Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

A área de Remoção de Malwares está aberta na Comunidade BABOO. LEIA AQUI

Ir para conteúdo
Debora Chaves

Solicitação de análise de Logs em Windows 10

Mensagem Recomendada

Olá.

 

Foi feito o log do hijack conforme pedido. Feito após limpeza pelo cclean no registro e exposição das pastas ocultas no modo exibição no painel de controle.

Meu notebook está com comportamento estranho, pois não consigo atualizar meu antivírus nem antimalware. Tenho Windos 10 Language. Já tentei instalar avg e avast, mas quando chega no final da instalação dá mensagem de erro e que devo verificar conexão com internet. Chamo o ping 8.8.8.8 -t no cmd e o tempo de resposta em média é de 500 ms. Mas quando dá tempo limite esgotado a internet trava e aí não consigo nem acessar o site do google, pois dá mensagem de que "não foi possível acessar o site porque demorou muito para responder". Tem sido assim a quase 1 mês. Não sei se é vírus na rede ou a Oi Velox que está ruim mesmo, porque até o outro computador (desktop com Windows xp) que uso não consegue fazer grande coisa também, muitas vezes fica com sintomas bem parecidos com os do notebook.

Meu antivírus BITDEFENDER FREE fez um upgrade, mas não desinstalou a versão anterior, então vira e mexe ele atualiza sozinho 1 x e uns 15 minutos depois atualiza novamente mas aí dá falha na atualização, então vem a versão anterior e tenta entrar dizendo que devo atualizar pois meu PC está desprotegido.

Até pra baixar o hijack foi "osso" porque dava "erro de rede" e eu tinha que retomar o download.

Resumindo a internet tá TÃO ruim que não dá pra atualizar nenhum programa, inclusive antivírus e malware.

Navegar está um grande sacrifício! mas o YouTube funciona melhor que os outros sites comuns como o da olx por exemplo, que não conseguem nem baixar a página inteira.

 

Grata.

 

Segue log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:09, on 05/09/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare\Suo12_StartupManager.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera_crashreporter.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
C:\Program Files (x86)\Opera\47.0.2631.71\opera.exe
C:\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.br/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 118.97.95.182:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\program files (x86)\real\realplayer\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealDownloader] C:\Program Files (x86)\Real\RealDownloader\downloader2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Advanced SystemCare 10] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Google Update] C:\Users\Debora\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: Dropbox.lnk = Debora\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: RealTimes.lnk = C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 10 (AdvancedSystemCareService10) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service: RealTimes Desktop Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: SMService - IObit - C:\Program Files (x86)\IObit\Classic Start\SMService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Bitdefender Update Service (updatesrv) - Bitdefender - C:\Program Files\Bitdefender antivírus Free\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Security Service (vsserv) - Bitdefender - C:\Program Files\Bitdefender antivírus Free\vsserv.exe
O23 - Service: Bitdefender Correlation Service (vsservppl) - Bitdefender - C:\Program Files\Bitdefender antivírus Free\vsservppl.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11164 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Debora Chaves, baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

Desculpem a demora.

 

Aqui está o que me pediu:

Já agradeço de pronto.

 

O log do MBR scan:

 

	MBRScan v1.1.1




	OS             : Windows 8  (64 bit)
	PROCESSOR      : Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
	BOOT           : Normal Boot
	DATE           : 2017/09/12 (ISO 8601) at 20:22:39
	________________________________________________________________________________




	DISK           : Device\Harddisk0\DR0 __TOSHIBA MQ01ABD075 (AX002J)
	BUS_TYPE       : (0x0B)  S-ATA
	USE_PIO        : YES
	MAX_TRANSFER   : 128 Kb
	ALIGNMENT_MASK : dword aligned
	________________________________________________________________________________




	Device\Harddisk0\DR0    698.6 Go  [Fixed] ==> Unknown MBR Code...




	MBR_MD5   : E0E0D44704648F54EB130B89FA997DE8
	MBR_SHA1  : 2D31368BBAF668BB1605C5003585A20652B2F108




	Device\Harddisk0\Partition1    698 Go      0xEE EFI GPT[1] 
	________________________________________________________________________________




	############################### Additional scan ################################




	DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk
	ADDRESS : 0x1000C000
	SIZE    : 8.09 Mo




	DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
	ADDRESS : 0x10823000
	SIZE    : 468.0 Ko




	DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk
	ADDRESS : 0x0EE1B000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
	ADDRESS : 0xAC000000
	SIZE    : 568.0 Ko




	DRIVER  : C:\Windows\System32\drivers\werkernel.sys => Invisible on the disk
	ADDRESS : 0xAC090000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk
	ADDRESS : 0xAC0A0000
	SIZE    : 396.0 Ko




	DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk
	ADDRESS : 0xAC110000
	SIZE    : 148.0 Ko




	DRIVER  : C:\Windows\System32\drivers\FLTMGR.SYS => Invisible on the disk
	ADDRESS : 0xAC170000
	SIZE    : 392.0 Ko




	DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk
	ADDRESS : 0xABA00000
	SIZE    : 372.0 Ko




	DRIVER  : C:\Windows\System32\drivers\ksecdd.sys => Invisible on the disk
	ADDRESS : 0xABA60000
	SIZE    : 160.0 Ko




	DRIVER  : C:\Windows\System32\drivers\clipsp.sys => Invisible on the disk
	ADDRESS : 0xABA90000
	SIZE    : 704.0 Ko




	DRIVER  : C:\Windows\System32\drivers\cmimcext.sys => Invisible on the disk
	ADDRESS : 0xABB40000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\System32\drivers\ntosext.sys => Invisible on the disk
	ADDRESS : 0xABB50000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
	ADDRESS : 0xABB60000
	SIZE    : 640.0 Ko




	DRIVER  : C:\Windows\System32\drivers\cng.sys => Invisible on the disk
	ADDRESS : 0xABC00000
	SIZE    : 632.0 Ko




	DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
	ADDRESS : 0xABCA0000
	SIZE    : 848.0 Ko




	DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
	ADDRESS : 0xABD80000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk
	ADDRESS : 0xABDA0000
	SIZE    : 140.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk
	ADDRESS : 0xABDD0000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk
	ADDRESS : 0xABDE0000
	SIZE    : 716.0 Ko




	DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk
	ADDRESS : 0xABEA0000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\System32\drivers\intelpep.sys => Invisible on the disk
	ADDRESS : 0xABEB0000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\system32\drivers\WindowsTrustedRT.sys => Invisible on the disk
	ADDRESS : 0xABED0000
	SIZE    : 124.0 Ko




	DRIVER  : C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys => Invisible on the disk
	ADDRESS : 0xABEF0000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
	ADDRESS : 0xABF00000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk
	ADDRESS : 0xABF20000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk
	ADDRESS : 0xABF30000
	SIZE    : 348.0 Ko




	DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk
	ADDRESS : 0xABF90000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk
	ADDRESS : 0xABFB0000
	SIZE    : 132.0 Ko




	DRIVER  : C:\Windows\system32\drivers\CEA.sys => Invisible on the disk
	ADDRESS : 0xABFE0000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
	ADDRESS : 0xAC840000
	SIZE    : 144.0 Ko




	DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk
	ADDRESS : 0xAC870000
	SIZE    : 564.0 Ko




	DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk
	ADDRESS : 0xAC900000
	SIZE    : 96.0 Ko




	DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
	ADDRESS : 0xAC920000
	SIZE    : 376.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
	ADDRESS : 0xAC980000
	SIZE    : 120.0 Ko




	DRIVER  : C:\Windows\System32\drivers\iaStorA.sys => Invisible on the disk
	ADDRESS : 0xAC200000
	SIZE    : 2.79 Mo




	DRIVER  : C:\Windows\System32\drivers\storport.sys => Invisible on the disk
	ADDRESS : 0xAC4D0000
	SIZE    : 520.0 Ko




	DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk
	ADDRESS : 0xAC560000
	SIZE    : 112.0 Ko




	DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk
	ADDRESS : 0xAC580000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Wof.sys => Invisible on the disk
	ADDRESS : 0xAC5A0000
	SIZE    : 224.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\NTFS.sys => Invisible on the disk
	ADDRESS : 0xAC5E0000
	SIZE    : 2.20 Mo




	DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
	ADDRESS : 0xAC820000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
	ADDRESS : 0xACCB0000
	SIZE    : 1.16 Mo




	DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
	ADDRESS : 0xACA00000
	SIZE    : 484.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
	ADDRESS : 0xACA80000
	SIZE    : 192.0 Ko




	DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
	ADDRESS : 0xAD510000
	SIZE    : 2.46 Mo




	DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
	ADDRESS : 0xAD790000
	SIZE    : 420.0 Ko




	DRIVER  : C:\Windows\System32\drivers\wfplwfs.sys => Invisible on the disk
	ADDRESS : 0xACE00000
	SIZE    : 168.0 Ko




	DRIVER  : C:\Windows\System32\drivers\btath_bus.sys => Invisible on the disk
	ADDRESS : 0xACE30000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswVmm.sys => Invisible on the disk
	ADDRESS : 0xACE40000
	SIZE    : 344.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswRvrt.sys => Invisible on the disk
	ADDRESS : 0xACEA0000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
	ADDRESS : 0xACEC0000
	SIZE    : 652.0 Ko




	DRIVER  : C:\Windows\System32\drivers\volume.sys => Invisible on the disk
	ADDRESS : 0xACF70000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk
	ADDRESS : 0xACF80000
	SIZE    : 400.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\SmartDefragDriver.sys => Invisible on the disk
	ADDRESS : 0xACFF0000
	SIZE    : 32.0 Ko




	DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
	ADDRESS : 0xAD000000
	SIZE    : 288.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
	ADDRESS : 0xAD050000
	SIZE    : 148.0 Ko




	DRIVER  : C:\Windows\system32\drivers\iorate.sys => Invisible on the disk
	ADDRESS : 0xAD080000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk
	ADDRESS : 0xAD0A0000
	SIZE    : 120.0 Ko




	DRIVER  : C:\Windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk
	ADDRESS : 0xAD0C0000
	SIZE    : 392.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswbuniva.sys => Invisible on the disk
	ADDRESS : 0xAD130000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswbloga.sys => Invisible on the disk
	ADDRESS : 0xAD140000
	SIZE    : 320.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswbidsha.sys => Invisible on the disk
	ADDRESS : 0xAD190000
	SIZE    : 188.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
	ADDRESS : 0xAD1E0000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk
	ADDRESS : 0xAE4D0000
	SIZE    : 196.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswSP.sys => Invisible on the disk
	ADDRESS : 0xAE510000
	SIZE    : 720.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswSnx.sys => Invisible on the disk
	ADDRESS : 0xADA00000
	SIZE    : 984.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ks.sys => Invisible on the disk
	ADDRESS : 0xADB00000
	SIZE    : 416.0 Ko




	DRIVER  : C:\Windows\system32\drivers\filecrypt.sys => Invisible on the disk
	ADDRESS : 0xADB70000
	SIZE    : 116.0 Ko




	DRIVER  : C:\Windows\system32\drivers\tbs.sys => Invisible on the disk
	ADDRESS : 0xADB90000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
	ADDRESS : 0xADBA0000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
	ADDRESS : 0xADBB0000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk
	ADDRESS : 0xADBC0000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
	ADDRESS : 0xADBE0000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
	ADDRESS : 0xADC00000
	SIZE    : 2.12 Mo




	DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk
	ADDRESS : 0xADE20000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
	ADDRESS : 0xADE40000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
	ADDRESS : 0xADE60000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
	ADDRESS : 0xADE70000
	SIZE    : 140.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
	ADDRESS : 0xADEA0000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
	ADDRESS : 0xADEB0000
	SIZE    : 300.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswRdr2.sys => Invisible on the disk
	ADDRESS : 0xADF00000
	SIZE    : 104.0 Ko




	DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
	ADDRESS : 0xADF20000
	SIZE    : 596.0 Ko




	DRIVER  : C:\Windows\System32\drivers\vwififlt.sys => Invisible on the disk
	ADDRESS : 0xADFC0000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\drivers\pacer.sys => Invisible on the disk
	ADDRESS : 0xADFE0000
	SIZE    : 172.0 Ko




	DRIVER  : C:\Windows\system32\drivers\netbios.sys => Invisible on the disk
	ADDRESS : 0xAE010000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
	ADDRESS : 0xAE030000
	SIZE    : 468.0 Ko




	DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
	ADDRESS : 0xAE0D0000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk
	ADDRESS : 0xAE0F0000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk
	ADDRESS : 0xAE100000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\drivers\gpuenergydrv.sys => Invisible on the disk
	ADDRESS : 0xAE120000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
	ADDRESS : 0xAE130000
	SIZE    : 168.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswbidsdrivera.sys => Invisible on the disk
	ADDRESS : 0xACAB0000
	SIZE    : 320.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ahcache.sys => Invisible on the disk
	ADDRESS : 0xACB00000
	SIZE    : 252.0 Ko




	DRIVER  : C:\Windows\System32\drivers\kdnic.sys => Invisible on the disk
	ADDRESS : 0xAE1B0000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk
	ADDRESS : 0xAE5D0000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
	ADDRESS : 0xAF390000
	SIZE    : 5.12 Mo




	DRIVER  : C:\Windows\system32\DRIVERS\AiCharger.sys => Invisible on the disk
	ADDRESS : 0xAF8B0000
	SIZE    : 12.0 Ko




	DRIVER  : C:\Windows\System32\drivers\USBXHCI.SYS => Invisible on the disk
	ADDRESS : 0xAF8C0000
	SIZE    : 396.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ucx01000.sys => Invisible on the disk
	ADDRESS : 0xAF930000
	SIZE    : 224.0 Ko




	DRIVER  : C:\Windows\System32\drivers\HECIx64.sys => Invisible on the disk
	ADDRESS : 0xAF970000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk
	ADDRESS : 0xAF990000
	SIZE    : 112.0 Ko




	DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk
	ADDRESS : 0xAEC00000
	SIZE    : 472.0 Ko




	DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk
	ADDRESS : 0xAEC80000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\System32\drivers\portcls.sys => Invisible on the disk
	ADDRESS : 0xAECA0000
	SIZE    : 388.0 Ko




	DRIVER  : C:\Windows\System32\drivers\drmk.sys => Invisible on the disk
	ADDRESS : 0xAED10000
	SIZE    : 132.0 Ko




	DRIVER  : C:\Windows\System32\drivers\athw8x.sys => Invisible on the disk
	ADDRESS : 0xAED40000
	SIZE    : 4.15 Mo




	DRIVER  : C:\Windows\System32\drivers\vwifibus.sys => Invisible on the disk
	ADDRESS : 0xAF170000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\RtsBaStor.sys => Invisible on the disk
	ADDRESS : 0xAF180000
	SIZE    : 320.0 Ko




	DRIVER  : C:\Windows\System32\drivers\rt640x64.sys => Invisible on the disk
	ADDRESS : 0xAF1D0000
	SIZE    : 592.0 Ko




	DRIVER  : C:\Windows\System32\drivers\i8042prt.sys => Invisible on the disk
	ADDRESS : 0xAF270000
	SIZE    : 136.0 Ko




	DRIVER  : C:\Windows\System32\drivers\AsusTP.sys => Invisible on the disk
	ADDRESS : 0xAF2A0000
	SIZE    : 380.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk
	ADDRESS : 0xAF300000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\drivers\kbfiltr.sys => Invisible on the disk
	ADDRESS : 0xAF320000
	SIZE    : 32.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ETD.sys => Invisible on the disk
	ADDRESS : 0xACB40000
	SIZE    : 476.0 Ko




	DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk
	ADDRESS : 0xAF330000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\System32\drivers\CmBatt.sys => Invisible on the disk
	ADDRESS : 0xAF350000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\BATTC.SYS => Invisible on the disk
	ADDRESS : 0xAF360000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\intelppm.sys => Invisible on the disk
	ADDRESS : 0xAF9B0000
	SIZE    : 172.0 Ko




	DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk
	ADDRESS : 0xAF9E0000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\System32\drivers\AsHIDSwitch64.sys => Invisible on the disk
	ADDRESS : 0xAF9F0000
	SIZE    : 32.0 Ko




	DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk
	ADDRESS : 0xACBC0000
	SIZE    : 188.0 Ko




	DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk
	ADDRESS : 0xAF370000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk
	ADDRESS : 0xAE5F0000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk
	ADDRESS : 0xAE160000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk
	ADDRESS : 0xAE170000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk
	ADDRESS : 0xACBF0000
	SIZE    : 512.0 Ko




	DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk
	ADDRESS : 0xAD4F0000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\UsbHub3.sys => Invisible on the disk
	ADDRESS : 0xB04B0000
	SIZE    : 540.0 Ko




	DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
	ADDRESS : 0xAFA00000
	SIZE    : 4.51 Mo




	DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
	ADDRESS : 0xAFE90000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\HdAudio.sys => Invisible on the disk
	ADDRESS : 0xAFEA0000
	SIZE    : 424.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
	ADDRESS : 0xAFF10000
	SIZE    : 364.0 Ko




	DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk
	ADDRESS : 0xAFF70000
	SIZE    : 192.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
	ADDRESS : 0xAFFA0000
	SIZE    : 252.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
	ADDRESS : 0xAFFF0000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dump_iaStorA.sys => Invisible on the disk
	ADDRESS : 0xAE1C0000
	SIZE    : 2.79 Mo




	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
	ADDRESS : 0xB02F0000
	SIZE    : 116.0 Ko




	DRIVER  : C:\Windows\System32\win32kbase.sys => Invisible on the disk
	ADDRESS : 0xC3600000
	SIZE    : 1.50 Mo




	DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
	ADDRESS : 0xB0540000
	SIZE    : 412.0 Ko




	DRIVER  : C:\Windows\System32\drivers\monitor.sys => Invisible on the disk
	ADDRESS : 0xB05B0000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\drivers\dxgmms2.sys => Invisible on the disk
	ADDRESS : 0xB0310000
	SIZE    : 668.0 Ko




	DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
	ADDRESS : 0xC3790000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
	ADDRESS : 0xC37A0000
	SIZE    : 256.0 Ko




	DRIVER  : C:\Windows\system32\drivers\mmcss.sys => Invisible on the disk
	ADDRESS : 0xB03C0000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
	ADDRESS : 0xB03E0000
	SIZE    : 152.0 Ko




	DRIVER  : C:\Windows\system32\drivers\wcifs.sys => Invisible on the disk
	ADDRESS : 0xB0410000
	SIZE    : 128.0 Ko




	DRIVER  : C:\Windows\system32\drivers\storqosflt.sys => Invisible on the disk
	ADDRESS : 0xB0430000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
	ADDRESS : 0xB0450000
	SIZE    : 160.0 Ko




	DRIVER  : C:\Windows\system32\drivers\wcnfs.sys => Invisible on the disk
	ADDRESS : 0xB0480000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\System32\drivers\registry.sys => Invisible on the disk
	ADDRESS : 0xB05C0000
	SIZE    : 96.0 Ko




	DRIVER  : C:\Windows\system32\drivers\aswStm.sys => Invisible on the disk
	ADDRESS : 0xAE490000
	SIZE    : 196.0 Ko




	DRIVER  : C:\Windows\system32\drivers\lltdio.sys => Invisible on the disk
	ADDRESS : 0xB05E0000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\system32\drivers\mslldp.sys => Invisible on the disk
	ADDRESS : 0xAD200000
	SIZE    : 96.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\wanarp.sys => Invisible on the disk
	ADDRESS : 0xAD220000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\system32\drivers\rspndr.sys => Invisible on the disk
	ADDRESS : 0xAD240000
	SIZE    : 104.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ndisuio.sys => Invisible on the disk
	ADDRESS : 0xAD260000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
	ADDRESS : 0xAD280000
	SIZE    : 548.0 Ko




	DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
	ADDRESS : 0xAD310000
	SIZE    : 1.07 Mo




	DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
	ADDRESS : 0xAD430000
	SIZE    : 120.0 Ko




	DRIVER  : C:\Windows\System32\drivers\vwifimp.sys => Invisible on the disk
	ADDRESS : 0xAD450000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
	ADDRESS : 0xAD470000
	SIZE    : 136.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
	ADDRESS : 0xB0D00000
	SIZE    : 468.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
	ADDRESS : 0xB0D80000
	SIZE    : 236.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
	ADDRESS : 0xB0DC0000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
	ADDRESS : 0xB0600000
	SIZE    : 272.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
	ADDRESS : 0xB0650000
	SIZE    : 720.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
	ADDRESS : 0xB0710000
	SIZE    : 308.0 Ko




	DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk
	ADDRESS : 0xB0760000
	SIZE    : 152.0 Ko




	DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
	ADDRESS : 0xB0790000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
	ADDRESS : 0xB07B0000
	SIZE    : 560.0 Ko




	DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
	ADDRESS : 0xB0840000
	SIZE    : 776.0 Ko




	DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk
	ADDRESS : 0xB0910000
	SIZE    : 72.0 Ko




	BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)




	SystemStartOptions :  NOEXECUTE=OPTIN




	________________________________________________________________________________




	_______MBR   \Device\Harddisk0\DR0  




	0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001B0   00 00 00 00 00 00 00 00 1B 3D A5 04 00 00 00 00   .........=¥.....
	0x000001C0   02 00 EE FF FF FF 01 00 00 00 EF 66 54 57 00 00   ..î.......ïfTW..
	0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
	

 

 

Aqui o log do FSS:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Debora (administrator) on 12-09-2017 at 20:27:21
Running from "C:\Users\Debora\AppData\Local\Temp\scoped_dir6820_3688"
Microsoft Windows 10 Home Single Language  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Google.com returned error: Google.com is unreachable
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) clicando em Download Gratuito.

Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Ao terminar a instalação, clique em Concluir. Aguarde o programa ser aberto;
  • No alto à direita clique em Atualizar agora. O navegador irá abrir, pode fechá-lo. Se houver atualizações a serem feitas, serão baixadas e instaladas;
  • Ao final da atualização, no painel à esquerda, clique em Configurações. Na aba Proteção, ative Procurar rootkits;
  • Depois, no painel à esquerda, clique em Análise. Em seguida, clique no botão Iniciar Análise;
  • Começará então o exame. Aguarde, pois pode demorar. Ao terminar, uma janela irá se abrir próximo ao relógio;
  • Nela, clique em Ver Resultado. Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • O log é automaticamente salvo pelo MBAM. Para exportá-lo, clique  na aba Relatórios -> Registro de aplicativos na janela principal do programa após a desinfecção ter sido realizada;
  • Clique duas vezes em cima do log mais atual e exporte em .TXT;
  • Selecione, copie e cole todo o conteúdo deste log em sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

Mais uma vez desculpem a demora estou meio atarefada neste mês.

Fazendo isso percebi que ele desabilitou meu programa "Adawere SystemCare". (do IObit)

Para não atrapalhar eu mesma desabilitei meu "SuperAntimayware".

Esqueci de ativar o rootkit, então fiz análise 2X.

 

Obrigada pela atenção!

 

Aqui está o que me pediu:

 

1ª análise sem rootkit ativado

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 20/09/17
Hora da análise: 18:44
Arquivo de registro: e388fbaa-9e4c-11e7-bd9e-08606e901b4b.json
Administrador: Sim

-Informação do software-
Versão: 3.2.2.2029
Versão de componentes: 1.0.188
Versão do pacote de definições: 1.0.2851
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.1715)
CPU: x64
Sistema de arquivos: NTFS
Usuário: DEBORA\Debora

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 417102
Ameaças detectadas: 67
Ameaças em quarentena: 66
Tempo decorrido: 25 min, 9 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 3
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarentena, [1203], [398206],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarentena, [1203], [380353],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarentena, [1203], [380352],1.0.2851

Módulo: 4
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarentena, [1203], [398206],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarentena, [1203], [380353],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarentena, [1203], [380352],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarentena, [1203], [396386],1.0.2851

Chave de registro: 25
PUP.Optional.Yontoo, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarentena, [39], [-1],0.0.0
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\CHROME, Quarentena, [39], [-1],0.0.0
PUP.Optional.Spigot, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{1E125F87-9BC9-44B1-9B89-7B6B72E35044}, Quarentena, [638], [243431],1.0.2851
PUP.Optional.Spigot, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{335137DD-C001-4953-BC00-F96FB1CA4EF1}, Quarentena, [638], [243431],1.0.2851
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supWPM, Quarentena, [3464], [243703],1.0.2851
PUP.Optional.WordShark, HKLM\SOFTWARE\WOW6432NODE\WordShark_1.10.0.20, Quarentena, [6735], [245100],1.0.2851
PUP.Optional.Yontoo, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [39], [246106],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [39], [246106],1.0.2851
PUP.Optional.Awesomehp.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\OldSearch, Quarentena, [12358], [186881],1.0.2851
PUP.Optional.QuickStart, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pelmeidfhdlhlbjimpabfcbnnojbboma, Quarentena, [11674], [242156],1.0.2851
PUP.Optional.IEPluginServices, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginService, Quarentena, [11466], [239277],1.0.2851
PUP.Optional.CouponMarvel, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\lollipop, Quarentena, [1590], [253334],1.0.2851
PUP.Optional.AdvancedSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdvancedSystemCareService10, Quarentena, [1203], [380352],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{906D7E81-6355-4069-B02D-BCFDFE2885E7}, Quarentena, [39], [169166],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{906D7E81-6355-4069-B02D-BCFDFE2885E7}, Quarentena, [39], [169166],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{906d7e81-6355-4069-b02d-bcfdfe2885e7}, Quarentena, [39], [169166],1.0.2851
PUP.Optional.WebSteroids, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [5268], [169013],1.0.2851
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [5268], [169013],1.0.2851
PUP.Optional.WebSteroids, HKLM\SOFTWARE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarentena, [5268], [169013],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{8A4A8B42-A270-4AD4-95C3-815DED6433FC}, Quarentena, [39], [169165],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{8A4A8B42-A270-4AD4-95C3-815DED6433FC}, Quarentena, [39], [169165],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{8a4a8b42-a270-4ad4-95c3-815ded6433fc}, Quarentena, [39], [169165],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarentena, [39], [160141],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarentena, [39], [160141],1.0.2851
PUP.Optional.ValueApps, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\LOW RIGHTS\ELEVATIONPOLICY\{93DBF2BB-A2B3-4683-A92E-57E60751F346}, Quarentena, [6692], [168952],1.0.2851

Valor de registro: 11
PUP.Optional.Yontoo, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DONOTASKAGAIN, Quarentena, [39], [246380],1.0.2851
PUP.Optional.Spigot, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{1E125F87-9BC9-44B1-9B89-7B6B72E35044}|URL, Quarentena, [638], [243431],1.0.2851
PUP.Optional.Spigot, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{335137DD-C001-4953-BC00-F96FB1CA4EF1}|URL, Quarentena, [638], [243431],1.0.2851
PUP.Optional.AdvancedSystemCare, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN|ADVANCED SYSTEMCARE 10, Quarentena, [1203], [380353],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, Quarentena, [39], [246106],1.0.2851
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DONOTASKAGAIN, Quarentena, [39], [246561],1.0.2851
PUP.Optional.Awesomehp.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\OldSearch|URL, Quarentena, [12358], [186881],1.0.2851
PUP.Optional.FirstSeenToday, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\RUN|FST_BR_41, Quarentena, [5116], [238391],1.0.2851
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\Windows|APPINIT_DLLS, Quarentena, [1590], [-1],0.0.0
PUP.Optional.CouponMarvel, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows NT\CURRENTVERSION\Windows|APPINIT_DLLS, Quarentena, [1590], [-1],0.0.0
PUP.Optional.Yontoo, HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, Quarentena, [39], [246105],1.0.2851

Dados de registro: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DEFAULTSCOPE, Substituído, [13398], [292819],1.0.2851

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 5
PUP.Optional.Amonetize, C:\USERS\DEBORA\APPDATA\LOCAL\24993, Quarentena, [6], [186635],1.0.2851
Adware.PremierOpinion, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\PREMIEROPINION, Quarentena, [4269], [171825],1.0.2851
PUP.Optional.ValueApps, C:\USERS\DEBORA\APPDATA\ROAMING\VALUEAPPS, Quarentena, [6692], [180235],1.0.2851
PUP.Optional.ResultsHub, C:\Users\Debora\AppData\Local\Google\Chrome\User Data\Default\Extensions\odeaimiicbmhmbjjanbninhlcpegahnl\1.0.5784.7968_0, Quarentena, [9722], [301971],1.0.2851
PUP.Optional.ResultsHub, C:\USERS\DEBORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ODEAIMIICBMHMBJJANBNINHLCPEGAHNL, Quarentena, [9722], [301971],1.0.2851

Arquivo: 18
PUP.Optional.Amonetize, C:\USERS\DEBORA\APPDATA\LOCAL\24993\status.cfg, Quarentena, [6], [186635],1.0.2851
PUP.Optional.Amonetize, C:\Users\Debora\AppData\Local\24993\Updater.xml, Quarentena, [6], [186635],1.0.2851
PUP.Optional.QuickStart, C:\USERS\DEBORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\newtabv3.crx, Quarentena, [11674], [242152],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\USERS\PUBLIC\DESKTOP\Advanced SystemCare 10.lnk, Quarentena, [1203], [380338],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\MONITOR.EXE, Quarentena, [1203], [398206],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\Windows\SYSTEM32\TASKS\ASC10_PerformanceMonitor, Quarentena, [1203], [380341],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\Windows\SYSTEM32\TASKS\ASC10_SkipUac_Debora, Quarentena, [1203], [380341],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\USERS\DEBORA\APPDATA\ROAMING\MICROSOFT\Internet Explorer\QUICK LAUNCH\USER PINNED\TASKBAR\Advanced SystemCare 10.lnk, Quarentena, [1203], [380340],1.0.2851
PUP.Optional.Yontoo, C:\PROGRAMDATA\NTUSER.POL, Falha ao remover, [39], [-1],0.0.0
PUP.Optional.Yontoo, C:\Windows\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarentena, [39], [-1],0.0.0
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCTRAY.EXE, Quarentena, [1203], [380353],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\ASCSERVICE.EXE, Quarentena, [1203], [380352],1.0.2851
PUP.Optional.ResultsHub, C:\USERS\DEBORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\ODEAIMIICBMHMBJJANBNINHLCPEGAHNL\1.0.5784.7968_0\MANIFEST.JSON, Quarentena, [9722], [301971],1.0.2851
PUP.Optional.ResultsHub, C:\Users\Debora\AppData\Local\Google\Chrome\User Data\Default\Extensions\odeaimiicbmhmbjjanbninhlcpegahnl\1.0.5784.7968_0\background.js, Quarentena, [9722], [301971],1.0.2851
PUP.Optional.ResultsHub, C:\Users\Debora\AppData\Local\Google\Chrome\User Data\Default\Extensions\odeaimiicbmhmbjjanbninhlcpegahnl\1.0.5784.7968_0\icon.png, Quarentena, [9722], [301971],1.0.2851
PUP.Optional.Yontoo, C:\USERS\DEBORA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SECURE PREFERENCES, Substituído, [39], [303054],1.0.2851
PUP.Optional.Yontoo, C:\USERS\DEBORA\APPDATA\ROAMING\OPERA SOFTWARE\OPERA STABLE\PREFERENCES, Substituído, [39], [303323],1.0.2851
PUP.Optional.AdvancedSystemCare, C:\PROGRAM FILES (X86)\IOBIT\ADVANCED SYSTEMCARE\OFCOMMON.DLL, Quarentena, [1203], [396386],1.0.2851

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

2ª análise com rootkit ativado:

 

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 21/09/17
Hora da análise: 17:42
Arquivo de registro: 7077975e-9f0d-11e7-be3f-08606e901b4b.json
Administrador: Sim

-Informação do software-
Versão: 3.2.2.2029
Versão de componentes: 1.0.188
Versão do pacote de definições: 1.0.2856
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 14393.1715)
CPU: x64
Sistema de arquivos: NTFS
Usuário: DEBORA\Debora

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 418583
Ameaças detectadas: 0
(Nenhum item malicioso detectado)
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 18 min, 7 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 0
(Nenhum item malicioso detectado)

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

Editado por Debora Chaves

Esqueci de acrescentar um dado na resposta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu AntiVirus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu desktop.

Dê um duplo clique no seu ícone no desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Hide advanced settings e marque:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats.
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Copie e cole o conteúdo em sua próxima resposta.
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá.

 

Aqui está o que me pediu.

Resultado do Eset.

Depois disso o computador melhorou muito.

 

 

 

C:\Program Files (x86)\FileOpenerPro\FileOpenerPro.exe    MSIL/Adware.iBryte.AG application    cleaned by deleting
C:\Users\Debora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_br.cab    Win32/FusionCore.L potentially unwanted application    deleted
 

 

Obrigada pela paciência.

Olá.

 

Aqui está o que me pediu.

Resultado do Eset.

Depois disso o computador melhorou muito.

 

 

 

C:\Program Files (x86)\FileOpenerPro\FileOpenerPro.exe    MSIL/Adware.iBryte.AG application    cleaned by deleting
C:\Users\Debora\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\14.05\agent\stub_data\stubinst_pkg_br.cab    Win32/FusionCore.L potentially unwanted application    deleted
 

 

Obrigada pela paciência.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos durante a execução das ferramentas abaixo.


1 - Baixe o AdwCleaner e salve no desktop.

http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


2 - Baixe o JRT e salve no desktop.

http://downloads.malwarebytes.org/file/jrt

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.


3 - Baixe o ZHPCleaner e salve no desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluída a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

OLÁ.

 

Aqui está o que me pediu: 

 

AdwCleaner

 

# AdwCleaner 7.0.3.1 - Logfile created on Thu Oct 26 15:43:05 2017
# Updated on 2017/29/09 by Malwarebytes 
# Database: 10-26-2017.1
# Running on Windows 10 Home Single Language (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

PUP.Optional.Legacy, YSearchUtilSvc


***** [ Folders ] *****

PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Debora\AppData\LocalLow\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Debora\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Default User\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Todos os Usuários\IObit\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, C:\Users\Usuário Padrão\AppData\Roaming\IObit\Advanced SystemCare
PUP.Optional.Legacy, C:\Program Files (x86)\predm
PUP.Optional.Legacy, C:\Users\Debora\AppData\Roaming\MailUpdate
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\fileopenerpro
PUP.Optional.Legacy, C:\Program Files (x86)\fileopenerpro
PUP.Optional.Legacy, C:\ProgramData\WPM
PUP.Optional.Legacy, C:\Users\All Users\WPM
PUP.Optional.Legacy, C:\Users\Todos os Usuários\WPM
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Users\Debora\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Program Files (x86)\Yahoo!\yset
PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader
PUP.Optional.Legacy, C:\Users\Todos os Usuários\IObit\ASCDownloader
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
PUP.Optional.SpyHunter, C:\Program Files\Enigma Software Group
PUP.Optional.CouponMarvel, C:\Users\Debora\AppData\Local\lollipop


***** [ Files ] *****

PUP.Optional.Legacy, C:\Users\Debora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Goodgame Empire.lnk
PUP.Optional.Legacy, C:\Users\Debora\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Goodgame Empire.lnk
PUP.Optional.Legacy, C:\END


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

PUP.Optional.Legacy, ASC10_PerformanceMonitor


***** [ Registry ] *****

PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9C3256EB-FE68-4EB6-8F07-282249203461}
PUP.Optional.Legacy, [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {50D90B34-A64C-4590-928C-ABFD07F044C4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fileopenerpro
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Advanced SystemCare_is1
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
PUP.Optional.Legacy, [Key] - HKCU\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | WebCake Desktop
PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.Conduit, [Key] - HKLM\SOFTWARE\Conduit
PUP.Optional.Conduit, [Key] - HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\Software\AppDataLow\Software\Conduit
PUP.Optional.Conduit, [Key] - HKCU\Software\AppDataLow\Software\Conduit
Adware.PremierOpinion, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.SpyHunter, [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup
PUP.Optional.SupTab, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID | {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
PUP.Optional.SofTonicAssistant, [Key] - HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\Software\Softonic
PUP.Optional.SofTonicAssistant, [Key] - HKCU\Software\Softonic
PUP.Optional.SearchProtect, [Key] - HKU\S-1-5-21-3402114008-2447505354-1985657878-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection
PUP.Optional.SearchProtect, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Search Protection


***** [ Firefox (and derivatives) ] *****

PUP.Optional.Legacy, Plugin found: Search and New Tab by Yahoo - Yahoo


***** [ Chromium (and derivatives) ] *****

PUP.Optional.Legacy, SearchProvider found: NCH EN Customized Web Search - search.conduit.com

/!\ Please Reset the Chrome Synchronization before cleaning the Chrome Preferences: https://support.google.com/chrome/answer/3097271


*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [3520 B] - [2014/1/29 2:59:19]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home Single Language x64 
Ran by Debora (Administrator) on 26/10/2017 at 14:18:14,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 20 

Successfully deleted: C:\ProgramData\1460897273.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1460897474.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1502834392.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1502834396.2424.bin (File) 
Successfully deleted: C:\ProgramData\1502834396.8508.bin (File) 
Successfully deleted: C:\ProgramData\1502834396.9796.bin (File) 
Successfully deleted: C:\ProgramData\1502834608.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1502834611.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1502834811.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1502834813.2252.bin (File) 
Successfully deleted: C:\ProgramData\1502834813.3264.bin (File) 
Successfully deleted: C:\ProgramData\1502834813.6216.bin (File) 
Successfully deleted: C:\ProgramData\1502834813.6856.bin (File) 
Successfully deleted: C:\ProgramData\productdata (Folder) 
Successfully deleted: C:\Users\Debora\AppData\Roaming\Mozilla\Firefox\Profiles\hwwx5f8l.default-1453323044985\user.js (File) 
Successfully deleted: C:\Users\Debora\AppData\Roaming\productdata (Folder) 
Successfully deleted: C:\Windows\system32\Tasks\Driver Booster SkipUAC (Debora) (Task)
Successfully deleted: C:\Windows\system32\Tasks\SmartDefrag4_Startup (Task)
Successfully deleted: C:\Windows\system32\Tasks\StartMenu8_Start (Task)
Successfully deleted: C:\Windows\system32\Tasks\Uninstaller_SkipUac_Debora (Task)

Registry: 3 

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\BprotectEx (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/10/2017 at 14:22:00,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

ZHPCleaner:

 

~ ZHPCleaner v2017.10.24.185 by Nicolas Coolman (2017/10/24)
~ Run by Debora (Administrator)  (26/10/2017 14:55:07)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scanner
~ Report : C:\Users\Debora\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Debora\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 14393)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (1)
ENCONTRADO PARAMS: ProxyServer [118.97.95.182:8080] (User.Validation)


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Resultado de reparação
~ Eventuais reparações feita


---\\ Estatísticas
~ Items scan : 89999
~ Items encontrado : 1
~ items cancelados : 0
~ Items réparo : 0


~ End of search in 00h05mn40s
~====================
ZHPCleaner-[R]-26102017-14_54_35.txt
ZHPCleaner--26102017-14_51_12.txt
ZHPCleaner--26102017-15_00_47.txt
 

 

Muito obrigada. O computador já está bem melhor.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...