Ir para conteúdo
Marcio_B_Alves

Solicitação de análise de logs

Mensagem Recomendada

Bom Dia a Todos

Depois de uma (longa) ausência estou de volta e com virus no laptop.

Já fiz todos os procedimentos solicitados no Tópico Oficial.

De há uns dias para cá tou notando o laptop cada vez mais lento. 
Após análises de CCleaner e do Mbam noto que a lentidão continua, pelo que peço humildemente a vossa ajuda.

Segue o meu Log para exame

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:16:52, on 12/08/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Users\Márcio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe
C:\Users\Márcio\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
C:\Users\Márcio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com/?PC=ASJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com/?PC=ASJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.1.9.384\ASUSWSLoader.exe
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKLM\..\Run: [ProductUpdater] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Márcio\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Márcio\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKCU\..\Run: [RLinkToolbox.exe] C:\Program Files (x86)\RLinkToolbox 3\RLinkToolbox.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\Márcio\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [Epic Privacy Browser Installer] "C:\Users\Márcio\AppData\Local\Epic Privacy Browser\Installer\EpicUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: SafeKey Fill Forms - file://C:\Users\Márcio\AppData\LocalLow\SafeKey\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{10673326-f0e4-4bdf-b066-6f0da5808806}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{10673326-f0e4-4bdf-b066-6f0da5808806}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - ASUS Cloud Corporation - C:\Program Files (x86)\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem93.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13734 bytes



Cumprimentos a todos desde a Suíça

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Marcio_B_Alves! Baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)

Primeiramente Muito Obrigado pela sua rápida ajuda.

Seguem os Logs:


	MBRScan v1.1.1









	OS             : Windows 8  (64 bit)

	PROCESSOR      : Intel64 Family 6 Model 60 Stepping 3, GenuineIntel

	BOOT           : Normal Boot

	DATE           : 2017/08/12 (ISO 8601) at 12:05:31

	________________________________________________________________________________









	DISK           : Device\Harddisk0\DR0 __ST1000LM024 HN-M101MBB (2BA30001)

	BUS_TYPE       : (0x0B)  S-ATA

	USE_PIO        : YES

	MAX_TRANSFER   : 128 Kb

	ALIGNMENT_MASK : word aligned

	________________________________________________________________________________









	Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> Unknown MBR Code...









	MBR_MD5   : A959A23ED916ADDD6D1290877C682D7E

	MBR_SHA1  : 406E784BDF8B51002A1BF2DCEB7DB918C0B003FE









	Device\Harddisk0\Partition1    2.00 To      0xEE EFI GPT[1] 

	________________________________________________________________________________









	############################### Additional scan ################################









	DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk

	ADDRESS : 0x2E08F000

	SIZE    : 8.54 Mo









	DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk

	ADDRESS : 0x2E013000

	SIZE    : 496.0 Ko









	DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk

	ADDRESS : 0x2EA00000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk

	ADDRESS : 0x34630000

	SIZE    : 568.0 Ko









	DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk

	ADDRESS : 0x346C0000

	SIZE    : 380.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ksecdd.sys => Invisible on the disk

	ADDRESS : 0x34720000

	SIZE    : 164.0 Ko









	DRIVER  : C:\Windows\System32\drivers\werkernel.sys => Invisible on the disk

	ADDRESS : 0x34750000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk

	ADDRESS : 0x34770000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk

	ADDRESS : 0x33A00000

	SIZE    : 148.0 Ko









	DRIVER  : C:\Windows\System32\drivers\FLTMGR.SYS => Invisible on the disk

	ADDRESS : 0x33A60000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\drivers\clipsp.sys => Invisible on the disk

	ADDRESS : 0x33AD0000

	SIZE    : 896.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cmimcext.sys => Invisible on the disk

	ADDRESS : 0x33BB0000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ntosext.sys => Invisible on the disk

	ADDRESS : 0x33BC0000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk

	ADDRESS : 0x33BD0000

	SIZE    : 672.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cng.sys => Invisible on the disk

	ADDRESS : 0x33C80000

	SIZE    : 648.0 Ko









	DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk

	ADDRESS : 0x33D30000

	SIZE    : 888.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk

	ADDRESS : 0x33E10000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\drivers\SleepStudyHelper.sys => Invisible on the disk

	ADDRESS : 0x33E30000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk

	ADDRESS : 0x33E40000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk

	ADDRESS : 0x33E70000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk

	ADDRESS : 0x33E80000

	SIZE    : 732.0 Ko









	DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk

	ADDRESS : 0x33F40000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\intelpep.sys => Invisible on the disk

	ADDRESS : 0x33F60000

	SIZE    : 92.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WindowsTrustedRT.sys => Invisible on the disk

	ADDRESS : 0x33F80000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys => Invisible on the disk

	ADDRESS : 0x33FA0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk

	ADDRESS : 0x33FB0000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk

	ADDRESS : 0x33FD0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk

	ADDRESS : 0x33FE0000

	SIZE    : 364.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk

	ADDRESS : 0x34040000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk

	ADDRESS : 0x34060000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\system32\drivers\CEA.sys => Invisible on the disk

	ADDRESS : 0x34090000

	SIZE    : 96.0 Ko









	DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk

	ADDRESS : 0x340B0000

	SIZE    : 172.0 Ko









	DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk

	ADDRESS : 0x340E0000

	SIZE    : 592.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk

	ADDRESS : 0x34180000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk

	ADDRESS : 0x341A0000

	SIZE    : 376.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk

	ADDRESS : 0x34200000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\iaStorA.sys => Invisible on the disk

	ADDRESS : 0x35570000

	SIZE    : 5.46 Mo









	DRIVER  : C:\Windows\System32\drivers\storport.sys => Invisible on the disk

	ADDRESS : 0x35AF0000

	SIZE    : 552.0 Ko









	DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk

	ADDRESS : 0x35B80000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk

	ADDRESS : 0x35BA0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Wof.sys => Invisible on the disk

	ADDRESS : 0x35BC0000

	SIZE    : 236.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WdFilter.sys => Invisible on the disk

	ADDRESS : 0x34800000

	SIZE    : 312.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\NTFS.sys => Invisible on the disk

	ADDRESS : 0x34850000

	SIZE    : 2.26 Mo









	DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk

	ADDRESS : 0x34AA0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk

	ADDRESS : 0x34AB0000

	SIZE    : 1.21 Mo









	DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk

	ADDRESS : 0x34BF0000

	SIZE    : 532.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk

	ADDRESS : 0x34C80000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk

	ADDRESS : 0x34CB0000

	SIZE    : 2.61 Mo









	DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk

	ADDRESS : 0x34F50000

	SIZE    : 424.0 Ko









	DRIVER  : C:\Windows\System32\drivers\wfplwfs.sys => Invisible on the disk

	ADDRESS : 0x34FC0000

	SIZE    : 176.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk

	ADDRESS : 0x34FF0000

	SIZE    : 728.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volume.sys => Invisible on the disk

	ADDRESS : 0x350B0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk

	ADDRESS : 0x350C0000

	SIZE    : 400.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk

	ADDRESS : 0x35130000

	SIZE    : 304.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk

	ADDRESS : 0x35180000

	SIZE    : 144.0 Ko









	DRIVER  : C:\Windows\system32\drivers\iorate.sys => Invisible on the disk

	ADDRESS : 0x351B0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk

	ADDRESS : 0x351E0000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk

	ADDRESS : 0x35200000

	SIZE    : 404.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk

	ADDRESS : 0x35290000

	SIZE    : 108.0 Ko









	DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk

	ADDRESS : 0x35E00000

	SIZE    : 184.0 Ko









	DRIVER  : C:\Windows\system32\drivers\filecrypt.sys => Invisible on the disk

	ADDRESS : 0x36C10000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\system32\drivers\tbs.sys => Invisible on the disk

	ADDRESS : 0x363F0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk

	ADDRESS : 0x36C30000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk

	ADDRESS : 0x36C40000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk

	ADDRESS : 0x36C50000

	SIZE    : 84.0 Ko









	DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk

	ADDRESS : 0x36C70000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk

	ADDRESS : 0x36400000

	SIZE    : 2.35 Mo









	DRIVER  : C:\Windows\System32\drivers\vmbkmclr.sys => Invisible on the disk

	ADDRESS : 0x36660000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk

	ADDRESS : 0x36680000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk

	ADDRESS : 0x36C90000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk

	ADDRESS : 0x36CB0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk

	ADDRESS : 0x36CC0000

	SIZE    : 136.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk

	ADDRESS : 0x36CF0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk

	ADDRESS : 0x36D00000

	SIZE    : 328.0 Ko









	DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk

	ADDRESS : 0x36D60000

	SIZE    : 620.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vwififlt.sys => Invisible on the disk

	ADDRESS : 0x352D0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\drivers\pacer.sys => Invisible on the disk

	ADDRESS : 0x352F0000

	SIZE    : 164.0 Ko









	DRIVER  : C:\Windows\system32\drivers\netbios.sys => Invisible on the disk

	ADDRESS : 0x35320000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk

	ADDRESS : 0x35340000

	SIZE    : 468.0 Ko









	DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk

	ADDRESS : 0x353C0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk

	ADDRESS : 0x353E0000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk

	ADDRESS : 0x353F0000

	SIZE    : 64.0 Ko









	DRIVER  : C:\Windows\System32\drivers\gpuenergydrv.sys => Invisible on the disk

	ADDRESS : 0x35420000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk

	ADDRESS : 0x35430000

	SIZE    : 172.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\ahcache.sys => Invisible on the disk

	ADDRESS : 0x35490000

	SIZE    : 260.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kdnic.sys => Invisible on the disk

	ADDRESS : 0x35500000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk

	ADDRESS : 0x35510000

	SIZE    : 84.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CAD.sys => Invisible on the disk

	ADDRESS : 0x35530000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk

	ADDRESS : 0x37C00000

	SIZE    : 7.76 Mo









	DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk

	ADDRESS : 0x383D0000

	SIZE    : 116.0 Ko









	DRIVER  : C:\Windows\System32\drivers\portcls.sys => Invisible on the disk

	ADDRESS : 0x383F0000

	SIZE    : 396.0 Ko









	DRIVER  : C:\Windows\System32\drivers\drmk.sys => Invisible on the disk

	ADDRESS : 0x38460000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ks.sys => Invisible on the disk

	ADDRESS : 0x38490000

	SIZE    : 412.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\AiCharger.sys => Invisible on the disk

	ADDRESS : 0x38500000

	SIZE    : 12.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBXHCI.SYS => Invisible on the disk

	ADDRESS : 0x38510000

	SIZE    : 400.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ucx01000.sys => Invisible on the disk

	ADDRESS : 0x38580000

	SIZE    : 228.0 Ko









	DRIVER  : C:\Windows\System32\drivers\TeeDriverW8x64.sys => Invisible on the disk

	ADDRESS : 0x385C0000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk

	ADDRESS : 0x385F0000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk

	ADDRESS : 0x38610000

	SIZE    : 476.0 Ko









	DRIVER  : C:\Windows\System32\drivers\Netwbw02.sys => Invisible on the disk

	ADDRESS : 0x34220000

	SIZE    : 3.55 Mo









	DRIVER  : C:\Windows\System32\drivers\vwifibus.sys => Invisible on the disk

	ADDRESS : 0x38690000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rt640x64.sys => Invisible on the disk

	ADDRESS : 0x386A0000

	SIZE    : 920.0 Ko









	DRIVER  : C:\Windows\System32\drivers\i8042prt.sys => Invisible on the disk

	ADDRESS : 0x38790000

	SIZE    : 136.0 Ko









	DRIVER  : C:\Windows\System32\drivers\AsusTP.sys => Invisible on the disk

	ADDRESS : 0x39530000

	SIZE    : 380.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk

	ADDRESS : 0x39590000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kbfiltr.sys => Invisible on the disk

	ADDRESS : 0x395B0000

	SIZE    : 32.0 Ko









	DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk

	ADDRESS : 0x395C0000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys => Invisible on the disk

	ADDRESS : 0x395E0000

	SIZE    : 28.0 Ko









	DRIVER  : C:\Windows\System32\drivers\ETDSMBus.sys => Invisible on the disk

	ADDRESS : 0x395F0000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\System32\drivers\CmBatt.sys => Invisible on the disk

	ADDRESS : 0x35550000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BATTC.SYS => Invisible on the disk

	ADDRESS : 0x35560000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk

	ADDRESS : 0x351D0000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\intelppm.sys => Invisible on the disk

	ADDRESS : 0x345B0000

	SIZE    : 224.0 Ko









	DRIVER  : C:\Windows\System32\drivers\AsHIDSwitch64.sys => Invisible on the disk

	ADDRESS : 0x35460000

	SIZE    : 36.0 Ko









	DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk

	ADDRESS : 0x345F0000

	SIZE    : 204.0 Ko









	DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk

	ADDRESS : 0x347E0000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\system32\drivers\nvvad64v.sys => Invisible on the disk

	ADDRESS : 0x35470000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk

	ADDRESS : 0x33F50000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk

	ADDRESS : 0x37120000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk

	ADDRESS : 0x37130000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\iwdbus.sys => Invisible on the disk

	ADDRESS : 0x37140000

	SIZE    : 48.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk

	ADDRESS : 0x37150000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk

	ADDRESS : 0x37160000

	SIZE    : 520.0 Ko









	DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk

	ADDRESS : 0x371F0000

	SIZE    : 56.0 Ko









	DRIVER  : C:\Windows\System32\drivers\UsbHub3.sys => Invisible on the disk

	ADDRESS : 0x36E80000

	SIZE    : 560.0 Ko









	DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk

	ADDRESS : 0x3A3C0000

	SIZE    : 3.63 Mo









	DRIVER  : C:\Windows\System32\drivers\hidusb.sys => Invisible on the disk

	ADDRESS : 0x3A770000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mouhid.sys => Invisible on the disk

	ADDRESS : 0x3A790000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\ibtusb.sys => Invisible on the disk

	ADDRESS : 0x3A7A0000

	SIZE    : 216.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BTHUSB.sys => Invisible on the disk

	ADDRESS : 0x3A7E0000

	SIZE    : 112.0 Ko









	DRIVER  : C:\Windows\System32\drivers\bthport.sys => Invisible on the disk

	ADDRESS : 0x39600000

	SIZE    : 988.0 Ko









	DRIVER  : C:\Windows\system32\Drivers\RtsUer.sys => Invisible on the disk

	ADDRESS : 0x39700000

	SIZE    : 412.0 Ko









	DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk

	ADDRESS : 0x39770000

	SIZE    : 196.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk

	ADDRESS : 0x397B0000

	SIZE    : 292.0 Ko









	DRIVER  : C:\Windows\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys => Invisible on the disk

	ADDRESS : 0x39800000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rfcomm.sys => Invisible on the disk

	ADDRESS : 0x39820000

	SIZE    : 204.0 Ko









	DRIVER  : C:\Windows\System32\drivers\BthEnum.sys => Invisible on the disk

	ADDRESS : 0x39860000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\bthpan.sys => Invisible on the disk

	ADDRESS : 0x39890000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk

	ADDRESS : 0x398C0000

	SIZE    : 368.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk

	ADDRESS : 0x39930000

	SIZE    : 60.0 Ko









	DRIVER  : C:\Windows\System32\Drivers\dump_iaStorA.sys => Invisible on the disk

	ADDRESS : 0x35E30000

	SIZE    : 5.46 Mo









	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk

	ADDRESS : 0x39EE0000

	SIZE    : 116.0 Ko









	DRIVER  : C:\Windows\System32\win32kbase.sys => Invisible on the disk

	ADDRESS : 0xAC3A0000

	SIZE    : 2.02 Mo









	DRIVER  : C:\Windows\System32\drivers\dxgmms2.sys => Invisible on the disk

	ADDRESS : 0x3A110000

	SIZE    : 716.0 Ko









	DRIVER  : C:\Windows\System32\drivers\monitor.sys => Invisible on the disk

	ADDRESS : 0x3A1D0000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk

	ADDRESS : 0xAC5C0000

	SIZE    : 40.0 Ko









	DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk

	ADDRESS : 0x3A1F0000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\system32\drivers\wcifs.sys => Invisible on the disk

	ADDRESS : 0x3A220000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\system32\drivers\storqosflt.sys => Invisible on the disk

	ADDRESS : 0x3A260000

	SIZE    : 100.0 Ko









	DRIVER  : C:\Windows\System32\drivers\registry.sys => Invisible on the disk

	ADDRESS : 0x3A280000

	SIZE    : 44.0 Ko









	DRIVER  : C:\Windows\system32\drivers\mmcss.sys => Invisible on the disk

	ADDRESS : 0x3A290000

	SIZE    : 80.0 Ko









	DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk

	ADDRESS : 0x39F00000

	SIZE    : 1.08 Mo









	DRIVER  : C:\Windows\system32\drivers\lltdio.sys => Invisible on the disk

	ADDRESS : 0x3A020000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\system32\drivers\mslldp.sys => Invisible on the disk

	ADDRESS : 0x3A040000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\system32\drivers\rspndr.sys => Invisible on the disk

	ADDRESS : 0x3A060000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\wanarp.sys => Invisible on the disk

	ADDRESS : 0x3A080000

	SIZE    : 108.0 Ko









	DRIVER  : C:\Windows\system32\drivers\ndisuio.sys => Invisible on the disk

	ADDRESS : 0x3A0A0000

	SIZE    : 88.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk

	ADDRESS : 0x3A2B0000

	SIZE    : 556.0 Ko









	DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk

	ADDRESS : 0x3A350000

	SIZE    : 120.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk

	ADDRESS : 0x3A370000

	SIZE    : 132.0 Ko









	DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk

	ADDRESS : 0x3A3A0000

	SIZE    : 104.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk

	ADDRESS : 0x36F10000

	SIZE    : 492.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk

	ADDRESS : 0x3A0C0000

	SIZE    : 244.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk

	ADDRESS : 0x36F90000

	SIZE    : 280.0 Ko









	DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk

	ADDRESS : 0x36FE0000

	SIZE    : 792.0 Ko









	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk

	ADDRESS : 0x370B0000

	SIZE    : 312.0 Ko









	DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk

	ADDRESS : 0x36E00000

	SIZE    : 152.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk

	ADDRESS : 0x36E30000

	SIZE    : 76.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk

	ADDRESS : 0x36690000

	SIZE    : 736.0 Ko









	DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk

	ADDRESS : 0x36750000

	SIZE    : 564.0 Ko









	DRIVER  : C:\Windows\System32\drivers\vwifimp.sys => Invisible on the disk

	ADDRESS : 0x36E50000

	SIZE    : 68.0 Ko









	DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk

	ADDRESS : 0x37100000

	SIZE    : 72.0 Ko









	DRIVER  : C:\Windows\System32\drivers\tunnel.sys => Invisible on the disk

	ADDRESS : 0x363B0000

	SIZE    : 192.0 Ko









	DRIVER  : C:\Windows\system32\Drivers\WdNisDrv.sys => Invisible on the disk

	ADDRESS : 0x367E0000

	SIZE    : 140.0 Ko









	DRIVER  : C:\Windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk

	ADDRESS : 0x363E0000

	SIZE    : 52.0 Ko









	DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk

	ADDRESS : 0xAC640000

	SIZE    : 260.0 Ko









	BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)









	SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA









	________________________________________________________________________________









	_______MBR   \Device\Harddisk0\DR0  









	0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001B0   00 00 00 00 00 00 00 00 21 D8 B5 76 00 00 00 00   ........!صv....

	0x000001C0   02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00   ..î.............

	0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................

	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

	



O Outro:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Márcio (administrator) on 12-08-2017 at 12:07:03
Running from "C:\Users\Márcio\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Editado por Marcio_B_Alves

faltou um log

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o ZHPCleaner e salve no desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluído a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Xerlouco Roums

Segue o Log:

 

~ ZHPCleaner v2017.8.13.139 by Nicolas Coolman (2017/08/13)
~ Run by Márcio (Administrator)  (13/08/2017 10:22:52)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Márcio\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Márcio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 15063)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (3)
MOVIDO arquivo: C:\ProgramData\22a2f0b0000065a8  =>Adware.CrossRider
MOVIDO arquivo: C:\Program Files (x86)\QuickTime  =>Riskware.QuickTime
MOVIDO arquivo: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime  =>Riskware.QuickTime


---\\  Registro ( Chaves, Valores, Dados ) (4)
SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-1209883281-597615554-778349054-1002\SOFTWARE\Magicbit []  =>.SUP.Magicbit
SUPRIMIDO chave: HKCU\Software\Magicbit []  =>.SUP.Magicbit
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\StrongSignal []  =>PUP.Optional.StrongSignal
SUPRIMIDO valor: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime]  =>Riskware.QuickTime


---\\  Resumo dos elementos encontrados na sua estação de trabalho (4)
https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/  =>Adware.CrossRider
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Magicbit
https://www.nicolascoolman.com/fr/pup-optional-strongsignal  =>PUP.Optional.StrongSignal


---\\  Dodatkowe oczyszczenie. (17)
~ Chave de registro Tracing Supprimido (17)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 593
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 7


~ End of clean in 00h00mn22s
~====================
ZHPCleaner-[R]-13082017-10_23_14.txt
ZHPCleaner--13082017-10_21_41.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu AntiVirus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu desktop.

Dê um duplo clique no seu ícone no desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Hide advanced settings e marque:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats.
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Copie e cole o conteúdo em sua próxima resposta.
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o Log:
C:\$Recycle.Bin\S-1-5-21-1209883281-597615554-778349054-1002\$RF48AI2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\SANDRA\LR\UmmyVD-Web-Loader-[130-yt-2xhnWjZiFfY].exe    a variant of Win32/Magicbit.D potentially unwanted application    cleaned by deleting
D:\SANDRA\LR\UmmyVD-Web-Loader-[130-yt-zhnLZKMA91U].exe    a variant of Win32/Magicbit.D potentially unwanted application    cleaned by deleting
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, por favor, siga estas instruções:

1 - Atualize o Malwarebytes' Anti-Malware (MBAM)

  • Ao final da atualização, no painel à esquerda, clique em Configurações. Na aba Proteção, ative Procurar rootkits;
  • Depois, no painel à esquerda, clique em Análise. Em seguida, clique no botão Iniciar Análise;
  • Começará então o exame. Aguarde, pois pode demorar. Ao terminar, uma janela irá se abrir próximo ao relógio;
  • Nela, clique em Ver Resultado. Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • O log é automaticamente salvo pelo MBAM. Para exportá-lo, clique  na aba Relatórios -> Registro de aplicativos na janela principal do programa após a desinfecção ter sido realizada;
  • Clique duas vezes em cima do log mais atual e exporte em .TXT;
  • Selecione, copie e cole todo o conteúdo deste log em sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.
 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos durante a execução das ferramentas abaixo.


2 - Baixe o AdwCleaner e salve no desktop.

http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


3 - Baixe o JRT e salve no desktop.

http://downloads.malwarebytes.org/file/jrt

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem os 3 Logs:

1) 

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da Verificação: 14/08/2017
Hora da Verificação: 22:27
Ficheiro de Relatório: mbam.txt
Administrador: Sim

Versão: 2.2.1.1043
Base de Dados de Malware: v2017.08.14.08
Base de dados de Rootkits: v2017.08.02.01
Licença: Grátis
Proteção contra Malware: Desativado
Proteção contra Websites Maliciosos: Desativado
Autoproteção: Desativado

SO: Windows 10
CPU: x64
Sistema de Ficheiros: NTFS
Utilizador: Márcio

Tipo de Verificação: Verificação de Ameaças
Resultado: Concluída
Objetos Verificados: 308952
Tempo Decorrido: 22 min, 35 s

Memória: Ativado
Arranque: Ativado
Sistema de Ficheiros: Ativado
Arquivos: Ativado
Rootkits: Ativado
Heurísticos: Ativado
PPI: Ativado
MPI: Ativado

Processos: 0
(Nenhum item malicioso detetado)

Módulos: 0
(Nenhum item malicioso detetado)

Chaves de Registo: 0
(Nenhum item malicioso detetado)

Valores de Registo: 0
(Nenhum item malicioso detetado)

Dados de Registo: 0
(Nenhum item malicioso detetado)

Pastas: 0
(Nenhum item malicioso detetado)

Ficheiros: 0
(Nenhum item malicioso detetado)

Sectores Físicos: 0
(Nenhum item malicioso detetado)


(end)

 

2)

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 14 20:55:45 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 08-11-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\Program Files (x86)\Common Files\freemake shared
PUP.Adware.Heuristic, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
PUP.Adware.Heuristic, C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
PUP.Adware.Heuristic, C:\ProgramData\{c664f1a9-be63-bb49-c664-4f1a9be6c6a6}


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

3)

# AdwCleaner 7.0.1.0 - Logfile created on Mon Aug 14 20:57:37 2017
# Updated on 2017/05/08 by Malwarebytes 
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files (x86)\Common Files\freemake shared
Deleted: C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Deleted: C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
Deleted: C:\ProgramData\{c664f1a9-be63-bb49-c664-4f1a9be6c6a6}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1266 B] - [2017/8/14 20:55:45]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

ups.....

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64 
Ran by M rcio (Administrator) on 14/08/2017 at 23:03:42,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 2 

Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (M rcio) (Task)

Registry: 1 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/08/2017 at 23:06:54,80
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe Farbar Recovery Scan Tool 64-Bit (FRST64) e salve na sua área de trabalho.

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Selecione, copie e cole o conteúdo destes 2 logs em sua próxima resposta.

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

×