HOLA AHI ESTA EL FIXLOG. ¿y ahora que? PD en internet hay paginas que me dicen que use un programa para intentar recuperar archivos encriptados, me los descargo y los uso?
Esos programas son falsos u lo mas seguro muchos sean malware…
El que nos dice si hay alguno válido es el de id rasonware.
Esto es lo que te salio… si ya probaste y no funciono,no hay nada que hacer
Prueba el pc y comenta como funciona
es que no probe nada, acabo de bajarme el stop aunque ahora con otro nombre y me sale un informe (que era el txt que no podía grabar, aunque lo solucione) y solo me salen archivos en c que no me importan mucho, pero los de mis discos D; y H; no sale ninguno, como puedo recuperar esos?
hola ¿que te parece el Data Recovery Pro para intentar recuperar los archivos encriptados?¿ es limpio o es Malware?
Creo que sigues sin comprender el problema que has tenido o tienes.
ese programa que mencionas ,sirve para recuperar archivos borrados por error o discos duros que han sido estropeados para recuperar su información.
los archivos encriptados por ransomware lo único que puede recuperar los es alguna herramienta específica como la que te muestra id rasonware.
pero esas herramientas están muy limitadas y los últimos versiones de rasonware ,que son casi imposibles de descifrar,por lo que si con la herramienta del link que te proporcionan no consigues descifrarlos no lo podrás hacer con nada.
si no tienes copia de esos archivos en algún medio extraíble que estuviesen en condiciones , no podrás recuperar los archivos que han sido encriptados.
hay que una buena protección sumada a copias de seguridad permanente en medios extraíbles que son la única alternativa a estas infecciones
entonces tengo que instalar el STOP y luego ejecutarlo? es lo que me recomendaba el id Ransoware, pero no se que hacer despues
Al ejecutar la herramienta ya mismo te va diciendo lo que tienes que hacer.
en este tema tienes los cuatro pasos fundamentales de este tipo de herramientas…
Ejecutar, aceptar, seleccionar las carpetas o ubicación de los archivos encriptados y darle a desencriptar
hola he visto en otro hilo que hay gente que tiene el mismo problema y esta intentándolo, incluso ha pagado el rescate El stop hay ficheros que no son recuperables y otros si, ¿Qué hago con los resultados?
el mensaje que me sale en ID ransomware es;
Result
STOP (Djvu)
Este ransomware puede ser desencriptable en determinadas circunstancias.
Por favor, consulte la guía apropiada para obtener más información.
Identificado por
- sample_extension : .kuub
- sample_bytes : [0x3D5D - 0x3D77] 0x7B33364136393842392D443637432D344530372D424538322D3045433542313442344446357D
Haga clic aquí para obtener más información acerca de STOP (Djvu)
me baje el emsisoft y esta desencriptando algunos da error y otros si que puede desencriptarlos
¿pruebo con los otros o me espero a que alguien de con la desencriptación de todos?
Lo de pagar no se debería hacer porque no está segura recibe la clave.
ahora bien si la información es tan importante si quieres arriesgarte eso ya es cosa tuya.
El stop si puede descifrar algunos,pues te los recuperará y los que no pueda,lo mas que puedes es guardarlos por si en un futuro puedan, aunque es poco probable.
Comentas si has podido recuperar algunos y como va el pc
hola el que pago recibió una key, me servirá a mi o las keys son especificas de cada TONTO como YO que cayo?
Son específicas para cada usuario…son generadas por el malware y son todas diferentes… La posibilidad de que a ti te servirá seria un milagro…aunque se repita alguna
HOLA Tengo otro problema, creo que tengo el virus explorer.exe sin eliminar, pues cada cierto tiempo me sale un mensaje de que explorer.exe no se puede ejecutar. ¿Como lo localizo y lo elimino?.
Me pegas los logs
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
main: v2019.10.24.08
rootkit: v2019.10.24.08
Windows 10 x64 NTFS
Internet Explorer 11.950.17134.0
enike :: LAPTOP-2K7O7TJC [administrator]
24/10/2019 17:57:31
mbar-log-2019-10-24 (17-57-31).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 202333
Time elapsed: 7 minute(s), 15 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Inlog Optimizer 3.1 (Trojan.FakeTool.E) -> Delete on reboot. [a721cc976662181e1517d00230d0619f]
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIFISERVICE (Trojan.Agent) -> Delete on reboot. [10b81053b6129a9cb2d108e1ef11b24e]
Registry Values Detected: 1
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIFIService|ImagePath (Trojan.Agent) -> Data: C:\ProgramData\WIFIService\WIFIService.exe -> Delete on reboot. [10b81053b6129a9cb2d108e1ef11b24e]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.950.17134.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 17139793920, free: 7264256000
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.950.17134.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 17139793920, free: 7236718592
Driver version: 4.3.0.15
------------ Kernel report ------------
10/06/2019 14:41:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\hpdskflt.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\Accelerometer.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\IntelDFUACPI.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
\SystemRoot\System32\drivers\ssdevfactory.sys
\SystemRoot\System32\drivers\RealSenseDCMBus.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_dumpstorport.sys
\SystemRoot\System32\Drivers\dump_stornvme.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\??\C:\WINDOWS\system32\drivers\hitmanpro37.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wd\WdNisDrv.sys
\??\C:\Users\enike\AppData\Local\Temp\749C08B7-86CA0E04-BC472F0-E263EB64\3caa9d6e0.sys
\??\C:\Users\enike\AppData\Local\Temp\3cd483753.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\system32\DRIVERS\RealSenseDcmDynamicDriver.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\436C5373.sys
----------- End -----------
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.950.17134.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 17139793920, free: 8402182144
Downloaded database version: v2019.10.24.08
Downloaded database version: v2019.10.24.08
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
10/24/2019 17:57:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\hpdskflt.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bam.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\Accelerometer.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\IntelDFUACPI.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
\SystemRoot\System32\drivers\ssdevfactory.sys
\SystemRoot\System32\drivers\RealSenseDCMBus.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_dumpstorport.sys
\SystemRoot\System32\Drivers\dump_stornvme.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wd\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\amsdk.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\system32\DRIVERS\RealSenseDcmDynamicDriver.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\33D6E239.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2019.10.24.08
rootkit: v2019.10.24.08
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffcb0dcf47a590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffcb0dd23939d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcb0dcf47a590, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffcb0dd1b40610, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffcb0dd1559060, DeviceName: \Device\0000003e\, DriverName: \Driver\stornvme\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 82165C24
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 701008679
GPT Header CurrentLba = 1 BackupLba 500118191
GPT Header FirstUsableLba 34 LastUsableLba 500118158
GPT Header Guid 234627e6-cea9-4ddd-ac23-f8e1ae6ad31b
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 701008679
Backup GPT header CurrentLba = 500118191 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 500118158
Backup GPT header Guid 234627e6-cea9-4ddd-ac23-f8e1ae6ad31b
Backup GPT header Contains 128 partition entries starting at LBA 500118159
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 263c4778-2e8e-48c9-ae27-7f1dcb8c88c
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a2dd3e6-e04d-4a69-8eab-f2243fecced
FirstLBA 534528 Last LBA 567295
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID fb9e2ca-7007-4782-b87d-e64af890c95c
FirstLBA 567296 Last LBA 496545863
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e7fec484-f968-441e-875b-de736c3a8e60
FirstLBA 496547840 Last LBA 500107263
Attributes 1
Partition Name
Disk Size: 256060514304 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffcb0dcf477590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffcb0dd2393360, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcb0dcf477590, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffcb0dd14841e0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffcb0dcf47dc70, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffcb0dcf5f5380, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F37ECA01
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1177854153
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 6a2df089-3d53-4062-823e-325f31e56219
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1177854153
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 6a2df089-3d53-4062-823e-325f31e56219
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 71fa7aa2-24e9-4d5f-af40-295d23b75588
FirstLBA 2048 Last LBA 1927704575
Attributes 0
Partition Name Basic data partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 60b4ce4-96eb-479a-8c6b-8e6da458f519
FirstLBA 1927704576 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffcb0dd65fb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffcb0dd6461040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffcb0dd65fb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffcb0dd6462b10, DeviceName: \Device\00000051\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 16F2A91F
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2888766464
GPT Header CurrentLba = 1 BackupLba 5860466687
GPT Header FirstUsableLba 34 LastUsableLba 5860466654
GPT Header Guid e35d39cd-5047-43a6-9d2d-4b56d2bddd
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2888766464
Backup GPT header CurrentLba = 5860466687 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 5860466654
Backup GPT header Guid e35d39cd-5047-43a6-9d2d-4b56d2bddd
Backup GPT header Contains 128 partition entries starting at LBA 5860466655
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 370a013d-9b3d-4765-9892-88a773ed7afa
FirstLBA 2048 Last LBA 5860464639
Attributes 0
Partition Name Elements
Disk Size: 3000558944256 bytes
Sector size: 512 bytes
Done!
File "C:\Users\enike\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Inlog Optimizer 3.1 --> [Trojan.FakeTool.E]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIFIService|ImagePath --> [Trojan.Agent]
Infected: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WIFISERVICE --> [Trojan.Agent]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.950.17134.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, H:\ DRIVE_FIXED
CPU speed: 2.592000 GHz
Memory total: 17139793920, free: 11496980480
Downloaded database version: v2019.10.24.08
Downloaded database version: v2019.10.24.08
Downloaded database version: v2018.01.20.01
=======================================
Initializing...
Driver version: 4.3.0.15
------------ Kernel report ------------
10/24/2019 18:21:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\WppRecorder.sys
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\system32\drivers\SgrmAgent.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\tpm.sys
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\stornvme.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\wd\WdFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\hpdskflt.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afunix.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\bam.sys
\??\C:\WINDOWS\system32\drivers\amsdk.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_bcb89b3386563bd7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CAD.sys
\SystemRoot\System32\DriverStore\FileRepository\nvhmi.inf_amd64_35284c26eeac82cf\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\system32\DRIVERS\Netwtw04.sys
\SystemRoot\system32\DRIVERS\wdiwifi.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\Accelerometer.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\IntelDFUACPI.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\dtliteusbbus.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_ea7b19c04e7a8136\swenum.sys
\SystemRoot\System32\drivers\ssdevfactory.sys
\SystemRoot\System32\drivers\RealSenseDCMBus.sys
\SystemRoot\System32\drivers\dtlitescsibus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\drivers\WinUSB.SYS
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\system32\DRIVERS\ibtusb.sys
\SystemRoot\System32\drivers\BTHUSB.sys
\SystemRoot\System32\drivers\bthport.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_dumpstorport.sys
\SystemRoot\System32\Drivers\dump_stornvme.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\cldflt.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\drivers\rassstp.sys
\SystemRoot\System32\DRIVERS\NDProxy.sys
\SystemRoot\System32\drivers\AgileVpn.sys
\SystemRoot\System32\drivers\rasl2tp.sys
\SystemRoot\System32\drivers\raspptp.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\drivers\ndiswan.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\drivers\wd\WdNisDrv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\RealSenseDcmDynamicDriver.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\4734A6FF.sys
----------- End -----------
Done!
Scan started
Database versions:
main: v2019.10.24.08
rootkit: v2019.10.24.08
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe50f055e5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50f055e3680, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50f055e5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffe50f06de2610, DeviceName: Unknown, DriverName: \Driver\EhStorClass\
DevicePointer: 0xffffe50f055d5060, DeviceName: \Device\0000003e\, DriverName: \Driver\stornvme\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 82165C24
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 701008679
GPT Header CurrentLba = 1 BackupLba 500118191
GPT Header FirstUsableLba 34 LastUsableLba 500118158
GPT Header Guid 234627e6-cea9-4ddd-ac23-f8e1ae6ad31b
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 701008679
Backup GPT header CurrentLba = 500118191 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 500118158
Backup GPT header Guid 234627e6-cea9-4ddd-ac23-f8e1ae6ad31b
Backup GPT header Contains 128 partition entries starting at LBA 500118159
Backup GPT header Partition entry size = 128
Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 263c4778-2e8e-48c9-ae27-7f1dcb8c88c
FirstLBA 2048 Last LBA 534527
Attributes 0
Partition Name EFI system partition
GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID a2dd3e6-e04d-4a69-8eab-f2243fecced
FirstLBA 534528 Last LBA 567295
Attributes 0
Partition Name Microsoft reserved partition
Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID fb9e2ca-7007-4782-b87d-e64af890c95c
FirstLBA 567296 Last LBA 496545863
Attributes 0
Partition Name Basic data partition
Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID e7fec484-f968-441e-875b-de736c3a8e60
FirstLBA 496547840 Last LBA 500107263
Attributes 1
Partition Name
Disk Size: 256060514304 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe50f055db060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50f046749d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50f055db060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffe50f055eb7c0, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xffffe50f055dce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe50f047f7380, DeviceName: \Device\0000003f\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: F37ECA01
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 1177854153
GPT Header CurrentLba = 1 BackupLba 1953525167
GPT Header FirstUsableLba 34 LastUsableLba 1953525134
GPT Header Guid 6a2df089-3d53-4062-823e-325f31e56219
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 1177854153
Backup GPT header CurrentLba = 1953525167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1953525134
Backup GPT header Guid 6a2df089-3d53-4062-823e-325f31e56219
Backup GPT header Contains 128 partition entries starting at LBA 1953525135
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 71fa7aa2-24e9-4d5f-af40-295d23b75588
FirstLBA 2048 Last LBA 1927704575
Attributes 0
Partition Name Basic data partition
Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 60b4ce4-96eb-479a-8c6b-8e6da458f519
FirstLBA 1927704576 Last LBA 1953523711
Attributes 1
Partition Name Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe50f0b7bb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50f0b7bc040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50f0b7bb060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffe50f0b7bd640, DeviceName: \Device\00000051\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 16F2A91F
GPT Protective MBR Partition information:
Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
GPT Partition information:
GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2888766464
GPT Header CurrentLba = 1 BackupLba 5860466687
GPT Header FirstUsableLba 34 LastUsableLba 5860466654
GPT Header Guid e35d39cd-5047-43a6-9d2d-4b56d2bddd
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128
Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2888766464
Backup GPT header CurrentLba = 5860466687 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 5860466654
Backup GPT header Guid e35d39cd-5047-43a6-9d2d-4b56d2bddd
Backup GPT header Contains 128 partition entries starting at LBA 5860466655
Backup GPT header Partition entry size = 128
Partition 0 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 370a013d-9b3d-4765-9892-88a773ed7afa
FirstLBA 2048 Last LBA 5860464639
Attributes 0
Partition Name Elements
Disk Size: 3000558944256 bytes
Sector size: 512 bytes
Done!
File "C:\Users\enike\AppData\Local\Comms\UnistoreDB\store.vol" is sparse (flags = 32768)
Scan finished
=======================================
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finishedComo funciona el pc ahora?