDriverReadSpool8 => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: SamsungUPDUtilSvc => 2
MSCONFIG\Services: TurboVPNService => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: WindscribeService => 2
MSCONFIG\Services: ZAtheros Bt and Wlan Coex Agent => 2
HKLM\...\StartupApproved\StartupFolder: => "Acelerador de inicio de AutoCAD.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "WindowsDefender"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
HKLM\...\StartupApproved\Run: => "CDAServer"
HKLM\...\StartupApproved\Run: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "mcui_exe"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKLM\...\StartupApproved\Run32: => "WindowsDefender"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\StartupFolder: => "hide.me VPN.lnk"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\StartupFolder: => "PdaNet Desktop.lnk"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\Run: => "TunnelBear"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\Run: => "STUISpeedLauncher"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-4206844412-3915076-1266158226-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\StartupApproved\Run: => "TunnelBear"
HKU\S-1-5-21-4206844412-3915076-1266158226-1007\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\StartupApproved\Run: => "TunnelBear"
HKU\S-1-5-21-4206844412-3915076-1266158226-501\...\StartupApproved\Run: => "Lync"

==================== Reglas de firewall (Lista blanca) ================

(Si una entrada es incluida en el fixlist, será eliminada del registro. El archivo no se moverá a menos que sea añadido al listado por separado.)

FirewallRules: [TCP Query User{8595EC0D-3B48-4283-BAC3-D656C56F9394}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{5AB757A8-DE5A-4B67-912C-2157DE704461}C:\program files\lghub\lghub_agent.exe] => (Block) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [{25EE24C1-1C9C-4668-BC6D-D805F0AB797D}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)

==================== Puntos de Restauración =========================

17-02-2021 10:40:59 Punto de control programado
20-02-2021 19:12:26 Punto de comprobación por HitmanPro
20-02-2021 19:13:29 Punto de comprobación por HitmanPro
20-02-2021 19:15:23 Punto de comprobación por HitmanPro
20-02-2021 19:34:51 Punto de comprobación por HitmanPro
20-02-2021 19:37:21 Punto de comprobación por HitmanPro
20-02-2021 19:45:12 Punto de comprobación por HitmanPro
22-02-2021 20:38:11 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
24-02-2021 02:27:33 ZHPcleaner
03-03-2021 22:48:51 Punto de control programado

==================== Dispositivos defectuosos en el Administrador de dispositivos ============

Name: Temporizador de eventos de alta precisión
Description: Temporizador de eventos de alta precisión
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Dispositivos de sistema estándar)
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Errores del registro de eventos: ========================

Errores de aplicación:
==================
Error: (02/24/2021 02:37:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: MBAMService.exe, versión: 3.2.0.943, marca de tiempo: 0x5fbd5689
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.19678, marca de tiempo: 0x5e82c88a
Código de excepción: 0xc0000008
Desplazamiento de errores: 0x00000000000ecf40
Identificador del proceso con errores: 0x788
Hora de inicio de la aplicación con errores: 0x01d70ad3686f3882
Ruta de acceso de la aplicación con errores: C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: efbab4bd-76c6-11eb-8486-2016d8bee72a
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (02/22/2021 08:42:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: lghub_installer.exe, versión: 2020.12.3534.0, marca de tiempo: 0x5fcebcd8
Nombre del módulo con errores: ntdll.dll, versión: 6.3.9600.19678, marca de tiempo: 0x5e82c88a
Código de excepción: 0xc000000d
Desplazamiento de errores: 0x0000000000102c20
Identificador del proceso con errores: 0x12b8
Hora de inicio de la aplicación con errores: 0x01d70973bdf289ea
Ruta de acceso de la aplicación con errores: C:\Users\Gastón.idea-PC\Desktop\lghub_installer.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: a51879f9-7567-11eb-8480-2016d8bee72a
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (02/10/2021 05:04:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: avp.exe, versión: 21.2.16.590, marca de tiempo: 0xd2b8f349
Nombre del módulo con errores: app_core_legacy.dll, versión: 30.549.0.860, marca de tiempo: 0x5f8a359a
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00094bde
Identificador del proceso con errores: 0x1c0
Hora de inicio de la aplicación con errores: 0x01d6ff835937a7fd
Ruta de acceso de la aplicación con errores: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\avp.exe
Ruta de acceso del módulo con errores: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.2\app_core_legacy.dll
Identificador del informe: 9b8c5263-6b76-11eb-8423-2016d8bee72a
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:

Error: (02/01/2021 08:41:41 AM) (Source: Perflib) (EventID: 1010) (User: )
Description: El procedimiento de recopilación para el servicio "C:\Windows\System32\winspool.drv" en el archivo DLL "Spooler" generó una excepción o devolvió un estado no válido. Los datos de rendimiento devueltos por el archivo DLL del contador no se devolverán en el bloque de datos de rendimiento. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de excepción o de estado.

Error: (02/01/2021 08:41:41 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows no puede cargar el archivo DLL del contador extensible rdyboost. Los primeros cuatro bytes (DWORD) de la sección de datos contienen el código de error de Windows.

Error: (02/01/2021 07:24:36 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (AdwCleaner_BeforeCleaning_29/01/2021_00:25:20). Información adicional: 0x80070005.

Error: (02/01/2021 06:59:30 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (JRT Pre-Junkware Removal). Información adicional: 0x80070005.

Error: (02/01/2021 06:11:17 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Error no especificado durante Restaurar sistema: (JRT Pre-Junkware Removal). Información adicional: 0x80070005.


Errores del sistema:
=============
Error: (03/04/2021 08:01:05 PM) (Source: DCOM) (EventID: 10010) (User: IDEAPC)
Description: El servidor {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} no se registró con DCOM dentro del tiempo de espera requerido.

Error: (03/04/2021 07:59:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio Intel(R) HD Graphics Control Panel Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

Error: (03/04/2021 07:59:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: El servicio Servicio Kaspersky Anti-Virus 21.3 terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 10000 milisegundos: Reiniciar el servicio.

Error: (03/04/2021 07:56:35 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: Error en la llamada ScRegSetValueExW para Start con el error siguiente: 
Acceso denegado.

Error: (03/04/2021 07:51:50 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: El controlador Bluetooth esperaba un evento HCI con un tamaño determinado pero no lo recibió.

Error: (03/04/2021 07:51:36 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado

Error: (03/04/2021 07:43:40 PM) (Source: BTHUSB) (EventID: 5) (User: )
Description: El controlador Bluetooth esperaba un evento HCI con un tamaño determinado pero no lo recibió.

Error: (03/04/2021 07:43:29 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Error en la inicialización del archivo de volcado


Windows Defender:
================
Date: 2020-09-29 22:30:36.763
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-09-28 13:29:22.210
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-09-27 06:51:24.757
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-07-21 23:57:28.659
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-12 19:35:10.506
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-05 19:37:23.783
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-04 19:55:42.033
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-03 22:21:14.859
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-04-01 05:01:15.161
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-03-29 06:14:57.224
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Event[10]:

Date: 2020-03-27 19:04:31.839
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Event[11]:

Date: 2020-03-24 20:46:09.796
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2020-10-04 21:50:02.952
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {2BD98CA3-3F05-4A69-83D1-43C01B599CD2}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-10-02 11:02:17.873
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {847310EB-F7EA-4EEB-A253-C6DCD96EBCAF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-09-30 22:01:35.340
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {E1A749B4-3B8F-485C-AD42-E5E4D041E3AB}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-09-30 03:00:48.780
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {7EB62FEA-086A-4692-BBCD-2F1D067CD06D}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-09-30 01:29:53.090
Description: 
El examen de Windows Defender se detuvo antes de completarse.
Id. de examen: {0091D587-A2BF-4EA9-A94C-C0BE32E20631}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM

Date: 2020-09-27 00:32:07.633
Description: 
Windows Defender encontró un error al intentar cargar firmas e intentará revertirlas a un conjunto de firmas conocidas.
Firmas intentadas: Actual
Código de error: 0x80070002
Descripción del error: El sistema no puede encontrar el archivo especificado. 
Versión de firma: 0.0.0.0;0.0.0.0
Versión de motor: 0.0.0.0

Date: 2020-07-21 21:59:24.036
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.313.1456.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16900.4
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2020-04-13 21:52:26.118
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.313.856.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16900.4
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2020-04-05 23:47:00.261
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.313.211.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16900.4
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

Date: 2020-03-27 21:34:28.884
Description: 
Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.311.1622.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.16800.2
Código de error: 0x80070422
Descripción del error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él. 

==================== Información de la memoria =========================== 

BIOS: LENOVO 5ECN95WW(V9.00) 12/19/2012
Placa base: LENOVO INVALID
Procesador: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Porcentaje de memoria en uso: 13%
RAM física total: 8057.77 MB
RAM física disponible: 6934.14 MB
Virtual total: 8057.77 MB
Virtual disponible: 6746.46 MB

==================== Unidades ================================

Drive c: (Windows8_OS) (Fixed) (Total:650.86 GB) (Free:434.78 GB) NTFS ==>[sistema con componentes de arranque (obtenido de unidad)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:19.07 GB) NTFS

\\?\Volume{7bd11e14-143d-476c-8bbf-561493cebe3c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.65 GB) NTFS
\\?\Volume{eba66397-d88a-473c-b213-8e2e62d3520b}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{efd4189c-d2ed-48d6-b668-a86d2592e284}\ (PBR_DRV) (Fixed) (Total:20 GB) (Free:10.93 GB) NTFS

==================== MBR & Tabla de particiones ====================

==========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 3D63DBBB)

Partition: GPT.

==================== Final de Addition.txt =======================

:zero: Veo restos de:

  • Avira
  • AVAST
  • AVG
  • McAfee
  • COMODO

¿Los has tenido instalados en un pasado en tu máquina todos estos? Dime uno por uno SI o NO y que acabo pasando con cada uno de ellos.

¿Tu antivirus actual es kaspersky? Por lo que veo. Todo y que dijiste que era AVG :thinking: :thinking: :thinking: Dime cuál es.

Sube este fichero: C:\Users\Gastón.idea-PC\Desktop\kv1pvqjq.exe a VIRUSTOTAL y me traes el correspondiente enlace del análisis. Todo y que creo lo que es, pero quiero estar seguro.

:one: Desinstalas con Revo Uninstaller (MANUAL) en su Modo Avanzado:

  1. Spybot - Search & Destroy 2
  2. Tweaking. com - Windows Repair

Reinicias el ordenador en Modo Normal.

:two: Ahora debes de hacer una COPIA DE SEGURIDAD DEL REGISTRO, para ello:

  • Descargas DelFix en tu escritorio.

  • Doble clic para ejecutarlo. (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador)

  • Marcas solamente la casilla de Create registry backup, el resto te aseguras de que no estén seleccionadas.

  • Presionas en Run.

Se abrirá el informe (DelFix.txt), puedes cerrarlo. Pero lo guardas por si en el futuro te lo pido/hace falta.

Seguidamente, CIERRAS TODOS LOS PROGRAMAS, vas a Inicio >> Ejecutar y escribes Notepad.exe

  • Ahora debes copiar y pegar los códigos/líneas que están en el interior del recuadro de más abajo, dentro del Notepad.
Start::
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restricción <==== ATENCIÓN
Policies: C:\ProgramData\NTUSER.pol: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restricción <==== ATENCIÓN
HKLM\SOFTWARE\Policies\Google: Restricción <==== ATENCIÓN
Task: {C9DCF59E-6B97-4C0C-8641-B8261089C8CA} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {DB21EF32-6BA9-4118-BBC1-BC4FF48961E5} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\FFExt\light_plugin_firefox\addon.xpi => no encontrado
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [Ningún archivo]
U4 amdlog; no ImagePath
U4 autotimesvc; no ImagePath
U4 BcastDVRUserService; no ImagePath
U2 camsvc; no ImagePath
U4 CaptureService; no ImagePath
U2 cbdhsvc; no ImagePath
U4 CDPUserSvc; no ImagePath
U2 ConsentUxUserSvc; no ImagePath
U4 CscService; no ImagePath
U2 DeviceAssociationBrokerSvc; no ImagePath
U2 DevicePickerUserSvc; no ImagePath
U2 DevicesFlowUserSvc; no ImagePath
U4 diagnosticshub.standardcollector.service; no ImagePath
U4 diagsvc; no ImagePath
U4 dmwappushservice; no ImagePath
U4 dmwappushsvc; no ImagePath
U4 DsSvc; no ImagePath
U4 DusmSvc; no ImagePath
U4 edgeupdate; no ImagePath
U4 edgeupdatem; no ImagePath
U4 FrameServer; no ImagePath
U4 icssvc; no ImagePath
U4 IpxlatCfgSvc; no ImagePath
R4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
U4 MapsBroker; no ImagePath
U4 MessagingService; no ImagePath
U4 MicrosoftEdgeElevationService; no ImagePath
U4 NfsClnt; no ImagePath
U4 NvTelemetryContainer; no ImagePath
U4 perceptionsimulation; no ImagePath
U4 PhoneSvc; no ImagePath
U4 PimIndexMaintenanceSvc; no ImagePath
U4 RetailDemo; no ImagePath
U4 RmSvc; no ImagePath
U4 SEMgrSvc; no ImagePath
U4 SensorDataService; no ImagePath
U4 SensorService; no ImagePath
U4 SharedRealitySvc; no ImagePath
U4 shpamsvc; no ImagePath
U4 ssh-agent; no ImagePath
U4 TroubleshootingSvc; no ImagePath
U4 tzautoupdate; no ImagePath
U2 UnistoreSvc; no ImagePath
U4 UserDataSvc; no ImagePath
S3 WinRing0_1_2_0; \??\C:\Users\Gastón.idea-PC\AppData\Local\Temp\tmpDD75.tmp [X] <==== ATENCIÓN
U4 wisvc; no ImagePath
U4 WpcMonSvc; no ImagePath
ContextMenuHandlers1: [Atheros] -> [CC]{B8952421-0E55-400B-94A6-FA858FC0A39F} =>  -> Ningún archivo
ContextMenuHandlers1: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers3: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers4: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Ningún archivo
ContextMenuHandlers6: [SmartGameBoosterMenu] -> {96C86AD1-055D-457D-9C00-0D4A91ECF1B4} =>  -> Ningún archivo
ContextMenuHandlers6: [SugarSync] -> [CC]{305BC11B-5175-492B-B569-866547FCDA40} =>  -> Ningún archivo
AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57} [26]
AlternateDataStreams: C:\ProgramData\Temp:890CC2F3 [127]

CMD: ipconfig /flushdns
CMD: ipconfig /renew
CMD: bitsadmin /reset /allusers
CMD: netsh winsock reset
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
RemoveProxy:
EmptyTemp:
Hosts:
End::

Lo guardas con el nombre de FIXLIST.TXT en tu escritorio (MUY IMPORTANTE). Pues en caso contrario no funcionará el SCRIPT, ambos ficheros (FRST.exe y FIXLIST.TXT ) y deben de estar en la ubicación del ESCRITORIO.

:warning: El anterior Script de reparación es personalizado para la máquina en concreto para la cual se fabricó y está hecho específicamente por un miembro del Staff. Si se tiene un problema parecido, por favor abra su propio tema para recibir ayuda personalizada y específica. Utilizar Scripts de otros Sistemas puede causar daños graves en su ordenador.

Finalmente, inicia de nuevo el equipo desde el :arrow_forward: Modo Seguro haces el siguiente 2º MÉTODO.

  1. Ejecutas nuevamente FRST.exe (Si usas Windows Vista/7/8 o 10 presiona clic derecho y selecciona - Ejecutar como Administrador).

  2. Presionas sobre Fix/Corregir y esperas a que finalice el proceso. No hagas nada con el PC mientras este realizando dichas reparaciones, incluso si parece ser que se ha quedado colgado. No lo toques y esperas.

  3. Cunado finalice, en el ESCRITORIO se creará el fichero FIXLOG.TXT lo traes en tu próxima respuesta.

  4. Reinicias el ordenador en Modo Normal compruebas durante un rato el funcionamiento de este y comentas como sigue el problema inicialmente planteado.

:warning: Muy Importante :warning: Coloca el reporte que te he pedido como se muestra en la siguiente imagen:

Salu2.