Ir para conteúdo
fabianomarchetti

Pedido de análise de log.

Mensagem Recomendada

Oi pessoal do forum.baboo.

Alguém pode, por favor fazer uma análise do arquivo de log do meu sistema? Já fiz os procedimentos iniciais de verificação de vírus, e limpeza dor arquivos desnecessários do Windows.

Gostaria de saber quais arquivos maliciosos estão escondidos em minha máquina, e principalmente Quais programas e serviços eu posso desabilitar, destes que estão inicializando junto com o Windows. Obs: quero deixar iniciando junto com o sistema somente programas e serviços que realmente forem essenciais, importantes. 

Desde já agradeço pela atenção, à quem puder me ajudar. Muito obrigado

Fabiano.

Segue o arquivo de log.

_______________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:08:27, on 14/09/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18792)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Users\Fabua\Documents\programas baixados\pgm HijackThis 2.0.5\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehabn.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~2\TEXTAL~1\TAForIE.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.bancoreal.com.br
O15 - Trusted Zone: http://www.bancosantander.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: http://www.santander.com.br
O15 - Trusted Zone: http://www.santanderempresarial.com.br
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Plus Android Service (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CyberLink Product - 2012/08/21 17:28:17 (CLKMSVC10_9EC60124) - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD9\NavFilter\kmsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Proteção de Software (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group, LLC - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Intel Security True Key (TrueKey) - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service: Intel Security True Key Scheduler (TrueKeyScheduler) - McAfee, Inc. - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service: TrueKeyServiceHelper - McAfee, Inc. - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 11465 bytes
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi amigo Xerlouco, segue o log do software  MbrScan

	MBRScan v1.1.1




	OS             : Windows 7 Service Pack 1 (64 bit)
	PROCESSOR      : Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
	BOOT           : Normal Boot
	DATE           : 2017/09/14 (ISO 8601) at 15:42:42
	________________________________________________________________________________




	DISK           : Device\Harddisk0\DR0 __ST1000LM 024 HN-M101M (2AR2)
	BUS_TYPE       : (0x03)  P-ATA
	USE_PIO        : NO
	MAX_TRANSFER   : 128 Kb
	ALIGNMENT_MASK : word aligned
	________________________________________________________________________________




	DISK           : Device\Harddisk1\DR1 __SanDisk Cruzer Fit (1.27)
	BUS_TYPE       : (0x07)  USB
	USE_PIO        : NO
	MAX_TRANSFER   : 64 Kb
	ALIGNMENT_MASK : byte aligned
	________________________________________________________________________________




	Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> Vista MBR Code .




	MBR_MD5   : 4B8DAC50DE0CDB7FB16FD898408E6F4E
	MBR_SHA1  : 293EB6B731B15540F5DC343A86000AD7780C3EB4




	Device\Harddisk0\Partition1    39.19 Mo      0xDE Dell Utility 
	Device\Harddisk0\Partition2    13.81 Go      0x07 NTFS / HPFS __ BOOTABLE __
	Device\Harddisk0\Partition3    917.7 Go      0x07 NTFS / HPFS
	________________________________________________________________________________




	Device\Harddisk1\DR1    7.45 Go  [Removable] ==> Unknown MBR Code




	MBR_MD5   : B2129E8ED5E6CE20210ED370DCA1A7D4
	MBR_SHA1  : A008C21DF0D184865F6410A423787B3817E6DCFC




	Device\Harddisk1\Partition1    7.45 Go      0x07 NTFS / HPFS
	________________________________________________________________________________




	############################### Additional scan ################################




	DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
	ADDRESS : 0x03802000
	SIZE    : 292.0 Ko




	DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
	ADDRESS : 0x00BBA000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
	ADDRESS : 0x00C33000
	SIZE    : 504.0 Ko




	DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
	ADDRESS : 0x00CC5000
	SIZE    : 380.0 Ko




	DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
	ADDRESS : 0x00D24000
	SIZE    : 468.0 Ko




	DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
	ADDRESS : 0x00EF7000
	SIZE    : 776.0 Ko




	DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
	ADDRESS : 0x00FB9000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
	ADDRESS : 0x00E00000
	SIZE    : 348.0 Ko




	DRIVER  : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk
	ADDRESS : 0x00E57000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
	ADDRESS : 0x00E60000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
	ADDRESS : 0x00E6A000
	SIZE    : 204.0 Ko




	DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
	ADDRESS : 0x00E9D000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\system32\drivers\iusb3hcs.sys => Invisible on the disk
	ADDRESS : 0x00EAA000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
	ADDRESS : 0x00EB3000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
	ADDRESS : 0x00EC8000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
	ADDRESS : 0x00ED1000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
	ADDRESS : 0x00EDD000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
	ADDRESS : 0x00D99000
	SIZE    : 368.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
	ADDRESS : 0x00FC9000
	SIZE    : 104.0 Ko




	DRIVER  : C:\Windows\system32\drivers\iaStor.sys => Invisible on the disk
	ADDRESS : 0x01026000
	SIZE    : 3.64 Mo




	DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
	ADDRESS : 0x013CA000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
	ADDRESS : 0x01414000
	SIZE    : 304.0 Ko




	DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
	ADDRESS : 0x01460000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\MpFilter.sys => Invisible on the disk
	ADDRESS : 0x01474000
	SIZE    : 288.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
	ADDRESS : 0x0160A000
	SIZE    : 1.65 Mo




	DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
	ADDRESS : 0x014BC000
	SIZE    : 376.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
	ADDRESS : 0x017B1000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
	ADDRESS : 0x0151A000
	SIZE    : 468.0 Ko




	DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
	ADDRESS : 0x017CC000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
	ADDRESS : 0x017DD000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
	ADDRESS : 0x018F5000
	SIZE    : 972.0 Ko




	DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
	ADDRESS : 0x01800000
	SIZE    : 388.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
	ADDRESS : 0x01861000
	SIZE    : 172.0 Ko




	DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
	ADDRESS : 0x01A02000
	SIZE    : 1.98 Mo




	DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
	ADDRESS : 0x0188C000
	SIZE    : 292.0 Ko




	DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
	ADDRESS : 0x0158F000
	SIZE    : 304.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
	ADDRESS : 0x018D5000
	SIZE    : 32.0 Ko




	DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
	ADDRESS : 0x01CAA000
	SIZE    : 232.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\RapportKE64.sys => Invisible on the disk
	ADDRESS : 0x01CE4000
	SIZE    : 464.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\RapportHades64.sys => Invisible on the disk
	ADDRESS : 0x01D58000
	SIZE    : 216.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\nvpciflt.sys => Invisible on the disk
	ADDRESS : 0x01D8E000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
	ADDRESS : 0x01D99000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
	ADDRESS : 0x01DAB000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
	ADDRESS : 0x01DB4000
	SIZE    : 232.0 Ko




	DRIVER  : C:\Windows\system32\drivers\disk.sys => Invisible on the disk
	ADDRESS : 0x01C00000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk
	ADDRESS : 0x01C15000
	SIZE    : 192.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
	ADDRESS : 0x04600000
	SIZE    : 168.0 Ko




	DRIVER  : C:\Windows\System32\drivers\Bfilter.sys => Invisible on the disk
	ADDRESS : 0x049E8000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\drivers\Bfmon.sys => Invisible on the disk
	ADDRESS : 0x01C53000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
	ADDRESS : 0x031C2000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
	ADDRESS : 0x031CB000
	SIZE    : 28.0 Ko




	DRIVER  : C:\Windows\System32\drivers\Bprotect.sys => Invisible on the disk
	ADDRESS : 0x031D2000
	SIZE    : 120.0 Ko




	DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
	ADDRESS : 0x031F0000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
	ADDRESS : 0x01C5E000
	SIZE    : 148.0 Ko




	DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
	ADDRESS : 0x01C83000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
	ADDRESS : 0x01C93000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
	ADDRESS : 0x01C9C000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
	ADDRESS : 0x01DEE000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\drivers\wsddfac.sys => Invisible on the disk
	ADDRESS : 0x018DD000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
	ADDRESS : 0x018E9000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
	ADDRESS : 0x019E8000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
	ADDRESS : 0x015DB000
	SIZE    : 136.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
	ADDRESS : 0x017E7000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
	ADDRESS : 0x04E8B000
	SIZE    : 276.0 Ko




	DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
	ADDRESS : 0x04ED0000
	SIZE    : 548.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
	ADDRESS : 0x04F59000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
	ADDRESS : 0x04F62000
	SIZE    : 152.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
	ADDRESS : 0x04F88000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\wsddntf.sys => Invisible on the disk
	ADDRESS : 0x04F9E000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
	ADDRESS : 0x04FAA000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
	ADDRESS : 0x04FC2000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk
	ADDRESS : 0x04FDD000
	SIZE    : 80.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
	ADDRESS : 0x04E00000
	SIZE    : 324.0 Ko




	DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
	ADDRESS : 0x04DA2000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk
	ADDRESS : 0x04DAE000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
	ADDRESS : 0x04DB9000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
	ADDRESS : 0x04DC8000
	SIZE    : 124.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
	ADDRESS : 0x04DE7000
	SIZE    : 68.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
	ADDRESS : 0x04C00000
	SIZE    : 152.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\wmiacpi.sys => Invisible on the disk
	ADDRESS : 0x04C26000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
	ADDRESS : 0x0F44C000
	SIZE    : 12.21 Mo




	DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
	ADDRESS : 0x10083000
	SIZE    : 980.0 Ko




	DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
	ADDRESS : 0x10178000
	SIZE    : 280.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
	ADDRESS : 0x102D6000
	SIZE    : 14.07 Mo




	DRIVER  : C:\Windows\system32\DRIVERS\iusb3xhc.sys => Invisible on the disk
	ADDRESS : 0x110E7000
	SIZE    : 784.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
	ADDRESS : 0x111AB000
	SIZE    : 8.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\HECIx64.sys => Invisible on the disk
	ADDRESS : 0x111AD000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\system32\drivers\usbehci.sys => Invisible on the disk
	ADDRESS : 0x111C0000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\system32\drivers\USBPORT.SYS => Invisible on the disk
	ADDRESS : 0x10200000
	SIZE    : 348.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk
	ADDRESS : 0x10257000
	SIZE    : 144.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\athrx.sys => Invisible on the disk
	ADDRESS : 0x05AD3000
	SIZE    : 4.13 Mo




	DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
	ADDRESS : 0x05EF5000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk
	ADDRESS : 0x05F02000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
	ADDRESS : 0x05F1D000
	SIZE    : 120.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk
	ADDRESS : 0x05F3B000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\Apfiltr.sys => Invisible on the disk
	ADDRESS : 0x05F4A000
	SIZE    : 424.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
	ADDRESS : 0x05FB4000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
	ADDRESS : 0x05FC3000
	SIZE    : 20.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk
	ADDRESS : 0x05FC8000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk
	ADDRESS : 0x05FDE000
	SIZE    : 64.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
	ADDRESS : 0x05A00000
	SIZE    : 88.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
	ADDRESS : 0x05A16000
	SIZE    : 144.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
	ADDRESS : 0x05A3A000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
	ADDRESS : 0x05A46000
	SIZE    : 188.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
	ADDRESS : 0x05A75000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
	ADDRESS : 0x05A90000
	SIZE    : 132.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
	ADDRESS : 0x05AB1000
	SIZE    : 104.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk
	ADDRESS : 0x05ACB000
	SIZE    : 8.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
	ADDRESS : 0x1027B000
	SIZE    : 268.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\btath_bus.sys => Invisible on the disk
	ADDRESS : 0x05FEE000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk
	ADDRESS : 0x102BE000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\system32\drivers\nvvad64v.sys => Invisible on the disk
	ADDRESS : 0x111D2000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
	ADDRESS : 0x101BE000
	SIZE    : 244.0 Ko




	DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
	ADDRESS : 0x0F400000
	SIZE    : 136.0 Ko




	DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
	ADDRESS : 0x05ACD000
	SIZE    : 24.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\nvvhci.sys => Invisible on the disk
	ADDRESS : 0x111E0000
	SIZE    : 60.0 Ko




	DRIVER  : C:\Windows\system32\drivers\usbhub.sys => Invisible on the disk
	ADDRESS : 0x04C2F000
	SIZE    : 360.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
	ADDRESS : 0x0F422000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\iusb3hub.sys => Invisible on the disk
	ADDRESS : 0x0609C000
	SIZE    : 372.0 Ko




	DRIVER  : C:\Windows\system32\drivers\CHDRT64.sys => Invisible on the disk
	ADDRESS : 0x0620D000
	SIZE    : 1.58 Mo




	DRIVER  : C:\Windows\system32\DRIVERS\IntcDAud.sys => Invisible on the disk
	ADDRESS : 0x063A2000
	SIZE    : 344.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\usbVM305.sys => Invisible on the disk
	ADDRESS : 0x06404000
	SIZE    : 1.47 Mo




	DRIVER  : C:\Windows\System32\Drivers\STREAM.SYS => Invisible on the disk
	ADDRESS : 0x0657D000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\system32\drivers\vvftav.sys => Invisible on the disk
	ADDRESS : 0x0658F000
	SIZE    : 296.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\CtClsFlt.sys => Invisible on the disk
	ADDRESS : 0x060F9000
	SIZE    : 172.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\USBSTOR.SYS => Invisible on the disk
	ADDRESS : 0x065D9000
	SIZE    : 108.0 Ko




	DRIVER  : C:\Windows\system32\drivers\hidusb.sys => Invisible on the disk
	ADDRESS : 0x06124000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\system32\drivers\HIDCLASS.SYS => Invisible on the disk
	ADDRESS : 0x06132000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\system32\drivers\HIDPARSE.SYS => Invisible on the disk
	ADDRESS : 0x065F4000
	SIZE    : 36.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk
	ADDRESS : 0x06200000
	SIZE    : 52.0 Ko




	DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
	ADDRESS : 0x00090000
	SIZE    : 3.16 Mo




	DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
	ADDRESS : 0x0619A000
	SIZE    : 48.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
	ADDRESS : 0x061A6000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dump_iaStor.sys => Invisible on the disk
	ADDRESS : 0x0462A000
	SIZE    : 3.64 Mo




	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
	ADDRESS : 0x061B4000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\system32\drivers\usbccgp.sys => Invisible on the disk
	ADDRESS : 0x061C7000
	SIZE    : 116.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
	ADDRESS : 0x06000000
	SIZE    : 184.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
	ADDRESS : 0x0602E000
	SIZE    : 56.0 Ko




	DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
	ADDRESS : 0x004F0000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
	ADDRESS : 0x00790000
	SIZE    : 156.0 Ko




	DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
	ADDRESS : 0x0603C000
	SIZE    : 140.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\stflt.sys => Invisible on the disk
	ADDRESS : 0x0605F000
	SIZE    : 176.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
	ADDRESS : 0x0614B000
	SIZE    : 84.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
	ADDRESS : 0x06ADB000
	SIZE    : 332.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
	ADDRESS : 0x06B2E000
	SIZE    : 76.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
	ADDRESS : 0x06B41000
	SIZE    : 96.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\TurboB.sys => Invisible on the disk
	ADDRESS : 0x06B59000
	SIZE    : 28.0 Ko




	DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
	ADDRESS : 0x06A00000
	SIZE    : 800.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
	ADDRESS : 0x06B60000
	SIZE    : 116.0 Ko




	DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
	ADDRESS : 0x06B7D000
	SIZE    : 96.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
	ADDRESS : 0x06B95000
	SIZE    : 180.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
	ADDRESS : 0x06E04000
	SIZE    : 312.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
	ADDRESS : 0x06E52000
	SIZE    : 144.0 Ko




	DRIVER  : C:\Windows\system32\Drivers\rikvm_9EC60124.sys => Invisible on the disk
	ADDRESS : 0x076D9000
	SIZE    : 6.28 Mo




	DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
	ADDRESS : 0x07D21000
	SIZE    : 680.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
	ADDRESS : 0x07DCB000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
	ADDRESS : 0x07600000
	SIZE    : 196.0 Ko




	DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
	ADDRESS : 0x07631000
	SIZE    : 72.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
	ADDRESS : 0x07652000
	SIZE    : 416.0 Ko




	DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
	ADDRESS : 0x06EE5000
	SIZE    : 596.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
	ADDRESS : 0x06F7A000
	SIZE    : 216.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\NisDrvWFP.sys => Invisible on the disk
	ADDRESS : 0x07DD5000
	SIZE    : 128.0 Ko




	DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
	ADDRESS : 0x06FE6000
	SIZE    : 100.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\WUDFRd.sys => Invisible on the disk
	ADDRESS : 0x06FB0000
	SIZE    : 216.0 Ko




	DRIVER  : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk
	ADDRESS : 0x0BAFA000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
	ADDRESS : 0x47EA0000
	SIZE    : 128.0 Ko




	SystemStartOptions :  NOEXECUTE=OPTIN




	________________________________________________________________________________




	_______MBR   \Device\Harddisk0\DR0  




	0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
	0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
	0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 10 01 83 C5 10   ½¾..~..|......Å.
	0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
	0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
	0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
	0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
	0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
	0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
	0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1E FE   .v..N..n.Í.fas.þ
	0x000000A0   4E 11 0F 85 0C 00 80 7E 00 80 0F 84 8A 00 B2 80   N......~......².
	0x000000B0   EB 82 55 32 E4 8A 56 00 CD 13 5D EB 9C 81 3E FE   ë.U2ä.V.Í.]ë..>þ
	0x000000C0   7D 55 AA 75 6E FF 76 00 E8 8A 00 0F 85 15 00 B0   }Uªun.v.è......°
	0x000000D0   D1 E6 64 E8 7F 00 B0 DF E6 60 E8 78 00 B0 FF E6   Ñædè..°ßæ`èx.°.æ
	0x000000E0   64 E8 71 00 B8 00 BB CD 1A 66 23 C0 75 3B 66 81   dèq.¸.»Í.f#Àu;f.
	0x000000F0   FB 54 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07   ûTCPAu2.ù..r,fh.
	0x00000100   BB 00 00 66 68 00 02 00 00 66 68 08 00 00 00 66   »..fh....fh....f
	0x00000110   53 66 53 66 55 66 68 00 00 00 00 66 68 00 7C 00   SfSfUfh....fh.|.
	0x00000120   00 66 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00   .fah...Í.Z2öê.|.
	0x00000130   00 CD 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07   .Í..·.ë..¶.ë..µ.
	0x00000140   32 E4 05 00 07 8B F0 AC 3C 00 74 FC BB 07 00 B4   2ä....ð¬<.tü»..´
	0x00000150   0E CD 10 EB F2 2B C9 E4 64 EB 00 24 02 E0 F8 24   .Í.ëò+Éädë.$.àø$
	0x00000160   02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 74   .ÃInvalid partit
	0x00000170   69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 20   ion table.Error 
	0x00000180   6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 6E   loading operatin
	0x00000190   67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E 67   g system.Missing
	0x000001A0   20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 65    operating syste
	0x000001B0   6D 00 00 00 00 62 7A 99 5D 4E 2A 87 00 00 00 01   m....bz.]N*.....
	0x000001C0   01 00 DE 03 3F 04 3F 00 00 00 86 39 01 00 80 19   ..Þ.?.?....9....
	0x000001D0   15 05 07 FE FF FF 00 40 01 00 00 F0 B9 01 00 FE   ...þ...@...ð¹..þ
	0x000001E0   FF FF 07 FE FF FF 00 30 BB 01 00 30 B5 72 00 00   ...þ...0»..0µr..
	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª




	_______MBR   \Device\Harddisk1\DR1  




	0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001C0   21 00 07 22 D5 CD 20 00 00 00 E0 8B EE 00 00 00   !.."ÕÍ ...à.î...
	0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
	

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Farbar Service Scanner Version: 27-01-2016
Ran by Convidado (administrator) on 14-09-2017 at 15:53:30
Running from "C:\Users\Convidado\Documents\programas baixados\far bar service scanner"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Para o amigo sr. Xerlouco, e quem puder me ajudar, agradeço pela atenção.

Sucesso para todos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) clicando em Download Gratuito.

Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Ao terminar a instalação, clique em Concluir. Aguarde o programa ser aberto;
  • No alto à direita clique em Atualizar agora. O navegador irá abrir, pode fechá-lo. Se houver atualizações a serem feitas, serão baixadas e instaladas;
  • Ao final da atualização, no painel à esquerda, clique em Configurações. Na aba Proteção, ative Procurar rootkits;
  • Depois, no painel à esquerda, clique em Análise. Em seguida, clique no botão Iniciar Análise;
  • Começará então o exame. Aguarde, pois pode demorar. Ao terminar, uma janela irá se abrir próximo ao relógio;
  • Nela, clique em Ver Resultado. Deixe todas as entradas marcadas e clique no botão Colocar em Quarentena;
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo);
  • O log é automaticamente salvo pelo MBAM. Para exportá-lo, clique  na aba Relatórios -> Registro de aplicativos na janela principal do programa após a desinfecção ter sido realizada;
  • Clique duas vezes em cima do log mais atual e exporte em .TXT;
  • Selecione, copie e cole todo o conteúdo deste log em sua próxima resposta.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 14/09/2017
Hora da verificação: 23:46
Arquivo de registro: log malwarebytes.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2017.09.15.01
Banco de dados de rootkit: v2017.09.13.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Convidado

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 335847
Tempo decorrido: 42 min, 20 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 1
Adware.Wajam, C:\Windows\9b3141894d51cf986fc52a45b9d536f5.exe, , [8924793b347577bf855e014d0ef250b0], 

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu AntiVirus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu desktop.

Dê um duplo clique no seu ícone no desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Hide advanced settings e marque:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats.
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Copie e cole o conteúdo em sua próxima resposta.
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\Program Files (x86)\Attuenttihole\@E9438230-A7DF-4D1F-8F2D-CA1D0F0F7924.xpi    JS/Mindspark.D potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A potentially unsafe application    cleaned by deleting
C:\Users\Convidado\Documents\programas baixados\Baixaki_free-easy-slideshow-maker.exe    a variant of Win32/InstallCore.AVP potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\analizador de espectro\Baixaki_cd-spectrum-pro.exe    a variant of Win32/InstallCore.AMD potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\ccleanner\ccsetup528.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\hypercam\Baixaki_hypercam.exe    a variant of Win32/InstallCore.AKX potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\medidor de consumo internet\Baixaki_networx.exe    a variant of Win32/InstallCore.AQK potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\paint net\paint-net-3511497723443-32-bits.exe    a variant of Win32/InstallCore.PF potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\pgm HijackThis 2.0.5\backups\backup-20120805-165034-663.dll    a variant of Win32/Toolbar.Softomate.A potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\pgm power converter mp3\PowerConvertor.EXE    a variant of Win32/Complitly.A potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Documents\programas baixados\real alternative player RMVB\real-alternative-202-superdownloads-32-bits.exe    a variant of Win32/InstallCore.AW potentially unwanted application    cleaned by deleting
C:\Users\Fabua\Downloads\Songr-2-Portable.zip    a variant of MSIL/Xamasoft.A potentially unwanted application    deleted
C:\Users\Fabua\Downloads\Songr\Songr.Core.dll    a variant of MSIL/Xamasoft.A potentially unwanted application    cleaned by deleting
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos durante a execução das ferramentas abaixo.


1 - Baixe o AdwCleaner e salve no desktop.

http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


2 - Baixe o JRT e salve no desktop.

http://downloads.malwarebytes.org/file/jrt

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.


3 - Baixe o ZHPCleaner e salve no desktop.

http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluída a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

oi amigo Xerlouco, segui todos procedimentos que você me indicou.

Segue o log do ZHP Cleaner. 

____________________________

~ ZHPCleaner v2017.9.18.163 by Nicolas Coolman (2017/09/18)
~ Run by Convidado (Administrator)  (18/09/2017 14:42:12)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Reparo
~ Report : C:\Users\Convidado\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Convidado\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (1)
SUPRIMIDO tarefas: [AutoKMS] [C:\Windows\Tasks\AutoKMS.job (Not File) ]  =>HackTool.AutoKMS


---\\  Explorer ( Arquivos, Pastas) (6)
MOVIDO pasta: C:\Windows\Tasks\AutoKMS.job    =>HackTool.AutoKMS
MOVIDO arquivo*: C:\Program Files\Sound+  =>Adware.Kazy
MOVIDO arquivo*: C:\Windows\AutoKMS  =>HackTool.AutoKMS
MOVIDO arquivo*: C:\Windows\System32\config\systemprofile\AppData\Roaming\{90140011-0066-0416-0000-0000000FF1CE}  =>Heuristic.Suspect
MOVIDO arquivo*: C:\Users\Fabua\AppData\Roaming\Store  =>.SUP.Nosibay
MOVIDO arquivo*: C:\Users\Fabua\AppData\LocalLow\Delta  =>.SUP.DeltaSearch


---\\  Registro ( Chaves, Valores, Dados ) (86)
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{93FF22E1-3479-4C3B-9920-38B63AA6C740}\\DhcpNameServer [Bad : 201.55.232.96 201.55.232.41]  =>Hijacker.Browser
SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 201.55.232.96 201.55.232.41]  =>Hijacker.Browser
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97 [Avast Software]  =>PUM.Misplaced.Certificate
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\SpeedUpMyPC [URL:SpeedUpMyPC Protocol]  =>.SUP.SpeedUpMyPC
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Prod.cap []  =>PUP.Optional.ClaroSearch
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool]  =>Toolbar.Ask
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\driverscanner []  =>PUP.Optional.DriverScanner
SUPRIMIDO chave*: [X64] HKLM\Software\Classes\Installer\Products\436DABD223008E24A8404BFC5C60E20B [Iminent]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\IObitUnlocker []  =>.SUP.Elex
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update WiseEnhance []  =>PUP.Optional.WiseEnhance
SUPRIMIDO chave*: HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util WiseEnhance []  =>PUP.Optional.WiseEnhance
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\soundplus-installer_RASAPI32 []  =>Adware.Kazy
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\soundplus-installer_RASMANCS []  =>Adware.Kazy
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F71371A90E93D605C8B0A71F163F625C []  =>PUP.Optional.Generic
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Babylon []  =>Adware.Babylon
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\V9Software []  =>PUP.Optional.V9Software
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA} [IStatedContract]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49} [_LogoutCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460} [_LoginCommand]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36} [IBrowserHelperObject]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} [IScriptExtender]  =>PUP.Optional.IMBooster
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920} [_LightUri]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3} [_PlayContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861} [_VariableChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065} [ITinyfyingArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA} [_AddToUserContentCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000} [IServerResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4} [_TinyUrlArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D} [_RawDataArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0} [_ShowPluginWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C} [_LightContent]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9} [_WarmUpCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08} [_CheckLoginStatusCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4} [_WelcomeCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C} [_ShowBrowserWindowCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37} [IMediatorClient]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0} [_ShowControlCenterCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003} [IServerCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4} [ICoordCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D} [_GetVariableResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5} [_GetLoginStatusResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A} [_DownloadArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D} [_GameOverCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA} [IMediatorServiceProxy]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75} [_InstallationContextResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556} [IContractBase]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C} [_CleanCacheCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500} [_GetInstallationContextCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205} [_LoginStatusChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED} [_MergeIdentityCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25} [_SetVariableCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D} [_MyAccountCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3} [IHWndContract]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7} [_PostContentCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01} [_RecycleViewsCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2} [_UserContentChangedCallback]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587} [_GetCreditCommand]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4} [_LinkToPromoteArgs]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B} [_LoadContentCommandResult]  =>PUP.Optional.RewardsArcade
SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7} [_ViralLinkArgs]  =>PUP.Optional.RewardsArcade


---\\  Resumo dos elementos encontrados na sua estação de trabalho (18)
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://www.anti-malware.top/2016/08/09/adware-kazy/  =>Adware.Kazy
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://www.anti-malware.top/2016/05/03/superfluous-nosibay/  =>.SUP.Nosibay
https://www.nicolascoolman.com/fr/toolbar-deltasearch/  =>.SUP.DeltaSearch
https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/  =>Hijacker.Browser
https://nicolascoolman.eu/2017/06/26/trojan-certlock/  =>PUM.Misplaced.Certificate
https://www.anti-malware.top/2016/08/15/speedupmypc/  =>.SUP.SpeedUpMyPC
https://www.nicolascoolman.com/fr/pup-clarosearch/  =>PUP.Optional.ClaroSearch
https://nicolascoolman.eu/2017/02/28/toolbar-ask/  =>Toolbar.Ask
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.DriverScanner
https://nicolascoolman.eu/2017/09/08/adware-imbooster/  =>PUP.Optional.IMBooster
https://nicolascoolman.eu/2017/03/28/superfluous-elex/  =>.SUP.Elex
https://www.nicolascoolman.com/fr/pup-wiseenhance/  =>PUP.Optional.WiseEnhance
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Generic
https://nicolascoolman.eu/2017/03/03/adware-babylon/  =>Adware.Babylon
https://www.nicolascoolman.com/fr/pup-v9software/  =>PUP.Optional.V9Software
https://www.nicolascoolman.com/fr/pup-rewardsarcade/  =>PUP.Optional.RewardsArcade


---\\  Dodatkowe oczyszczenie. (56)
~ Chave de registro Tracing Supprimido (56)
~ Remover os relatórios antigos ZHPCleaner. (0)


---\\ Resultado de reparação
Reparação efectuada com sucesso
~ Este navegador está faltando ! (Mozilla Firefox)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 824
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 93


~ End of clean in 00h02mn02s
~====================
ZHPCleaner-[R]-18092017-14_44_14.txt
ZHPCleaner--18092017-14_39_50.txt
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando o ZHP Cleaner estava fazendo a varredura no sistema, apareceu por 2x uma tela com mensagem perguntando "você instalou este server?" 

eu cliquei em Não, nas duas telas.

Fiquei com medo, acabei não pegando o IP para postar aqui. O que será que pode ser isso?

Compartilhar este post


Link para o post
Compartilhar em outros sites

MOVIDO arquivo*: C:\Windows\AutoKMS  =>HackTool.AutoKMS

Seu "técnico" usou um Cracker chamado AutoKMS para habilitar o Windows\Office...

Isso é considerado pirataria e eu não posso ajudá-la desta forma, podendo até inutilizar seu PC com o uso de Ferramentas de desinfecção

Sugiro que você entre em contato com a Microsoft ou com um revendedor autorizado.

Central de Atendimento Microsoft:
0800 761-7454

Atendimento ao Cliente

http://support.microsoft.com/contactus

Boa sorte.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

×