Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware Removal

Started by itc1991 , Apr 16 2017 11:16 PM

Please log in to reply

#16
itc1991

Posted 20 April 2017 - 09:18 AM

Member

Topic Starter
Member
24 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2017 01

Ran by Ines (20-04-2017 16:10:13)

Running from C:\Users\Ines\Desktop

Windows 10 Home Version 1607 (X64) (2016-09-15 00:46:08)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-676550262-2765486237-767571021-500 - Administrator - Disabled) => C:\Users\Administrator

DefaultAccount (S-1-5-21-676550262-2765486237-767571021-503 - Limited - Disabled)

Guest (S-1-5-21-676550262-2765486237-767571021-501 - Limited - Disabled)

Ines (S-1-5-21-676550262-2765486237-767571021-1001 - Administrator - Enabled) => C:\Users\Ines

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

FW: Avast Antivirus (Enabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)

Advanced Calendar 2.0.0.11380 (HKLM\...\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}) (Version: 2.0.0.11380 - MEIXIAN XIE) <==== ATTENTION

Avast Internet Security (HKLM-x32\...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)

CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)

ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)

Google Update Helper (x32 Version: 1.3.33.3 - Google Inc.) Hidden

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-676550262-2765486237-767571021-500\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Popcorn Time CE YIFY (HKLM-x32\...\{F9BC7890-4FE5-4391-8C59-CD0C556EF115}) (Version: 1.0.0 - YIFY.is) <==== ATTENTION

Proteção de Terminal Trusteer (HKLM-x32\...\Rapport_msi) (Version: 3.5.1804.96 - Trusteer)

Rapport (x32 Version: 3.5.1804.96 - Trusteer) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)

SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.61.0 - Samsung Electronics Co., Ltd.)

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)

Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.)

Smart Switch (x32 Version: 4.1.16121.3 - Samsung Electronics Co., Ltd.) Hidden

Tools Assist (HKLM-x32\...\{3CA099AA-D173-49e0-B3EA-145D67934BB5}) (Version: 1.0.0.61 - Jinju Wang)

WinRAR 5.40 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12EBC6BC-99C4-46E4-BA21-1B8AF413BFD2} - System32\Tasks\{C1CE6231-3874-4432-89CE-D86D19A829FE} => C:\Program Files (x86)\ToolsAssist\toolserv.exe [2015-11-16] ()

Task: {582A1B47-5676-4BC8-851C-53D3C3F75982} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-04-03] (AVAST Software)

Task: {85013611-6C73-4191-ACEA-703FCC1890F4} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-09-24] (Realtek Semiconductor)

Task: {C3BB9EB5-B115-4AE8-9DB8-BF9D21CFEF60} - System32\Tasks\SafeZone scheduled Autoupdate 1458699171 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)

Task: {C7C868B1-3829-46FE-BAF1-EF51DA526117} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-13] (Adobe Systems Incorporated)

Task: {CFDBA839-1AD3-4C90-8D58-B719C7AECC18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)

Task: {D6C974C2-5DDA-4413-B139-E99A55F57011} - System32\Tasks\{CB67D0D5-746F-41CA-820D-EE2154015763} => pcalua.exe -a "C:\Program Files (x86)\Wondershare\MobileGo-b\unins000.exe" -c /WAF

Task: {E04C6F3F-F6F0-4C80-8EFC-17E9E25AB63E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)

Task: {E328D6E8-3E4A-453A-A3EC-E662A399E6A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-01] (Google Inc.)

Task: {E4890EDD-34A3-4973-8E4C-2679226DC041} - System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873} => C:\Program Files (x86)\tools\update\tools_update.exe [2016-07-04] ()

Task: {E6516078-B278-4618-901E-BD152339EF59} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-04-17] (Microsoft Corporation)

Task: {EC01C9B9-4C00-4550-91BC-635B2E778393} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-04-12 00:34 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-09-24 14:15 - 2015-09-24 14:13 - 00008192 _____ () C:\WINDOWS\SysWOW64\srvany.exe

2015-09-24 14:15 - 2015-09-24 14:13 - 00151552 _____ () C:\WINDOWS\KMService.exe

2015-11-16 09:48 - 2015-11-16 09:48 - 00202872 _____ () C:\Program Files (x86)\ToolsAssist\toolserv.exe

2017-04-12 00:34 - 2017-03-28 07:22 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-09-16 09:08 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll

2017-03-27 22:12 - 2017-03-04 07:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll

2017-03-27 22:13 - 2017-03-04 07:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2017-03-27 22:13 - 2017-03-04 07:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2017-03-27 22:13 - 2017-03-04 07:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll

2017-04-12 00:33 - 2017-03-28 06:08 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2017-04-12 00:34 - 2017-03-28 06:11 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-11-16 09:47 - 2015-11-16 09:47 - 00374392 _____ () C:\Program Files (x86)\ToolsAssist\1.0.0.61\ErrorReport.exe

2017-04-07 14:39 - 2017-04-07 14:40 - 01695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57631.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll

2017-04-19 08:40 - 2017-04-19 08:41 - 13095104 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.8067.57631.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll

2017-04-10 19:47 - 2017-04-10 19:47 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2017-04-10 19:47 - 2017-04-10 19:47 - 00189952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2017-04-10 19:47 - 2017-04-10 19:47 - 42507264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2017-04-10 19:47 - 2017-04-10 19:47 - 02334184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.13.133.0_x64__kzf8qxf38zg5c\skypert.dll

2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll

2017-04-06 17:11 - 2017-03-29 03:04 - 02187096 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libglesv2.dll

2017-04-06 17:11 - 2017-03-29 03:04 - 00086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\libegl.dll

2017-04-03 13:04 - 2017-04-03 13:04 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll

2016-09-27 04:49 - 2016-09-27 04:49 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2017-04-03 13:04 - 2017-04-03 13:04 - 00176480 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll

2017-04-03 13:03 - 2017-04-03 13:03 - 00293936 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

2017-04-03 13:04 - 2017-04-03 13:04 - 00653520 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 23:42 - 2015-12-15 08:43 - 00000828 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-676550262-2765486237-767571021-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img3.jpg

HKU\S-1-5-21-676550262-2765486237-767571021-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 194.168.4.100 - 194.168.8.100

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: RapportMgmtService => 2

MSCONFIG\Services: SkypeUpdate => 2

MSCONFIG\Services: ss_conn_service => 2

MSCONFIG\Services: TheCalendarService => 2

MSCONFIG\Services: ThevSnapshotService => 2

MSCONFIG\Services: WsAppService => 2

HKU\S-1-5-21-676550262-2765486237-767571021-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_F27EA6D051630301532E4448EA4CB627"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [UDP Query User{78489B7D-833D-4983-BB86-69B2C8B8AC75}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe

FirewallRules: [TCP Query User{0245BDB9-200E-43D6-8AF9-13EB157F2E63}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe

FirewallRules: [UDP Query User{C1276135-AB7A-4031-BCC5-A2B6BBB73F0F}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe

FirewallRules: [TCP Query User{C9AB8833-55F9-452B-BCFB-8100E5891821}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe

FirewallRules: [UDP Query User{5A146B14-BCB2-4772-AFA4-00A22A186B1E}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe

FirewallRules: [TCP Query User{72C3EC5C-C568-477F-961C-7194E494F94D}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe

FirewallRules: [UDP Query User{9EA966B9-556F-4354-AF55-D3BE605F6E3D}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [TCP Query User{807F9233-F000-4831-A56E-6D5D2ADCFBCB}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe

FirewallRules: [{4ACF7381-54FB-4427-B994-79440DFEAC4C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{76145384-E83B-4C3B-BA6D-6B73132145EC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{E9E4C848-96F8-438F-92BD-C165283429D5}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{EDA216C9-D454-43A3-A0A6-6D37F21DEA50}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{59CB3062-2ED7-4F04-A8FC-321A8C0178EC}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{4A7C3A2F-A92D-4CD7-ABDA-AC7355A582D4}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{5D109965-DBEA-47EE-AAFF-B95F77B3DAC3}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{ACAE99DA-503B-4B81-855F-173819B1FA35}] => (Allow) C:\Users\Ines\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [TCP Query User{E5CDCA50-71E3-4BBB-B855-B545264477FF}C:\users\ines\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\nw.exe

FirewallRules: [UDP Query User{60633A92-7D04-49CB-BB62-D07F8391F0BA}C:\users\ines\appdata\local\popcorn time\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time\nw.exe

FirewallRules: [{A2E11485-2C2F-4252-AC1F-4F506A2C1F31}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1540D5A5-8212-451D-8630-D8AE9FA3E862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [TCP Query User{23448DF1-0859-479C-A1B7-449CD8DF1C04}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{8A73BB8A-49C8-419E-BBE2-EE44976CCA75}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [{4AFA8EFA-2D8C-4440-846A-610D26BF76CC}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe

FirewallRules: [{79F73384-AF36-45C7-BA5F-ECF4061CB9A5}] => (Allow) C:\Program Files (x86)\SpringFiles\SpringFiles.exe

FirewallRules: [{C3EAA71B-E581-46C3-8E4D-E6F1F04B9D66}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe

FirewallRules: [{D6DA0916-45FA-4AB4-9F74-9C3FFCBAA675}] => (Allow) C:\Program Files (x86)\SpringFiles\downloader.exe

FirewallRules: [{4014DB3D-16D8-4C1B-9C55-D1C7C23FC570}] => (Allow) C:\Users\Ines\AppData\Local\Chromium\Application\chrome.exe

FirewallRules: [TCP Query User{426F5CE8-B4DA-416C-87F9-80A1CB49C5C0}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe

FirewallRules: [UDP Query User{A99D6071-DA41-4627-923D-CAA07AA46504}C:\users\ines\appdata\local\popcorn time ce yify\nw.exe] => (Allow) C:\users\ines\appdata\local\popcorn time ce yify\nw.exe

FirewallRules: [TCP Query User{1761F61F-6AC3-49DB-8EC7-7B6D19CA9339}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe

FirewallRules: [UDP Query User{481F4C6A-2645-4528-A0C7-332B88C626E6}C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe] => (Block) C:\program files (x86)\wondershare\mobilego-b\mobilegoservice.exe

FirewallRules: [TCP Query User{E04C7540-AA92-476D-A988-D3829ABFE61C}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe

FirewallRules: [UDP Query User{D09C24F5-0F9E-48FC-8B6C-C77A4AE88083}C:\program files (x86)\wondershare\mobilego-b\mobilego.exe] => (Allow) C:\program files (x86)\wondershare\mobilego-b\mobilego.exe

FirewallRules: [{7DB03B3D-8FAC-4F10-A7B4-6370CC87958C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.590\SZBrowser.exe

FirewallRules: [{38840991-5DB3-4AC9-AD36-99B36E8F56A1}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe

FirewallRules: [{EB60C1F1-C5F3-4873-947E-04583B0FA516}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/20/2017 03:16:26 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: O procedimento Open para o serviço "BITS" na DLL "C:\Windows\System32\bitsperf.dll" falhou. Os dados de desempenho para este serviço não estarão disponíveis. Os primeiros quatro bytes (DWORD) da secção Data contêm o código de erro.

Error: (04/20/2017 02:02:34 AM) (Source: Windows Search Service) (EventID: 3104) (User: )

Description: Falha ao enumerar sessões de utilizador para geração de conjuntos de filtros.

Details:

(HRESULT : 0x80040210) (0x80040210)

System errors:

=============

Error: (04/20/2017 05:09:54 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (04/20/2017 05:09:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

e APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

ao SID (S-1-5-18) de utilizador NT AUTHORITY\SYSTEM a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (04/19/2017 08:33:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

e APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

ao SID (S-1-5-19) de utilizador NT AUTHORITY\LOCAL SERVICE a partir do endereço LocalHost (Using LRPC) em execução no SID (Unavailable) de contentor aplicacional Unavailable. Esta permissão de segurança pode ser modificada utilizando a ferramenta administrativa de Serviços de Componentes.

Error: (04/19/2017 08:33:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

e APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (04/19/2017 08:33:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

e APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

Error: (04/19/2017 08:26:08 AM) (Source: volmgr) (EventID: 46) (User: )

Description: Falha na inicialização da imagem de erro!

Error: (04/19/2017 06:17:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

e APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

Error: (04/18/2017 11:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

e APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (04/18/2017 11:56:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}

e APPID

{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}

Error: (04/18/2017 11:56:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: As definições de permissão de application-specific não concedem permissão de Local Activation para a aplicação de Servidor COM com CLSID

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

e APPID

{F72671A9-012C-4725-9D2F-2A4D32D65169}

==================== Memory info ===========================

Processor: Quad-Core Processor (up to 1.4GHz)

Percentage of memory in use: 67%

Total physical RAM: 3526.92 MB

Available physical RAM: 1141.07 MB

Total Virtual: 4166.92 MB

Available Virtual: 1045.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.7 GB) (Free:54.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 5B77F2A0)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=118.7 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

#17
itc1991

Posted 20 April 2017 - 09:28 AM

Member

Topic Starter
Member
24 posts

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer

System Idle Process 93.83 0 K 4 K 0

procexp64.exe 3.17 23 132 K 54 016 K 5912 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

dwm.exe 0.92 53 184 K 47 884 K 900

Interrupts 0.73 0 K 0 K n/a Hardware Interrupts and DPCs

System 0.44 124 K 136 K 4

csrss.exe 0.32 3 552 K 5 576 K 628

RapportService.exe 0.20 61 972 K 35 936 K 1840

chrome.exe 0.07 169 364 K 139 644 K 6116 Google Chrome Google Inc. (Verified) Google Inc

explorer.exe 0.06 48 096 K 95 392 K 724 Explorador do Windows Microsoft Corporation (Verified) Microsoft Windows

RapportMgmtService.exe 0.06 65 328 K 27 476 K 1588 RapportMgmtService IBM Corp. (Verified) IBM

svchost.exe 0.04 7 620 K 16 976 K 1520 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

osk.exe 0.03 6 304 K 21 752 K 7356

AvastSvc.exe 0.03 157 828 K 40 920 K 2148 Avast Service AVAST Software (Verified) AVAST Software s.r.o.

conhost.exe 0.03 1 328 K 4 888 K 2820

aswidsagenta.exe 0.02 22 644 K 36 276 K 3288 Avast Behavior Shield AVAST Software s.r.o. (Verified) AVAST Software s.r.o.

CCleaner64.exe 0.02 9 936 K 1 260 K 6540

chrome.exe 0.01 130 244 K 331 540 K 6504 Google Chrome Google Inc. (Verified) Google Inc

AvastUI.exe 0.01 16 260 K 24 020 K 9108 Avast Antivirus AVAST Software (Verified) AVAST Software s.r.o.

chrome.exe < 0.01 123 916 K 139 412 K 8036 Google Chrome Google Inc. (Verified) Google Inc

csrss.exe < 0.01 1 624 K 3 804 K 84

svchost.exe < 0.01 10 136 K 35 632 K 4456 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

afwServ.exe < 0.01 12 312 K 23 504 K 2444 Avast firewall service AVAST Software (Verified) AVAST Software s.r.o.

svchost.exe < 0.01 33 436 K 50 780 K 1044 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

WmiPrvSE.exe 6 688 K 12 572 K 5656

winlogon.exe 1 940 K 9 312 K 708

wininit.exe 988 K 4 184 K 612

toolserv.exe 1 524 K 116 K 4960

taskhostw.exe 6 980 K 16 340 K 2284 Processo Anfitrião para Tarefas do Windows Microsoft Corporation (Verified) Microsoft Windows

svchost.exe 13 700 K 29 936 K 1116 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 14 188 K 21 860 K 1136 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5 628 K 10 176 K 948 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 9 692 K 22 392 K 876 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5 896 K 16 684 K 2788 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 17 940 K 30 532 K 1252 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 5 260 K 13 672 K 2084 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3 400 K 10 992 K 1564 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 8 728 K 23 876 K 2628 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 13 512 K 24 380 K 1128 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 2 460 K 9 484 K 2004 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 3 988 K 10 368 K 2984 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

svchost.exe 1 624 K 6 104 K 3576 Processo Anfitrião dos Serviços do Windows Microsoft Corporation (Verified) Microsoft Windows Publisher

srvany.exe 688 K 3 448 K 2660

spoolsv.exe 5 404 K 11 056 K 2268 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows

smss.exe 376 K 1 044 K 444

smartscreen.exe 8 632 K 14 924 K 7148 SmartScreen Microsoft Corporation (Verified) Microsoft Windows

SkypeHost.exe Suspended 33 124 K 25 736 K 856 Microsoft Skype Microsoft Corporation (Nenhuma assinatura estava presente no sujeito) Microsoft Corporation

sihost.exe 6 728 K 22 168 K 2280 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows

ShellExperienceHost.exe Suspended 52 268 K 51 608 K 4568 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows

SettingSyncHost.exe 15 740 K 17 224 K 5916 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows

services.exe 3 236 K 7 584 K 752

SearchUI.exe Suspended 56 416 K 54 272 K 4940 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows

SearchIndexer.exe 22 320 K 20 392 K 1868 Indexador do Microsoft Windows Search Microsoft Corporation (Verified) Microsoft Windows

RuntimeBroker.exe 19 620 K 37 476 K 4636 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows

RAVCpl64.exe 4 820 K 11 560 K 6120 Gestor de audio de alta definicao Realtek Realtek Semiconductor (Verified) Realtek Semiconductor Corp

procexp.exe 3 480 K 10 720 K 7036 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation

onenoteim.exe Suspended 60 448 K 60 304 K 6528 OneNote Microsoft Corporation (Verified) Microsoft Corporation

notepad.exe 2 440 K 12 588 K 1420

Memory Compression 496 K 158 176 K 2884

lsass.exe 6 112 K 14 064 K 768 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher

KMService.exe 696 K 3 336 K 2772

InputPersonalization.exe 3 564 K 15 784 K 8920 Servidor de Personalização de Entrada Microsoft Corporation (Verified) Microsoft Windows

fontdrvhost.exe 732 K 2 372 K 6384

ETDTouch.exe 2 264 K 5 716 K 1660

ETDService.exe 948 K 4 536 K 2636 Elan Service ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation

ETDCtrlHelper.exe 2 740 K 7 560 K 4288

ETDCtrl.exe 9 012 K 16 036 K 1480 ETD Control Center ELAN Microelectronics Corp. (Verified) ELAN Microelectronics Corporation

ErrorReport.exe 2 332 K 2 200 K 5520

ErrorReport.exe 2 556 K 1 144 K 5856

ErrorReport.exe 2 532 K 1 892 K 5412

ErrorReport.exe 2 324 K 3 684 K 6084

dasHost.exe 6 508 K 12 972 K 1464

conhost.exe 5 148 K 660 K 6052

conhost.exe 5 132 K 584 K 8648

conhost.exe 5 132 K 576 K 8228

conhost.exe 5 132 K 820 K 9168

chrome.exe 61 968 K 59 868 K 7176 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 147 604 K 58 972 K 7372 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 38 140 K 28 208 K 7400 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 210 452 K 179 960 K 7432 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 5 312 K 8 924 K 6712 Google Chrome Google Inc. (Verified) Google Inc

chrome.exe 5 300 K 9 272 K 4540 Google Chrome Google Inc. (Verified) Google Inc

audiodg.exe 8 668 K 10 880 K 3156

atiesrxx.exe 1 172 K 4 768 K 1824 AMD External Events Service Module AMD (Verified) Microsoft Windows Hardware Compatibility Publisher

atieclxx.exe 2 240 K 8 760 K 1876

AtBroker.exe 1 416 K 4 296 K 4760 Windows Assistive Technology Manager Microsoft Corporation (Verified) Microsoft Windows

AtBroker.exe 2 064 K 10 084 K 3176 Windows Assistive Technology Manager Microsoft Corporation (Verified) Microsoft Windows

AtBroker.exe 1 628 K 5 660 K 480 Windows Assistive Technology Manager Microsoft Corporation (Verified) Microsoft Windows

AtBroker.exe 2 108 K 12 252 K 1636 Windows Assistive Technology Manager Microsoft Corporation (Verified) Microsoft Windows

AtBroker.exe 1 376 K 5 352 K 228 Windows Assistive Technology Manager Microsoft Corporation (Verified) Microsoft Windows

ApplicationFrameHost.exe 6 748 K 19 108 K 6736 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows

#18
RKinner

Posted 20 April 2017 - 11:00 AM

Malware Expert

Expert
24,625 posts

Run FRST. In the search box put:

errorreport.exe;dashost.exe;conhost.exe

click on Search Files. You will get a log. Please post it.

#19
itc1991

Posted 20 April 2017 - 11:36 AM

Member

Topic Starter
Member
24 posts

RogueKiller V12.10.5.0 (x64) [Apr 18 2017] (Free) por Adlice Software

mail : http://www.adlice.com/contact/

Feedback : https://forum.adlice.com

Site : http://www.adlice.co...ad/roguekiller/

Blog : http://www.adlice.com

Sistema Operativo : Windows 10 (10.0.14393) 64 bits version

Iniciou : Modo normal

Utilizador : Ines [Administrador]

Começado de : C:\Users\Ines\Downloads\RogueKillerX64.exe

Modo : Examinar -- Data : 04/20/2017 16:37:36 (Duration : 01:49:57)

¤¤¤ Processos : 1 ¤¤¤

[PUP.Gen0|VT.PUP.Optional.Cherimoya] (SVC) bsdriver -- \??\C:\WINDOWS\system32\drivers\bsdriver.sys[7] -> Encontrado

¤¤¤ Registo : 16 ¤¤¤

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\CalendarTool -> Encontrado

[PUP.Conduit|PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-676550262-2765486237-767571021-1001\Software\Conduit -> Encontrado

[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-676550262-2765486237-767571021-1001\Software\TrustedStart -> Encontrado

[PUP.Conduit|PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-676550262-2765486237-767571021-1001\Software\Conduit -> Encontrado

[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-676550262-2765486237-767571021-1001\Software\TrustedStart -> Encontrado

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD} -> Encontrado

[PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bsdriver -> Encontrado

[PUP.Gen0|PUP.Gen1|VT.W32.HfsAdware.EDFE] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TheCalendarService (C:\Program Files (x86)\CalendarTool\2.0.0.11380\CalendarServ.exe) -> Encontrado

[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{9EA966B9-556F-4354-AF55-D3BE605F6E3D}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Encontrado

[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{807F9233-F000-4831-A56E-6D5D2ADCFBCB}C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\ines\appdata\local\popcorn time\node-webkit\popcorn time.exe|Name=popcorn time.exe|Desc=popcorn time.exe|Defer=User| [x] -> Encontrado

[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{E5CDCA50-71E3-4BBB-B855-B545264477FF}C:\users\ines\appdata\local\popcorn time\nw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\users\ines\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| [x] -> Encontrado

[Suspicious.Path|PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{60633A92-7D04-49CB-BB62-D07F8391F0BA}C:\users\ines\appdata\local\popcorn time\nw.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\users\ines\appdata\local\popcorn time\nw.exe|Name=nw.exe|Desc=nw.exe|Defer=User| [x] -> Encontrado

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {4AFA8EFA-2D8C-4440-846A-610D26BF76CC} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SpringFiles\SpringFiles.exe|Name=SpringFiles| [x] -> Encontrado

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {79F73384-AF36-45C7-BA5F-ECF4061CB9A5} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SpringFiles\SpringFiles.exe|Name=SpringFiles| [x] -> Encontrado

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3EAA71B-E581-46C3-8E4D-E6F1F04B9D66} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\SpringFiles\downloader.exe|Name=SpringFiles| [x] -> Encontrado

[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {D6DA0916-45FA-4AB4-9F74-9C3FFCBAA675} : v2.24|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\SpringFiles\downloader.exe|Name=SpringFiles| [x] -> Encontrado

¤¤¤ Tarefas : 0 ¤¤¤

¤¤¤ Arquivos : 11 ¤¤¤

[PUP.Gen0][Ficheiro] C:\Windows\System32\drivers\bsdriver.sys -> Encontrado

[Adw.NetFilter][Ficheiro] C:\Windows\System32\drivers\cherimoya.sys -> Encontrado

[PUP.Gen1][Pasta] C:\Users\Ines\AppData\Roaming\CalendarTool -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.5_41162\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.5_41202\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.5_41372\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.6_42094\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe -> Encontrado

[Tr.Gen0][Ficheiro] C:\Users\Ines\AppData\Roaming\uTorrent\updates\3.4.9_42606\utorrentie.exe -> Encontrado

[PUP.Gen1][Pasta] C:\Program Files (x86)\CalendarTool -> Encontrado

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Arquivos de hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

¤¤¤ Navegadores : 2 ¤¤¤

[PUM.SearchEngine][Firefox:Config] 3xb7gf3q.default : user_pref("browser.search.selectedEngine", "Google (avast)"); -> Encontrado

[PUM.SearchEngine][Firefox:Config] 3xb7gf3q.default : user_pref("browser.search.defaultenginename", "Google (avast)"); -> Encontrado

¤¤¤ Verificação da MBR : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG MZMTD128HAFV-000 +++++

--- User ---

[MBR] 0f87a2a5f23067145a9780861f5f5589

[BSP] 57b55f5e9cc62e08d659c1a985d4434b : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 121552 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 249145344 | Size: 450 MB

User = LL1 ... OK

User = LL2 ... OK

#20
itc1991

Posted 20 April 2017 - 11:36 AM

Member

Topic Starter
Member
24 posts