• Registrarse
  • Iniciar sesión


  • Página 1 de 4 1234 ÚltimoÚltimo
    Resultados 1 al 10 de 33

    Troyano JS:Bancos-AI

    Mi antivirus (AVG) no para de avidarme que tengo un troyano (JS:Bancos-AI) que intenta conectarse a internet y que lo ha bloqueado. Malwarebytes y ES ET no me detectan el troyano. Me estoy empezando a ...

    1. #1
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Troyano JS:Bancos-AI

      Mi antivirus (AVG) no para de avidarme que tengo un troyano (JS:Bancos-AI) que intenta conectarse a internet y que lo ha bloqueado. Malwarebytes y ES ET no me detectan el troyano. Me estoy empezando a preocupar... ¿qué puedo hacer?

    2. #2
      Usuario Avatar de Daniel0312
      Registrado
      ene 2018
      Ubicación
      Argentina
      Mensajes
      1.446

      Re: Troyano JS:Bancos-AI

      Hola.

      Pon me los reportes de Malwarebytes y ESET para analizar.

      Mientras tanto sigue estos pasos:


      • Descarga RKill disfrazado de iExplore a su Escritorio
      • Ejecutalo como Administrador
      • Se abrira una consola. Deja que termine y me pegas el reporte que se auto-guardara en su escritorio



      • Actualiza su base datos en la seccion "Update"
      • Desconectate de internet o quita el cable ethernet
      • Ejecutalo nuevamente y Das a Next dos veces para que que ingrese a la seccion "Scan System" Dentro de el clickea en el boton "Scan"
      • Dejas todas las casillas marcadas y click a "Next" . Si detecto algo eliminalo en la seccion "Cleanup"


      Me pegas el reporte de Rkill y Mbam Anti-Rootkit y no olvides comentar como va el funcionamiento de la pc luego de los procedimientos

    3. #3
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Re: Troyano JS:Bancos-AI

      Adjunto reporte Malwarebytes

      Malwarebytes
      www.malwarebytes.com

      -Log Details-
      Scan Date: 5/4/18
      Scan Time: 8:37 AM
      Log File: 4dcf0902-4f5d-11e8-ac42-202564932935.json
      Administrator: Yes

      -Software Information-
      Version: 3.4.5.2467
      Components Version: 1.0.342
      Update Package Version: 1.0.4976
      License: Trial

      -System Information-
      OS: Windows 10 (Build 16299.371)
      CPU: x64
      File System: NTFS
      User: NAHON\Barukh

      -Scan Summary-
      Scan Type: Threat Scan
      Scan Initiated By: Manual
      Result: Completed
      Objects Scanned: 353282
      Threats Detected: 0
      (No malicious items detected)
      Threats Quarantined: 0
      (No malicious items detected)
      Time Elapsed: 10 min, 31 sec

      -Scan Options-
      Memory: Enabled
      Startup: Enabled
      Filesystem: Enabled
      Archives: Enabled
      Rootkits: Disabled
      Heuristics: Enabled
      PUP: Detect
      PUM: Detect

      -Scan Details-
      Process: 0
      (No malicious items detected)

      Module: 0
      (No malicious items detected)

      Registry Key: 0
      (No malicious items detected)

      Registry Value: 0
      (No malicious items detected)

      Registry Data: 0
      (No malicious items detected)

      Data Stream: 0
      (No malicious items detected)

      Folder: 0
      (No malicious items detected)

      File: 0
      (No malicious items detected)

      Physical Sector: 0
      (No malicious items detected)


      (end)

      No tengo reporte de ESET, porque tampoco detecta nada y no me da la opción de hacer un reporte

      Adjunto reporte RKill

      Rkill 2.9.1 by Lawrence Abrams (Grinler)
      http://www.bleepingcomputer.com/
      Copyright 2008-2018 BleepingComputer.com
      More Information about Rkill can be found at this link:
      http://www.bleepingcomputer.com/forums/topic308364.html

      Program started at: 05/04/2018 07:45:08 AM in x64 mode.
      Windows Version: Windows 10 Home

      Checking for Windows services to stop:

      * No malware services found to stop.

      Checking for processes to terminate:

      * C:\Users\Barukh\AppData\Local\Alt1Toolkit\app-1.4.5\Runeapps.Alt1.exe (PID: 368) [UP-HEUR]

      1 proccess terminated!

      Checking Registry for malware related settings:

      * No issues found in the Registry.

      Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

      Performing miscellaneous checks:

      * No issues found.

      Searching for Missing Digital Signatures:

      * No issues found.

      Checking HOSTS File:

      * HOSTS file entries found:

      194.145.200.27 pagead2.googlesyndication.com
      127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
      127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

      Program finished at: 05/04/2018 07:48:33 AM
      Execution time: 0 hours(s), 3 minute(s), and 24 seconds(s)

      Malwarebytes Anti-Rootkit tampoco encuentra nada, y no me da opción a hacer reporte

      Respecto al funcionamiento, tengo avisos constantes de AVG de que se ha bloqueado el intento del troyando de conectarse.

    4. #4
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.248

      Re: Troyano JS:Bancos-AI

      Hola Ethain.

      Los informes de Malwarebytes Antirootkit los tienes en en la carpeta Mbar, abriendo los archivos mbar-log.txt y system-log.txt.

      Y ahora vas a seguir estos pasos :

      1.- Descarga a tu escritorio la herramienta >> TDSSKiller.

      2.- Desconecta el equipo de Internet – Apaga el Router/Quita el cable, es muy importante.

      3.- Ejecutar TDSSKiller según las indicaciones del Manual. (Si usas Windows Vista/7/8 o 10 haz clic derecho y selecciona "Ejecutar como Administrador").

      4.- Guarda el log/informe para ponerlo en tu siguiente respuesta e incluyes tambien los de MBAntiRootkit.

      Saludos, Javier.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    5. #5
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Re: Troyano JS:Bancos-AI

      Supongo que el virus está evitando que ejecute tdsskiller. No puedo ejectutarlo como administrador, ni renombrandolo, ni cambiando la extensión.

    6. #6
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.248

      Re: Troyano JS:Bancos-AI

      Hola.

      Que mensaje o problema te sale al intentar ejecutarlo.??
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    7. #7
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Re: Troyano JS:Bancos-AI

      Me pregunta si permito que el programa haga cambios en mi sistema, le doy a "sí" y... no pasa nada.

    8. #8
      Moderador Gral.
      Avatar de @Javier_HF
      Registrado
      jun 2006
      Ubicación
      Via Lactea.
      Mensajes
      23.248

      Re: Troyano JS:Bancos-AI

      Intenta su ejecución desde el modo seguro de windows.

      Para acceder a ese modo de windows sigue el 2º MÉTODO: de esta Faq de Windows 8(aplicable a Windows 10) >> ¿Cómo iniciar Windows 8/8.1 en Modo Seguro?, para trabajar desde ese modo de windows.

      Y nos pones los informes y comentas.

      Saludos.
      Quien no lo intenta no lo consigue | ;-)

      * Síguenos en nuestro Twitter y hazte nuestro amigo en Facebook.
      * Infórmate de las ultimas amenazas de la red desde: InfoSpyware Blog
      * No se resuelven dudas por Privados ni por E-mail, ya que para eso esta el foro.

    9. #9
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Re: Troyano JS:Bancos-AI

      mbar-log.txt

      Malwarebytes Anti-Rootkit BETA 1.10.3.1001
      www.malwarebytes.org

      Database version:
      main: v2018.05.04.01
      rootkit: v2018.05.04.01

      Windows 10 x64 NTFS
      Internet Explorer 11.371.16299.0
      Barukh :: NAHON [administrator]

      04/05/2018 7:51:18
      mbar-log-2018-05-04 (07-51-18).txt

      Scan type: Quick scan
      Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
      Scan options disabled:
      Objects scanned: 255594
      Time elapsed: 37 minute(s), 30 second(s)

      Memory Processes Detected: 0
      (No malicious items detected)

      Memory Modules Detected: 0
      (No malicious items detected)

      Registry Keys Detected: 0
      (No malicious items detected)

      Registry Values Detected: 0
      (No malicious items detected)

      Registry Data Items Detected: 0
      (No malicious items detected)

      Folders Detected: 0
      (No malicious items detected)

      Files Detected: 0
      (No malicious items detected)

      Physical Sectors Detected: 0
      (No malicious items detected)

      (end)

    10. #10
      Usuario Avatar de Ethain
      Registrado
      nov 2007
      Ubicación
      Barcelona
      Mensajes
      33

      Re: Troyano JS:Bancos-AI

      system-log.txt

      ---------------------------------------
      Malwarebytes Anti-Rootkit BETA 1.10.3.1001

      (c) Malwarebytes Corporation 2011-2012

      OS version: 10.0.9200 Windows 10 x64

      Account is Administrative

      Internet Explorer version: 11.371.16299.0

      File system is: NTFS
      Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
      CPU speed: 2.195000 GHz
      Memory total: 8510529536, free: 2261225472

      Downloaded database version: v2018.05.04.01
      Downloaded database version: v2018.05.04.01
      Downloaded database version: v2018.01.20.01
      =======================================
      Initializing...
      Driver version: 4.3.0.15
      ------------ Kernel report ------------
      05/04/2018 07:51:07
      ------------ Loaded modules -----------
      \SystemRoot\system32\ntoskrnl.exe
      \SystemRoot\system32\hal.dll
      \SystemRoot\system32\kd.dll
      \SystemRoot\system32\mcupdate_GenuineIntel.dll
      \SystemRoot\System32\drivers\msrpc.sys
      \SystemRoot\System32\drivers\ksecdd.sys
      \SystemRoot\System32\drivers\werkernel.sys
      \SystemRoot\System32\drivers\CLFS.SYS
      \SystemRoot\System32\drivers\tm.sys
      \SystemRoot\system32\PSHED.dll
      \SystemRoot\system32\BOOTVID.dll
      \SystemRoot\System32\drivers\FLTMGR.SYS
      \SystemRoot\System32\drivers\clipsp.sys
      \SystemRoot\System32\drivers\cmimcext.sys
      \SystemRoot\System32\drivers\ntosext.sys
      \SystemRoot\system32\CI.dll
      \SystemRoot\System32\drivers\cng.sys
      \SystemRoot\system32\drivers\Wdf01000.sys
      \SystemRoot\system32\drivers\WDFLDR.SYS
      \SystemRoot\system32\drivers\WppRecorder.sys
      \SystemRoot\system32\drivers\SleepStudyHelper.sys
      \SystemRoot\System32\Drivers\acpiex.sys
      \SystemRoot\System32\drivers\ACPI.sys
      \SystemRoot\System32\drivers\WMILIB.SYS
      \SystemRoot\System32\drivers\intelpep.sys
      \SystemRoot\system32\drivers\WindowsTrustedRT.sys
      \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
      \SystemRoot\System32\drivers\pcw.sys
      \SystemRoot\System32\drivers\msisadrv.sys
      \SystemRoot\System32\drivers\pci.sys
      \SystemRoot\System32\drivers\vdrvroot.sys
      \SystemRoot\system32\drivers\pdc.sys
      \SystemRoot\system32\drivers\CEA.sys
      \SystemRoot\System32\drivers\partmgr.sys
      \SystemRoot\System32\drivers\spaceport.sys
      \SystemRoot\System32\drivers\volmgr.sys
      \SystemRoot\System32\drivers\volmgrx.sys
      \SystemRoot\System32\drivers\mountmgr.sys
      \SystemRoot\System32\drivers\iaStorA.sys
      \SystemRoot\System32\drivers\storport.sys
      \SystemRoot\System32\drivers\EhStorClass.sys
      \SystemRoot\System32\drivers\fileinfo.sys
      \SystemRoot\System32\Drivers\Wof.sys
      \SystemRoot\system32\drivers\wd\WdFilter.sys
      \SystemRoot\System32\Drivers\NTFS.sys
      \SystemRoot\System32\Drivers\Fs_Rec.sys
      \SystemRoot\system32\drivers\ndis.sys
      \SystemRoot\system32\drivers\NETIO.SYS
      \SystemRoot\System32\Drivers\ksecpkg.sys
      \SystemRoot\System32\drivers\tcpip.sys
      \SystemRoot\System32\drivers\fwpkclnt.sys
      \SystemRoot\System32\drivers\wfplwfs.sys
      \SystemRoot\system32\drivers\avgVmm.sys
      \SystemRoot\system32\drivers\avgRvrt.sys
      \SystemRoot\System32\DRIVERS\fvevol.sys
      \SystemRoot\System32\drivers\volume.sys
      \SystemRoot\System32\drivers\volsnap.sys
      \SystemRoot\System32\drivers\rdyboost.sys
      \SystemRoot\System32\Drivers\mup.sys
      \SystemRoot\system32\drivers\iorate.sys
      \SystemRoot\System32\drivers\IntelPcc.sys
      \SystemRoot\System32\drivers\disk.sys
      \SystemRoot\System32\drivers\CLASSPNP.SYS
      \SystemRoot\system32\drivers\avgbuniva.sys
      \SystemRoot\system32\drivers\avgbloga.sys
      \SystemRoot\system32\drivers\avgbidsha.sys
      \SystemRoot\System32\Drivers\crashdmp.sys
      \SystemRoot\System32\drivers\cdrom.sys
      \SystemRoot\system32\drivers\avgSP.sys
      \SystemRoot\system32\drivers\avgSnx.sys
      \SystemRoot\system32\drivers\ks.sys
      \SystemRoot\system32\drivers\filecrypt.sys
      \SystemRoot\system32\drivers\tbs.sys
      \SystemRoot\System32\Drivers\Null.SYS
      \SystemRoot\System32\Drivers\Beep.SYS
      \SystemRoot\System32\drivers\BasicDisplay.sys
      \SystemRoot\System32\drivers\watchdog.sys
      \SystemRoot\System32\drivers\dxgkrnl.sys
      \SystemRoot\System32\drivers\vmbkmclr.sys
      \SystemRoot\System32\drivers\BasicRender.sys
      \SystemRoot\System32\Drivers\Npfs.SYS
      \SystemRoot\System32\Drivers\Msfs.SYS
      \SystemRoot\system32\DRIVERS\tdx.sys
      \SystemRoot\system32\DRIVERS\TDI.SYS
      \SystemRoot\System32\DRIVERS\netbt.sys
      \SystemRoot\system32\drivers\avgRdr2.sys
      \SystemRoot\system32\drivers\afd.sys
      \SystemRoot\System32\drivers\vwififlt.sys
      \SystemRoot\System32\drivers\pacer.sys
      \SystemRoot\system32\drivers\netbios.sys
      \SystemRoot\system32\DRIVERS\rdbss.sys
      \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
      \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
      \SystemRoot\system32\drivers\nsiproxy.sys
      \SystemRoot\System32\drivers\npsvctrig.sys
      \SystemRoot\System32\drivers\mssmbios.sys
      \SystemRoot\System32\drivers\gpuenergydrv.sys
      \SystemRoot\System32\Drivers\dfsc.sys
      \SystemRoot\system32\drivers\bam.sys
      \SystemRoot\system32\drivers\avgbidsdrivera.sys
      \SystemRoot\system32\drivers\avgbdiska.sys
      \SystemRoot\system32\drivers\avgArPot.sys
      \SystemRoot\system32\DRIVERS\ahcache.sys
      \SystemRoot\System32\drivers\ptun0901.sys
      \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys
      \SystemRoot\System32\drivers\kdnic.sys
      \SystemRoot\System32\drivers\umbus.sys
      \SystemRoot\System32\drivers\CAD.sys
      \SystemRoot\System32\DriverStore\FileRepository\nvltwu.inf_amd64_0221ce4ec0827f74\nvlddmkm.sys
      \SystemRoot\system32\DRIVERS\igdkmd64.sys
      \SystemRoot\System32\drivers\HDAudBus.sys
      \SystemRoot\System32\drivers\portcls.sys
      \SystemRoot\System32\drivers\drmk.sys
      \SystemRoot\System32\drivers\USBXHCI.SYS
      \SystemRoot\system32\drivers\ucx01000.sys
      \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
      \SystemRoot\System32\drivers\usbehci.sys
      \SystemRoot\System32\drivers\USBPORT.SYS
      \SystemRoot\system32\DRIVERS\bcmwl63a.sys
      \SystemRoot\System32\drivers\vwifibus.sys
      \SystemRoot\System32\drivers\L1C63x64.sys
      \SystemRoot\System32\drivers\CmBatt.sys
      \SystemRoot\System32\drivers\BATTC.SYS
      \SystemRoot\System32\drivers\AcpiVpc.sys
      \SystemRoot\System32\drivers\i8042prt.sys
      \SystemRoot\system32\DRIVERS\SynTP.sys
      \SystemRoot\system32\DRIVERS\USBD.SYS
      \SystemRoot\System32\drivers\kbdclass.sys
      \SystemRoot\System32\drivers\mouclass.sys
      \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
      \SystemRoot\System32\drivers\wmiacpi.sys
      \SystemRoot\System32\drivers\intelppm.sys
      \SystemRoot\System32\drivers\acpitime.sys
      \SystemRoot\system32\drivers\nvvad64v.sys
      \SystemRoot\system32\drivers\ksthunk.sys
      \SystemRoot\System32\drivers\NdisVirtualBus.sys
      \SystemRoot\System32\drivers\swenum.sys
      \SystemRoot\System32\drivers\iwdbus.sys
      \SystemRoot\System32\drivers\rdpbus.sys
      \SystemRoot\System32\drivers\usbhub.sys
      \SystemRoot\System32\drivers\UsbHub3.sys
      \SystemRoot\system32\DRIVERS\stwrt64.sys
      \SystemRoot\system32\drivers\AmUStor.SYS
      \SystemRoot\System32\drivers\usbccgp.sys
      \SystemRoot\System32\Drivers\vm331avs.sys
      \SystemRoot\System32\drivers\hidusb.sys
      \SystemRoot\System32\drivers\HIDCLASS.SYS
      \SystemRoot\System32\drivers\HIDPARSE.SYS
      \SystemRoot\system32\drivers\bcbtums.sys
      \SystemRoot\System32\drivers\BTHUSB.sys
      \SystemRoot\System32\drivers\bthport.sys
      \SystemRoot\System32\drivers\mouhid.sys
      \SystemRoot\System32\Drivers\fastfat.SYS
      \SystemRoot\System32\Drivers\dump_diskdump.sys
      \SystemRoot\System32\Drivers\dump_iaStorA.sys
      \SystemRoot\System32\Drivers\dump_dumpfve.sys
      \SystemRoot\System32\win32k.sys
      \SystemRoot\System32\win32kfull.sys
      \SystemRoot\System32\win32kbase.sys
      \SystemRoot\System32\drivers\dxgmms2.sys
      \SystemRoot\System32\drivers\monitor.sys
      \SystemRoot\System32\TSDDD.dll
      \SystemRoot\System32\drivers\WUDFRd.sys
      \SystemRoot\System32\drivers\WpdUpFltr.sys
      \SystemRoot\system32\drivers\luafv.sys
      \SystemRoot\system32\drivers\wcifs.sys
      \SystemRoot\system32\drivers\cldflt.sys
      \SystemRoot\system32\drivers\storqosflt.sys
      \SystemRoot\system32\drivers\avgMonFlt.sys
      \SystemRoot\system32\drivers\mmcss.sys
      \SystemRoot\System32\drivers\mshidumdf.sys
      \SystemRoot\system32\drivers\avgStm.sys
      \SystemRoot\system32\drivers\mslldp.sys
      \SystemRoot\system32\drivers\rspndr.sys
      \SystemRoot\system32\drivers\lltdio.sys
      \SystemRoot\System32\DRIVERS\wanarp.sys
      \SystemRoot\system32\DRIVERS\nwifi.sys
      \SystemRoot\system32\drivers\ndisuio.sys
      \SystemRoot\System32\drivers\condrv.sys
      \SystemRoot\System32\drivers\vwifimp.sys
      \SystemRoot\system32\drivers\HTTP.sys
      \SystemRoot\system32\DRIVERS\bowser.sys
      \SystemRoot\System32\drivers\mpsdrv.sys
      \SystemRoot\system32\DRIVERS\mrxsmb.sys
      \SystemRoot\system32\DRIVERS\mrxsmb20.sys
      \SystemRoot\System32\DRIVERS\srvnet.sys
      \SystemRoot\system32\drivers\Ndu.sys
      \SystemRoot\system32\drivers\peauth.sys
      \SystemRoot\System32\drivers\tcpipreg.sys
      \SystemRoot\System32\DRIVERS\srv2.sys
      \SystemRoot\System32\drivers\rassstp.sys
      \SystemRoot\System32\DRIVERS\NDProxy.sys
      \SystemRoot\System32\drivers\AgileVpn.sys
      \SystemRoot\System32\drivers\rasl2tp.sys
      \SystemRoot\System32\drivers\raspptp.sys
      \SystemRoot\System32\DRIVERS\raspppoe.sys
      \SystemRoot\System32\DRIVERS\ndistapi.sys
      \SystemRoot\System32\drivers\ndiswan.sys
      \SystemRoot\System32\drivers\tunnel.sys
      \SystemRoot\system32\drivers\wd\WdNisDrv.sys
      \??\C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
      \SystemRoot\System32\Drivers\mbamswissarmy.sys
      \SystemRoot\System32\Drivers\MbamChameleon.sys
      \??\C:\WINDOWS\system32\drivers\mbae64.sys
      \SystemRoot\system32\DRIVERS\mbam.sys
      \SystemRoot\system32\DRIVERS\farflt.sys
      \SystemRoot\System32\drivers\rdpvideominiport.sys
      \SystemRoot\System32\cdd.dll
      \SystemRoot\System32\drivers\WSDPrint.sys
      \SystemRoot\system32\DRIVERS\WSDScan.sys
      \SystemRoot\system32\DRIVERS\mwac.sys
      \??\C:\WINDOWS\system32\drivers\24374230.sys
      ----------- End -----------
      Done!

      Scan started
      Database versions:
      main: v2018.05.04.01
      rootkit: v2018.05.04.01

      <<<2>>>
      Physical Sector Size: 512
      Drive: 0, DevicePointer: 0xffff99066cec6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      --------- Disk Stack ------
      DevicePointer: 0xffff99066bd739d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
      DevicePointer: 0xffff99066cec6060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      DevicePointer: 0xffff9906695d0060, DeviceName: \Device\0000003d\, DriverName: \Driver\iaStorA\
      ------------ End ----------
      Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
      Upper DeviceData: 0x0, 0x0, 0x0
      Lower DeviceData: 0x0, 0x0, 0x0
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      <<<2>>>
      <<<3>>>
      Volume: C:
      File system type: NTFS
      SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
      Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
      Done!
      Drive 0
      This is a System drive
      Scanning MBR on drive 0...
      Inspecting partition table:
      This drive is a GPT Drive.
      MBR Signature: 55AA
      Disk Signature: CD6F1674

      GPT Protective MBR Partition information:

      Partition 0 type is EFI-GPT (0xee)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 1 Numsec = 4294967295

      Partition 1 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 2 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      Partition 3 type is Empty (0x0)
      Partition is NOT ACTIVE.
      Partition starts at LBA: 0 Numsec = 0

      GPT Partition information:

      GPT Header Signature 4546492050415254
      GPT Header Revision 65536 Size 92 CRC 2914135383
      GPT Header CurrentLba = 1 BackupLba 1953525167
      GPT Header FirstUsableLba 34 LastUsableLba 1953525134
      GPT Header Guid a366f73b-5d0c-4641-b843-179998d40c2
      GPT Header Contains 128 partition entries starting at LBA 2
      GPT Header Partition entry size = 128

      Backup GPT header Signature 4546492050415254
      Backup GPT header Revision 65536 Size 92 CRC 2914135383
      Backup GPT header CurrentLba = 1953525167 BackupLba 1
      Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
      Backup GPT header Guid a366f73b-5d0c-4641-b843-179998d40c2
      Backup GPT header Contains 128 partition entries starting at LBA 1953525135
      Backup GPT header Partition entry size = 128

      Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
      Partition ID d8fb5184-baba-4742-a5c8-ccd05d5a1a8e
      FirstLBA 2048 Last LBA 2050047
      Attributes 1
      Partition Name Basic data partition

      Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
      Partition ID b04c9622-4b8f-46ab-bbd1-34ca867c3b2
      FirstLBA 2050048 Last LBA 2582527
      Attributes 1
      Partition Name EFI system partition

      GPT Partition 1 is bootable
      Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
      Partition ID 40bd9872-7ac9-4f5a-9050-3754d242678
      FirstLBA 2582528 Last LBA 4630527
      Attributes 1
      Partition Name Basic data partition

      Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
      Partition ID c8580e20-c28e-4f72-bdc9-cbfdb75aa4c1
      FirstLBA 4630528 Last LBA 4892671
      Attributes 0
      Partition Name Microsoft reserved partition

      Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
      Partition ID 16785139-a67-4d3d-b1e3-e21e23991b1e
      FirstLBA 4892672 Last LBA 1871960063
      Attributes 0
      Partition Name Basic data partition

      Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
      Partition ID 2aad835d-7432-4c59-8ec8-4af2a95247fe
      FirstLBA 1871960064 Last LBA 1924388863
      Attributes 0
      Partition Name Basic data partition

      Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
      Partition ID af851c26-28ea-4e35-88d2-42aeb52dec71
      FirstLBA 1924388864 Last LBA 1953523711
      Attributes 1
      Partition Name Basic data partition

      Disk Size: 1000204886016 bytes
      Sector size: 512 bytes

      Done!
      File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.16299.371_none_d02abd455f338e37\comctl32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
      File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msIso.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\cldapi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\aepic.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\TEXTINPUTFRAMEWORK.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\WINDOWS.STATEREPOSITORYPS.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\FONTDRVHOST.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7a53e85a72080284c5b5cd703dd282cb\MSCORLIB.NI.DLL" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\dd89797400d103abfcfdd7e6c1829dd1\System.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\02e82312466db461bbcee5eaaa859429\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\95adebdc7528e7a8e4ae9685b1600f38\System.Core.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\9f581d4f9a23ed029b2f448ad019f156\System.ServiceModel.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d67e57958f1c1b935df0426f959ed92b\SMDiagnostics.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\467b677caf704af4edc117e4e717ba8c\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\09559970909d096bffb1f8eb605cddfb\System.Configuration.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\f2a690c7f588336efbc341feb9c9822b\System.Xml.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\a6af07eb12ad728d7433ba41209a786d\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\f8025f152ecd6f7b046c136849bf717d\System.IdentityModel.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\87fbe25ef38c950240eeafeccffee35f\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\ab96d3e2a54bf99e8e108c02ab2f0d05\System.Data.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\abbb4d6643c6ee09c0d53aa8b43ab92c\System.Numerics.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\86e7f970990faeef3b43b9e8f78222c2\System.Management.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\783ceb703651eb9bf1bd2a975815eec1\System.Transactions.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SECURITYHEALTHSERVICE.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\ae463c8f9567c79be370b9aff56aa2e3\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1ead9b6b726753cc8f0f6ec9f544f585\WindowsBase.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ba23d79855fdf2077add750094bcd0f9\System.Drawing.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\cf851efebcbc398205d2cb2fc94f21ad\PresentationCore.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\7071684e37550c616cba4f2c995a6b01\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\ieframe.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.16299.371_none_5d75084fa7e1cb96\comctl32.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\rmclient.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\mshtml.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\jscript9.dll" is sparse (flags = 32768)
      File "C:\Windows\explorer.exe" is sparse (flags = 32768)
      File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
      File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\AcLayers.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8\msvcp140.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_avg.vc140.mfc_f92d94485545da78_14.0.25325.0_none_abeb4fc4f072369b\mfc140u.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_avg.vc140.crt_f92d94485545da78_14.0.25325.0_none_b36a358eeba3b9b8\vcruntime140.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.16299.371_none_8e5ffb3502744564\GdiPlus.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wscapi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\APPXDEPLOYMENTCLIENT.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\STATEREPOSITORY.CORE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\WINDOWS.SERVICES.TARGETEDCONTENT.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\dsreg.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\efswrt.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\jscript.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\mfc80.dll" is sparse (flags = 32768)
      File "C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\mfc80ENU.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\imaadp32.acm" is sparse (flags = 32768)
      File "C:\Windows\System32\msadp32.acm" is sparse (flags = 32768)
      File "C:\Windows\System32\msg711.acm" is sparse (flags = 32768)
      File "C:\Windows\System32\msgsm32.acm" is sparse (flags = 32768)
      File "C:\Windows\System32\WMVSENCD.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\WMVXENCD.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
      File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\STRUCTUREDQUERY.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\08c39fb8441c795f0cddd482aede13cc\PresentationFramework.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2d3b5991006087c957c2a6e9ac38731f\System.Xaml.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
      File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\c662e83cb278c56d8765e1fcb065c5d7\System.Runtime.Remoting.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\d86b8035bf9c57475fb9ec7715fba269\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
      File "C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\0ba0c702993cb27b5b719ccb941dcd9d\UIAutomationTypes.ni.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ksproxy.ax" is sparse (flags = 32768)
      File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\SMARTSCREEN.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\bam.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\HYPERVIDEO.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\bthport.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\cldflt.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
      File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\netvsc.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\Spectrum.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
      File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vwifimp.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
      File "C:\Windows\System32\drivers\winnat.sys" is sparse (flags = 32768)
      File "C:\Windows\System32\NATURALAUTH.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\CAPABILITYACCESSMANAGER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\dusmsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\INSTALLSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\PUSHTOINSTALL.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SEMgrSvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\TOKENBROKER.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
      File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
      File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
      File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-B1D88F2D6BE2675B781596D1FE1350A5C60EC739.bin.79" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-B1D88F2D6BE2675B781596D1FE1350A5C60EC739.bin.7C" is compressed (flags = 1)
      File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-B1D88F2D6BE2675B781596D1FE1350A5C60EC739.bin.83" is compressed (flags = 1)
      File "C:\Users\Barukh\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
      File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
      Scan finished
      =======================================


      Removal queue found; removal started
      Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
      Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
      Removal finished

    Página 1 de 4 1234 ÚltimoÚltimo