Ir para conteúdo

BABOO e KTS 2018 no YouTube Loja online do BABOO

Mensagem Recomendada

os sintomas são o seguinte, demora na inicialização, inicia mas demora muito pra carregar a barra de tarefas e mais ainda os programas que iniciam junto com o Windows 10, o panda free e o malwarebites. Eles iniciam mas demoram muito, já o IDM nem inicia mais. Outro sintoma é que eu não consigo pesquisar nada no iniciar, e nem escrever, tentei mudar o nome de um bloco pra testar e não consegui. Fora isso o PC ta normal. Eu escaneei com o panda, o malwarebites e com o superantispyware, todos encontraram ameaças, pup, adware, malware, mas o problema ainda continua, o que q eu faço?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postado (editado)

já segui  todos os procedimentos especificados (os detalhes do problema já mencionei lá em cima)  e aí segue o log para o exame:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:04:21, on 18/10/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.15063.0608)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Users\Vila Barroló\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Run: [Autodesk Desktop App] "C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe" -tray
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Windows] C:\Windows\Windows.vbs
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{42590770-52a7-4c97-8e6c-c5afb492f2c3}: NameServer = 8.8.8.8,8.8.4.4,192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{f85180e3-2321-488f-8972-b127d87a3925}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{42590770-52A7-4C97-8E6C-C5AFB492F2C3}: NameServer = 8.8.8.8,8.8.4.4,192.168.0.1
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Autodesk Desktop App Service (AdAppMgrSvc) - Autodesk Inc. - C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10685 bytes
 

Editado por abel

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Beleza, aí o primeiro:

 

MBRScan v1.1.1
	OS             : Windows 8  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 5, GenuineIntel
BOOT           : Normal Boot
DATE           : 2017/10/18 (ISO 8601) at 13:49:57
________________________________________________________________________________
	DISK           : Device\Harddisk0\DR0 __ST1000DM003-1CH162 (CC47)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
	Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> 7 MBR Code
	MBR_MD5   : E86719A589CFD1E80ACA3516AC9F03A7
MBR_SHA1  : FAEB2779AE64615503E10BB1135C18FFD8A95C2B
	Device\Harddisk0\Partition1    750.0 Go      0x07 NTFS / HPFS
Device\Harddisk0\Partition2    181.1 Go      0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3    450.0 Mo      0x27 RE Hidden partition 
________________________________________________________________________________
	############################### Additional scan ################################
	DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0x03A1D000
SIZE    : 8.54 Mo
	DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x042A6000
SIZE    : 496.0 Ko
	DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk
ADDRESS : 0x04400000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0xAD920000
SIZE    : 568.0 Ko
	DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0xAD800000
SIZE    : 380.0 Ko
	DRIVER  : C:\Windows\System32\drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0xAD860000
SIZE    : 164.0 Ko
	DRIVER  : C:\Windows\System32\drivers\werkernel.sys => Invisible on the disk
ADDRESS : 0xAD890000
SIZE    : 68.0 Ko
	DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0xAD8B0000
SIZE    : 404.0 Ko
	DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0xAD9B0000
SIZE    : 148.0 Ko
	DRIVER  : C:\Windows\System32\drivers\FLTMGR.SYS => Invisible on the disk
ADDRESS : 0xADA00000
SIZE    : 404.0 Ko
	DRIVER  : C:\Windows\System32\drivers\clipsp.sys => Invisible on the disk
ADDRESS : 0xADA70000
SIZE    : 896.0 Ko
	DRIVER  : C:\Windows\System32\drivers\cmimcext.sys => Invisible on the disk
ADDRESS : 0xADB50000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\System32\drivers\ntosext.sys => Invisible on the disk
ADDRESS : 0xADB60000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0xADB70000
SIZE    : 672.0 Ko
	DRIVER  : C:\Windows\System32\drivers\cng.sys => Invisible on the disk
ADDRESS : 0xADC20000
SIZE    : 648.0 Ko
	DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0xADCD0000
SIZE    : 888.0 Ko
	DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0xADDB0000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\system32\drivers\SleepStudyHelper.sys => Invisible on the disk
ADDRESS : 0xADDD0000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0xADDE0000
SIZE    : 140.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0xADE10000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0xADE20000
SIZE    : 732.0 Ko
	DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0xADEE0000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\System32\drivers\intelpep.sys => Invisible on the disk
ADDRESS : 0xADEF0000
SIZE    : 92.0 Ko
	DRIVER  : C:\Windows\system32\drivers\WindowsTrustedRT.sys => Invisible on the disk
ADDRESS : 0xADF10000
SIZE    : 88.0 Ko
	DRIVER  : C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys => Invisible on the disk
ADDRESS : 0xADF30000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0xADF40000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0xADF60000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0xADF70000
SIZE    : 364.0 Ko
	DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0xADFD0000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0xADFF0000
SIZE    : 140.0 Ko
	DRIVER  : C:\Windows\system32\drivers\CEA.sys => Invisible on the disk
ADDRESS : 0xAE020000
SIZE    : 96.0 Ko
	DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0xAE040000
SIZE    : 172.0 Ko
	DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0xAE070000
SIZE    : 592.0 Ko
	DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0xAE110000
SIZE    : 100.0 Ko
	DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0xAE130000
SIZE    : 376.0 Ko
	DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0xAE190000
SIZE    : 120.0 Ko
	DRIVER  : C:\Windows\System32\drivers\storahci.sys => Invisible on the disk
ADDRESS : 0xAE1B0000
SIZE    : 156.0 Ko
	DRIVER  : C:\Windows\System32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0xAE1E0000
SIZE    : 552.0 Ko
	DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk
ADDRESS : 0xAE270000
SIZE    : 112.0 Ko
	DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0xAE290000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\Wof.sys => Invisible on the disk
ADDRESS : 0xAE2B0000
SIZE    : 236.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\mbamswissarmy.sys => Invisible on the disk
ADDRESS : 0xAE2F0000
SIZE    : 256.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0xAE330000
SIZE    : 404.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\NTFS.sys => Invisible on the disk
ADDRESS : 0xAE3A0000
SIZE    : 2.26 Mo
	DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0xAEF40000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0xAE600000
SIZE    : 1.21 Mo
	DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0xAE740000
SIZE    : 532.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0xAE7D0000
SIZE    : 192.0 Ko
	DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0xAE800000
SIZE    : 2.60 Mo
	DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0xAEAA0000
SIZE    : 424.0 Ko
	DRIVER  : C:\Windows\System32\drivers\wfplwfs.sys => Invisible on the disk
ADDRESS : 0xAEB10000
SIZE    : 176.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0xAEB40000
SIZE    : 728.0 Ko
	DRIVER  : C:\Windows\System32\drivers\volume.sys => Invisible on the disk
ADDRESS : 0xAEC00000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0xAEC10000
SIZE    : 400.0 Ko
	DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0xAEC80000
SIZE    : 304.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0xAECD0000
SIZE    : 144.0 Ko
	DRIVER  : C:\Windows\system32\drivers\iorate.sys => Invisible on the disk
ADDRESS : 0xAED00000
SIZE    : 68.0 Ko
	DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0xAED30000
SIZE    : 120.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0xAED70000
SIZE    : 108.0 Ko
	DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0xAEE50000
SIZE    : 184.0 Ko
	DRIVER  : C:\Windows\system32\drivers\filecrypt.sys => Invisible on the disk
ADDRESS : 0xAEE80000
SIZE    : 80.0 Ko
	DRIVER  : C:\Windows\system32\drivers\tbs.sys => Invisible on the disk
ADDRESS : 0xAEEA0000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0xAEEB0000
SIZE    : 40.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0xAEEC0000
SIZE    : 40.0 Ko
	DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0xAEED0000
SIZE    : 84.0 Ko
	DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0xAEEF0000
SIZE    : 80.0 Ko
	DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0xAFF40000
SIZE    : 2.35 Mo
	DRIVER  : C:\Windows\System32\drivers\vmbkmclr.sys => Invisible on the disk
ADDRESS : 0xB01A0000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0xB01C0000
SIZE    : 64.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0xB01D0000
SIZE    : 100.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0xB01F0000
SIZE    : 64.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0xAF600000
SIZE    : 136.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0xAF630000
SIZE    : 64.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0xAF640000
SIZE    : 328.0 Ko
	DRIVER  : C:\Windows\system32\drivers\legendasdrv.sys => Invisible on the disk
ADDRESS : 0xAF6A0000
SIZE    : 68.0 Ko
	DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0xAF6C0000
SIZE    : 620.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSNAHSL.sys => Invisible on the disk
ADDRESS : 0xAF760000
SIZE    : 92.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\VBoxNetLwf.sys => Invisible on the disk
ADDRESS : 0xAF780000
SIZE    : 260.0 Ko
	DRIVER  : C:\Windows\System32\drivers\vwififlt.sys => Invisible on the disk
ADDRESS : 0xAF7D0000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\System32\drivers\pacer.sys => Invisible on the disk
ADDRESS : 0xAF7F0000
SIZE    : 164.0 Ko
	DRIVER  : C:\Windows\system32\drivers\netbios.sys => Invisible on the disk
ADDRESS : 0xAF820000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0xAF840000
SIZE    : 468.0 Ko
	DRIVER  : C:\Windows\system32\drivers\csc.sys => Invisible on the disk
ADDRESS : 0xAF8C0000
SIZE    : 572.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\VBoxUSBMon.sys => Invisible on the disk
ADDRESS : 0xAF9A0000
SIZE    : 192.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\VBoxDrv.sys => Invisible on the disk
ADDRESS : 0xAF9D0000
SIZE    : 996.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\PSINKNC.sys => Invisible on the disk
ADDRESS : 0xAFAF0000
SIZE    : 212.0 Ko
	DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0xAFB30000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0xAFB50000
SIZE    : 60.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSTLSC.sys => Invisible on the disk
ADDRESS : 0xAFB60000
SIZE    : 128.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSSTRM.sys => Invisible on the disk
ADDRESS : 0xAFB80000
SIZE    : 292.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSSMTP.sys => Invisible on the disk
ADDRESS : 0xAFBD0000
SIZE    : 128.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSPRV.sys => Invisible on the disk
ADDRESS : 0xAFBF0000
SIZE    : 340.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSPROT.sys => Invisible on the disk
ADDRESS : 0xAFC50000
SIZE    : 344.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSPOP3.sys => Invisible on the disk
ADDRESS : 0xAFCB0000
SIZE    : 148.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSPIHSW.sys => Invisible on the disk
ADDRESS : 0xAFCE0000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSPICC.sys => Invisible on the disk
ADDRESS : 0xAFD00000
SIZE    : 132.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSIDS.sys => Invisible on the disk
ADDRESS : 0xAFD30000
SIZE    : 160.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSHTTPS.sys => Invisible on the disk
ADDRESS : 0xAFD60000
SIZE    : 132.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSHTTP.sys => Invisible on the disk
ADDRESS : 0xAFD90000
SIZE    : 220.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\NNSALPC.sys => Invisible on the disk
ADDRESS : 0xAFDD0000
SIZE    : 112.0 Ko
	DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0xAFDF0000
SIZE    : 64.0 Ko
	DRIVER  : C:\Windows\System32\drivers\gpuenergydrv.sys => Invisible on the disk
ADDRESS : 0xAFE10000
SIZE    : 40.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\ElbyCDIO.sys => Invisible on the disk
ADDRESS : 0xAFE20000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0xAFE30000
SIZE    : 172.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\ahcache.sys => Invisible on the disk
ADDRESS : 0xAFE80000
SIZE    : 260.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys => Invisible on the disk
ADDRESS : 0xAFED0000
SIZE    : 248.0 Ko
	DRIVER  : C:\Windows\System32\drivers\kdnic.sys => Invisible on the disk
ADDRESS : 0xAFF30000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0xAFE60000
SIZE    : 84.0 Ko
	DRIVER  : C:\Windows\System32\drivers\intelppm.sys => Invisible on the disk
ADDRESS : 0xAEF50000
SIZE    : 224.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x06750000
SIZE    : 676.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x08BE0000
SIZE    : 21.06 Mo
	DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x0A0F0000
SIZE    : 116.0 Ko
	DRIVER  : C:\Windows\System32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x0A110000
SIZE    : 396.0 Ko
	DRIVER  : C:\Windows\System32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x0A180000
SIZE    : 132.0 Ko
	DRIVER  : C:\Windows\System32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x07E00000
SIZE    : 412.0 Ko
	DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x07E70000
SIZE    : 112.0 Ko
	DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x07E90000
SIZE    : 476.0 Ko
	DRIVER  : C:\Windows\System32\drivers\Rtnic64.sys => Invisible on the disk
ADDRESS : 0x07F10000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x07F60000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\System32\drivers\ETDSMBus.sys => Invisible on the disk
ADDRESS : 0x07F80000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x07F90000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\System32\drivers\dtliteusbbus.sys => Invisible on the disk
ADDRESS : 0x07FA0000
SIZE    : 60.0 Ko
	DRIVER  : C:\Windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk
ADDRESS : 0x07FB0000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x07FC0000
SIZE    : 48.0 Ko
	DRIVER  : C:\Windows\System32\drivers\dtlitescsibus.sys => Invisible on the disk
ADDRESS : 0x07FD0000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\System32\drivers\VClone.sys => Invisible on the disk
ADDRESS : 0x07FE0000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk
ADDRESS : 0x07FF0000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk
ADDRESS : 0x08000000
SIZE    : 520.0 Ko
	DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x08090000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\system32\drivers\AtihdWT6.sys => Invisible on the disk
ADDRESS : 0x080A0000
SIZE    : 120.0 Ko
	DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x080C0000
SIZE    : 56.0 Ko
	DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x080D0000
SIZE    : 5.77 Mo
	DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk
ADDRESS : 0x086A0000
SIZE    : 196.0 Ko
	DRIVER  : C:\Windows\System32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x086E0000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x08700000
SIZE    : 204.0 Ko
	DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x08740000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x08760000
SIZE    : 64.0 Ko
	DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x08770000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\System32\drivers\mouhid.sys => Invisible on the disk
ADDRESS : 0x08790000
SIZE    : 60.0 Ko
	DRIVER  : C:\Windows\system32\Drivers\RtsUer.sys => Invisible on the disk
ADDRESS : 0x087A0000
SIZE    : 420.0 Ko
	DRIVER  : C:\Windows\System32\win32kbase.sys => Invisible on the disk
ADDRESS : 0x7F1A0000
SIZE    : 2.02 Mo
	DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x08A30000
SIZE    : 60.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\dump_storahci.sys => Invisible on the disk
ADDRESS : 0x08A70000
SIZE    : 156.0 Ko
	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x08AC0000
SIZE    : 116.0 Ko
	DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x08AE0000
SIZE    : 424.0 Ko
	DRIVER  : C:\Windows\System32\drivers\monitor.sys => Invisible on the disk
ADDRESS : 0x08B50000
SIZE    : 68.0 Ko
	DRIVER  : C:\Windows\System32\drivers\dxgmms2.sys => Invisible on the disk
ADDRESS : 0x08810000
SIZE    : 716.0 Ko
	DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x7F3C0000
SIZE    : 40.0 Ko
	DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x088D0000
SIZE    : 152.0 Ko
	DRIVER  : C:\Windows\system32\drivers\wcifs.sys => Invisible on the disk
ADDRESS : 0x08900000
SIZE    : 152.0 Ko
	DRIVER  : C:\Windows\system32\drivers\storqosflt.sys => Invisible on the disk
ADDRESS : 0x08940000
SIZE    : 100.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\PSINAflt.sys => Invisible on the disk
ADDRESS : 0x08960000
SIZE    : 272.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\PSINProt.sys => Invisible on the disk
ADDRESS : 0x089B0000
SIZE    : 144.0 Ko
	DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x08B70000
SIZE    : 120.0 Ko
	DRIVER  : C:\Windows\System32\drivers\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x08B90000
SIZE    : 244.0 Ko
	DRIVER  : C:\Windows\System32\drivers\WpdUpFltr.sys => Invisible on the disk
ADDRESS : 0x08BD0000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\system32\drivers\mslldp.sys => Invisible on the disk
ADDRESS : 0x0A1B0000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x05A00000
SIZE    : 1.08 Mo
	DRIVER  : C:\Windows\system32\DRIVERS\PSINFile.sys => Invisible on the disk
ADDRESS : 0x0A1D0000
SIZE    : 140.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\PSINProc.sys => Invisible on the disk
ADDRESS : 0x07F30000
SIZE    : 132.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\PSINReg.sys => Invisible on the disk
ADDRESS : 0x089E0000
SIZE    : 120.0 Ko
	DRIVER  : C:\Windows\System32\drivers\registry.sys => Invisible on the disk
ADDRESS : 0x08A00000
SIZE    : 44.0 Ko
	DRIVER  : C:\Windows\system32\drivers\lltdio.sys => Invisible on the disk
ADDRESS : 0x05B20000
SIZE    : 88.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x05B40000
SIZE    : 108.0 Ko
	DRIVER  : C:\Windows\system32\drivers\rspndr.sys => Invisible on the disk
ADDRESS : 0x05B60000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x05B80000
SIZE    : 132.0 Ko
	DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x05BB0000
SIZE    : 104.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x05BD0000
SIZE    : 492.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x05C50000
SIZE    : 244.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\idmwfp.sys => Invisible on the disk
ADDRESS : 0x05C90000
SIZE    : 208.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x05CD0000
SIZE    : 280.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x05D20000
SIZE    : 736.0 Ko
	DRIVER  : C:\Windows\system32\drivers\mmcss.sys => Invisible on the disk
ADDRESS : 0x05DE0000
SIZE    : 80.0 Ko
	DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk
ADDRESS : 0x05E00000
SIZE    : 152.0 Ko
	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x05E30000
SIZE    : 312.0 Ko
	DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05E80000
SIZE    : 792.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x05F50000
SIZE    : 564.0 Ko
	DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x05FE0000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\System32\DRIVERS\PSKMAD.sys => Invisible on the disk
ADDRESS : 0x06000000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk
ADDRESS : 0x06020000
SIZE    : 72.0 Ko
	DRIVER  : C:\Windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk
ADDRESS : 0x08930000
SIZE    : 52.0 Ko
	DRIVER  : C:\Windows\system32\drivers\qwavedrv.sys => Invisible on the disk
ADDRESS : 0x060A0000
SIZE    : 76.0 Ko
	DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x7F4B0000
SIZE    : 260.0 Ko
	BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)
	SystemStartOptions :  NOEXECUTE=OPTIN
	________________________________________________________________________________
	_______MBR   \Device\Harddisk0\DR0  
0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A F2 0D 8F 04 00 00 00 20   em...c{.ò...... 
0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 00 C0 5D 80 FE   !..þ........À].þ
0x000001D0   FF FF 07 FE FF FF 00 08 C0 5D 00 48 A2 16 00 FE   ...þ....À].H¢..þ
0x000001E0   FF FF 27 FE FF FF 00 50 62 74 00 10 0E 00 00 00   ..'þ...Pbt......
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

 

E O SEGUNDO:

 

Farbar Service Scanner Version: 27-01-2016

Ran by Vila Barroló (administrator) on 18-10-2017 at 13:53:46
Running from "C:\Users\Vila Barroló\Desktop"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe o ZHPCleaner e salve no desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluído a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

aí vai o zhpcleaner:

 

~ ZHPCleaner v2017.10.16.183 by Nicolas Coolman (2017/10/16)
~ Run by Vila Barroló (Administrator)  (19/10/2017 09:27:52)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Vila Barroló\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Vila Barroló\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 15063)


---\\  Serviços (1)
PAROU : panda_url_filtering  =>.SUP.StartSearch


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (22)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (17)
MOVIDO pasta: C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe [Visicom Media Inc. - Visicom Media Anti-phishing Domain Advisor]  =>.SUP.StartSearch
MOVIDO pasta**: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS]  =>HackTool.KMSpico
MOVIDO pasta**: C:\Windows\Prefetch\DRIVERTOOLKITINSTALLER.TMP-719D89C1.pf    =>.SUP.DriverToolkit
MOVIDO pasta**: C:\Windows\Prefetch\DRIVERTOOLKITINSTALLER.TMP-CEC2049D.pf    =>.SUP.DriverToolkit
MOVIDO pasta**: C:\Windows\Prefetch\KMSPICO_PATCH.EXE-00704FDF.pf    =>HackTool.KMSpico
MOVIDO pasta**: C:\Users\Vila Barroló\Downloads\KMSpico_patch [Secure Download Ltd. - SoftPlanet Software Assistant Setup]  =>HackTool.KMSpico
MOVIDO pasta**: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVIDO pasta**: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico
MOVIDO arquivo*: C:\Users\Vila Barroló\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei  =>Hijacker.Browser
MOVIDO arquivo*: C:\Program Files (x86)\KMSPico 10.2.2 Final  =>HackTool.KMSpico
MOVIDO arquivo*: C:\Program Files\KMSpico  =>HackTool.KMSpico
MOVIDO arquivo*: C:\ProgramData\panda_url_filtering  =>.SUP.StartSearch
MOVIDO arquivo*: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico  =>HackTool.KMSpico
MOVIDO arquivo*: C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVIDO arquivo*: C:\ProgramData\IObit\ASCDownloader  =>.SUP.AdvancedSystemCare
MOVIDO arquivo*: C:\Users\Vila Barroló\AppData\Roaming\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
MOVIDO arquivo*: C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare


---\\  Registro ( Chaves, Valores, Dados ) (8)
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\panda_url_filtering [C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe (Not File)]  =>.SUP.StartSearch
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\panda_url_filteringd [\C:\Program Files\Panda Security URL Filtering\panda_url_filteringd.sys (Not File)]  =>.SUP.StartSearch
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Service KMSELDI [C:\Program Files\KMSpico\Service_KMS.exe (Not File)]  =>HackTool.KMSpico
SUPRIMIDO chave*: HKCU\Software\undefined []  =>.SUP.Downloader
SUPRIMIDO chave*: HKLM\SOFTWARE\Iobit\ASC []  =>.SUP.AdvancedSystemCare
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\IObitUnSvr []  =>.SUP.Elex
SUPRIMIDO valor: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe]  =>Heuristic.Salus
SUPRIMIDO valor: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Advanced SystemCare 10 [0x020000000000000000000000]  =>.SUP.AdvancedSystemCare


---\\  Resumo dos elementos encontrados na sua estação de trabalho (8)
https://nicolascoolman.eu/2017/09/11/sup-startsearch/  =>.SUP.StartSearch
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.DriverToolkit
https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.AdvancedSystemCare
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Downloader
https://nicolascoolman.eu/2017/03/28/superfluous-elex/  =>.SUP.Elex
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Heuristic.Salus


---\\  Dodatkowe oczyszczenie. (17)
~ Chave de registro Tracing Supprimido (17)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 625
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 27


~ End of clean in 00h00mn45s
~====================
ZHPCleaner-[R]-19102017-09_28_37.txt
ZHPCleaner--19102017-09_24_40.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

MOVIDO pasta**: C:\Program Files\KMSpico\Service_KMS.exe [@ByELDI - Service_KMS]  =>HackTool.KMSpico
MOVIDO pasta**: C:\Windows\SECOH-QAD.dll    =>HackTool.KMSpico
MOVIDO pasta**: C:\Windows\SECOH-QAD.exe    =>HackTool.KMSpico

Seu "técnico" usou um Cracker chamado KMSpico para habilitar o Windows\Office...

Isso é considerado pirataria e eu não posso ajudá-la desta forma, podendo até inutilizar seu PC com o uso de Ferramentas de desinfecção

Sugiro que você entre em contato com a Microsoft ou com um revendedor autorizado.

Central de Atendimento Microsoft:
0800 761-7454

Atendimento ao Cliente

http://support.microsoft.com/contactus

Boa sorte.


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

×