Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Kilvynha

Notebook possivelmente infectado?!

Recommended Posts

Bom dia... Acontece o seguinte, de umas semanas pra ca fica aparecendo msgs de erro quando abro algum navegador... Sempre dizendo que um aplicativo nao pode ser executado pois preciso reinstala-lo, nao lembro bem o nome mas é algo assim: program~1\websea~1\sprote~1.dll.

E também sempre que clico em algum link, antes abre umas 2 pop-ups com propaganda, inclusive a pagina inicial é um site de busca chamado Websearch.... E os pop-ups que abrem sempre é de um build num sei o que. Enfim, acredito que tenha algum malware por aqui, ficaria muito grata se puderem me ajudar.

Obrigada

Segue os logs solicitados:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 09/06/2013 23:29:22

System Uptime: 20/06/2013 18:38:31 (1 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | RV411/RV511/E3511/S3511/RV711

Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 1190/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 113 GiB total, 77,646 GiB free.

D: is FIXED (NTFS) - 167 GiB total, 167,305 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Mouse compatível com PS/2

Device ID: ACPI\ETD0B00\4&1B3AD2B5&0

Manufacturer: Microsoft

Name: Mouse compatível com PS/2

PNP Device ID: ACPI\ETD0B00\4&1B3AD2B5&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP9: 18/06/2013 10:28:40 - Windows Update

RP10: 18/06/2013 15:58:35 - Windows Update

RP11: 18/06/2013 18:12:34 - Windows Update

RP12: 18/06/2013 18:26:51 - Windows Update

RP13: 19/06/2013 11:15:30 - Windows Update

RP14: 20/06/2013 09:15:59 - Windows Update

RP15: 20/06/2013 11:06:26 - Installed Samsung Kies

.

==== Installed Programs ======================

.

EVEREST Ultimate Edition v5.50

G Data TotalSecurity 2013

Google Chrome

Google Update Helper

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MyFreeCodec

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.5

TopSecret Biometrics Components

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VIVO INTERNET

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7600.17267

Run by Rebeca at 19:17:32 on 2013-06-20

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.2933.1262 [GMT -3:00]

.

AV: G Data TotalSecurity 2013 *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}

SP: G Data TotalSecurity 2013 *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe

C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Common Files\G Data\AVKProxy\AvkBap64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\mspaint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\vdsldr.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://websearch.homesearch-hub.info/?pid=1091&r=2013/06/11&hid=1934586051&lg=EN&cc=BR&unqvl=20

mWinlogon: Userinit = userinit.exe

BHO: cconntinuetioSave: {4E87F9D6-D7D6-53FA-4F0B-C45789D714AB} - C:\ProgramData\cconntinuetioSave\51b7a175cd048.dll

BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G Data\AVKProxy\BanksafeBHO.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\TotalSecurity\AVKTray\AVKTray.exe

mRun: [TSNxG4Tray] "C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGTray.exe" /system

mRun: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFirewallTray.exe

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 200.222.145.86 200.165.132.148

TCP: Interfaces\{3B828E3F-3BC6-4AAB-B057-2E0C46E9929B} : DHCPNameServer = 200.222.145.86 200.165.132.148

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\websea~1\sprote~1.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 GDBehave;GDBehave;C:\Windows\System32\drivers\GDBehave.sys [2013-6-11 54136]

R0 TS4NT;TS4nt driver;C:\Windows\System32\drivers\TS4nt.sys [2013-6-11 98760]

R1 GDMnIcpt;GDMnIcpt;C:\Windows\System32\drivers\MiniIcpt.sys [2013-6-11 122744]

R1 gdwfpcd;G Data WFP CD;C:\Windows\System32\drivers\gdwfpcd64.sys [2013-6-11 65912]

R1 GRD;G Data Rootkit Detector Driver;C:\Windows\System32\drivers\GRD.sys [2013-6-18 106648]

R1 HookCentre;HookCentre;C:\Windows\System32\drivers\HookCentre.sys [2013-6-11 64376]

R2 AVKProxy;G Data AntiVirus Proxy;C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-6-29 1540632]

R2 AVKService;G Data Scheduler;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKService.exe [2012-1-27 468472]

R2 AVKWCtl;G Data file system monitor;C:\Program Files (x86)\G Data\TotalSecurity\AVK\AVKWCtlX64.exe [2012-6-1 2011056]

R2 GDBackupSvc;G Data Backup Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKBackup\AVKBackupService.exe [2012-7-17 1619480]

R2 TSNxGService;G Data Filesafe Service;C:\Program Files (x86)\G Data\TotalSecurity\TSNxG\TSNxGService.exe [2012-5-24 306216]

R3 GDFwSvc;G Data Personal Firewall;C:\Program Files (x86)\G Data\TotalSecurity\Firewall\GDFwSvcx64.exe [2012-6-4 1766464]

R3 GDPkIcpt;GDPkIcpt;C:\Windows\System32\drivers\PktIcpt.sys [2013-6-11 59768]

R3 GDScan;G Data Scanner;C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-3-29 470008]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]

R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver;C:\Windows\System32\drivers\Rtenic64.sys [2013-6-10 269264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 GDTunerSvc;G Data Tuner Service;C:\Program Files (x86)\G Data\TotalSecurity\AVKTuner\AVKTunerService.exe [2012-5-14 1218552]

S3 StorSvc;Serviço de Armazenamento;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-15 1255736]

.

=============== Created Last 30 ================

.

2013-06-20 14:39:14 -------- d-----w- C:\Users\Rebeca\AppData\Local\Samsung

2013-06-20 14:39:12 -------- d-----w- C:\Users\Rebeca\AppData\Roaming\Samsung

2013-06-20 14:24:17 -------- d-----w- C:\Program Files (x86)\MyFree Codec

2013-06-20 14:08:58 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2013-06-20 14:08:45 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2013-06-20 14:07:56 -------- d-----w- C:\ProgramData\Samsung

2013-06-20 14:07:56 -------- d-----w- C:\Program Files (x86)\Samsung

2013-06-18 18:53:28 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D450EE6E-7555-4049-860B-E84A77AD781D}\mpengine.dll

2013-06-18 14:38:48 16504 ----a-w- C:\Windows\System32\drivers\GdPhyMem.sys

2013-06-18 14:38:46 106648 ----a-w- C:\Windows\System32\drivers\GRD.sys

2013-06-17 02:20:09 -------- d-----w- C:\Windows\System32\EventProviders

2013-06-15 14:43:27 -------- d-----w- C:\Windows\SysWow64\Wat

2013-06-15 14:43:26 -------- d-----w- C:\Windows\System32\Wat

2013-06-14 14:07:40 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2013-06-14 14:07:40 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2013-06-14 13:51:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2013-06-14 13:51:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2013-06-14 13:46:35 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-06-14 13:46:35 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-06-14 13:46:35 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-06-14 13:46:35 2560 ----a-w- C:\Windows\System32\drivers\pt-BR\wdf01000.sys.mui

2013-06-14 13:29:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-06-14 13:29:22 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-06-14 13:29:16 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-06-14 13:29:16 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-06-14 13:27:17 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-06-14 13:27:17 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-06-14 13:27:16 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-06-14 13:27:16 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-06-14 13:27:15 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-06-14 13:27:15 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-06-14 13:27:15 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-06-14 13:21:34 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2013-06-14 13:21:34 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-06-14 13:21:34 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-06-14 13:21:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-06-14 13:21:33 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-06-14 13:18:28 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-06-14 13:18:28 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2013-06-14 02:32:28 -------- d-----r- C:\Program Files (x86)\Skype

2013-06-13 20:51:35 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-06-13 20:51:35 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-06-13 20:51:35 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-06-13 20:51:35 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-06-13 20:51:34 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-06-13 20:51:34 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-06-13 20:51:34 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-06-13 20:51:34 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-06-13 20:51:34 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-06-13 20:51:34 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-06-12 13:36:47 -------- d-----w- C:\Intel

2013-06-12 12:53:12 1114972 ----a-w- C:\Windows\SysWow64\sig.bin

2013-06-11 22:52:56 98760 ----a-w- C:\Windows\System32\drivers\TS4nt.sys

2013-06-11 22:52:29 64376 ----a-w- C:\Windows\System32\drivers\HookCentre.sys

2013-06-11 22:52:28 54136 ----a-w- C:\Windows\System32\drivers\GDBehave.sys

2013-06-11 22:52:28 122744 ----a-w- C:\Windows\System32\drivers\MiniIcpt.sys

2013-06-11 22:52:27 65912 ----a-w- C:\Windows\System32\drivers\gdwfpcd64.sys

2013-06-11 22:52:04 -------- d-----w- C:\ProgramData\G DATA Software

2013-06-11 21:28:28 -------- d-----w- C:\ProgramData\StarApp

2013-06-11 21:28:28 -------- d-----w- C:\ProgramData\SearchNewTab

2013-06-11 21:28:12 -------- d-----w- C:\Program Files (x86)\ContinueToSave

2013-06-11 21:28:03 -------- d-----w- C:\ProgramData\cconntinuetioSave

2013-06-11 21:27:26 -------- d-----w- C:\ProgramData\InstallMate

2013-06-11 21:17:28 -------- d-----w- C:\Windows\System32\appmgmt

2013-06-11 21:12:33 -------- d-----w- C:\Program Files (x86)\G DATA Software

2013-06-11 20:57:23 -------- d-----w- C:\ProgramData\Tarma Installer

2013-06-11 20:57:16 -------- d-----w- C:\Users\Rebeca\AppData\Roaming\ExpressFiles

2013-06-11 13:37:34 -------- d-----w- C:\Windows\SysWow64\BioAPIFFDB

2013-06-11 13:37:27 59768 ----a-w- C:\Windows\System32\drivers\PktIcpt.sys

2013-06-11 13:36:43 -------- d-----w- C:\ProgramData\G DATA

2013-06-11 13:36:43 -------- d-----w- C:\Program Files (x86)\G Data

2013-06-11 13:36:43 -------- d-----w- C:\Program Files (x86)\Common Files\G Data

2013-06-11 13:33:23 142336 ----a-w- C:\Windows\System32\poqexec.exe

2013-06-11 13:33:23 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe

2013-06-11 13:33:21 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2013-06-11 13:33:21 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-06-11 13:33:21 158208 ----a-w- C:\Windows\System32\aaclient.dll

2013-06-11 13:33:21 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-06-11 13:33:20 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-06-11 13:33:20 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-06-11 13:33:05 2870272 ----a-w- C:\Windows\explorer.exe

2013-06-11 13:33:04 2614784 ----a-w- C:\Windows\SysWow64\explorer.exe

2013-06-11 13:33:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-06-11 13:33:02 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-06-11 13:32:51 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2013-06-11 13:32:50 850432 ----a-w- C:\Windows\SysWow64\sbe.dll

2013-06-11 13:32:50 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2013-06-11 13:32:50 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2013-06-11 13:32:50 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2013-06-11 13:32:50 1118720 ----a-w- C:\Windows\System32\sbe.dll

2013-06-11 13:32:49 148992 ----a-w- C:\Windows\System32\t2embed.dll

2013-06-11 13:32:49 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2013-06-11 13:30:58 2228224 ----a-w- C:\Windows\System32\mssrch.dll

2013-06-11 13:29:05 2080256 ----a-w- C:\Program Files\Windows Mail\msoe.dll

2013-06-11 13:29:05 1619968 ----a-w- C:\Program Files (x86)\Windows Mail\msoe.dll

2013-06-11 13:29:04 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-06-11 13:27:44 662528 ----a-w- C:\Windows\System32\XpsPrint.dll

2013-06-11 13:27:44 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2013-06-11 13:27:27 389632 ----a-w- C:\Windows\System32\winlogon.exe

2013-06-11 13:27:21 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2013-06-11 13:27:21 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2013-06-11 13:27:20 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2013-06-11 13:27:20 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2013-06-11 13:25:57 4068864 ----a-w- C:\Windows\System32\mf.dll

2013-06-11 13:24:41 2001408 ----a-w- C:\Windows\System32\msxml6.dll

2013-06-11 13:24:41 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2013-06-11 13:24:41 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-06-11 13:24:41 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-06-11 13:24:29 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2013-06-11 13:24:28 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2013-06-11 13:24:27 208896 ----a-w- C:\Windows\System32\profsvc.dll

2013-06-11 13:24:26 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2013-06-11 13:24:26 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2013-06-11 13:24:26 182272 ----a-w- C:\Windows\System32\dnsrslvr.dll

2013-06-11 13:22:53 801280 ----a-w- C:\Windows\System32\usp10.dll

2013-06-11 13:21:31 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2013-06-11 13:20:02 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe

2013-06-11 13:20:02 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe

2013-06-11 13:20:02 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll

2013-06-11 13:20:00 499200 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-06-11 13:19:57 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-06-11 13:19:56 714752 ----a-w- C:\Windows\System32\kerberos.dll

2013-06-11 13:19:56 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll

2013-06-11 13:19:54 3213824 ----a-w- C:\Windows\System32\msi.dll

2013-06-11 13:19:53 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2013-06-11 13:15:53 609792 ----a-w- C:\Windows\System32\vbscript.dll

2013-06-11 13:15:53 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-06-11 13:14:44 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-06-11 13:14:44 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-06-11 13:14:43 640896 ----a-w- C:\Windows\System32\winload.efi

2013-06-11 13:14:43 603976 ----a-w- C:\Windows\System32\winload.exe

2013-06-11 13:14:43 556928 ----a-w- C:\Windows\System32\winresume.efi

2013-06-11 13:14:43 518160 ----a-w- C:\Windows\System32\winresume.exe

2013-06-11 13:14:43 20352 ----a-w- C:\Windows\System32\kdusb.dll

2013-06-11 13:14:43 19328 ----a-w- C:\Windows\System32\kd1394.dll

2013-06-11 13:14:43 17792 ----a-w- C:\Windows\System32\kdcom.dll

2013-06-11 13:04:59 46592 ----a-w- C:\Windows\System32\msasn1.dll

2013-06-11 13:03:53 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe

2013-06-11 13:02:59 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-06-11 13:01:58 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2013-06-11 13:01:58 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-06-11 13:01:46 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2013-06-11 13:01:46 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2013-06-11 13:01:39 67584 ----a-w- C:\Windows\splwow64.exe

2013-06-11 13:01:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-06-11 13:01:06 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-06-11 13:01:06 1462784 ----a-w- C:\Windows\System32\crypt32.dll

2013-06-11 13:01:06 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2013-06-11 13:01:06 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-06-11 13:01:06 1157632 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-06-11 13:01:06 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-06-11 12:44:50 77312 ----a-w- C:\Windows\System32\packager.dll

2013-06-11 12:44:50 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-06-11 12:39:59 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-06-11 12:35:05 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-06-11 12:35:05 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-06-11 12:35:05 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-06-11 12:34:55 139264 ----a-w- C:\Windows\System32\cabview.dll

2013-06-11 12:34:55 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2013-06-11 01:52:29 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-06-11 01:17:00 -------- d-sh--w- C:\Windows\Installer

2013-06-11 01:12:32 -------- d-----w- C:\Users\Rebeca\AppData\Local\Google

2013-06-11 01:12:16 -------- d-----w- C:\Users\Rebeca\AppData\Local\Deployment

2013-06-11 01:12:16 -------- d-----w- C:\Users\Rebeca\AppData\Local\Apps

2013-06-11 00:05:44 95544 ----a-w- C:\Windows\System32\bcmwlcoi.dll

2013-06-11 00:05:43 4745280 ----a-w- C:\Windows\System32\drivers\BCMWL664.SYS

2013-06-11 00:05:39 3617280 ----a-w- C:\Windows\System32\bcmihvui64.dll

2013-06-11 00:05:37 3952128 ----a-w- C:\Windows\System32\bcmihvsrv64.dll

2013-06-10 23:36:57 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-06-10 23:36:57 269264 ----a-w- C:\Windows\System32\drivers\Rtenic64.sys

2013-06-10 23:36:57 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-06-10 22:37:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-06-10 22:36:55 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-06-10 22:36:48 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-06-10 22:36:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-06-10 22:20:59 -------- d-----w- C:\Program Files (x86)\Lavalys

2013-06-10 22:11:32 691712 ----a-w- C:\Windows\System32\drivers\mod7700.sys

2013-06-10 22:11:32 29696 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys

2013-06-10 22:11:32 132608 ----a-w- C:\Windows\System32\drivers\ewusbnet.sys

2013-06-10 22:11:32 116864 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys

2013-06-10 22:11:32 116224 ----a-w- C:\Windows\System32\drivers\ewusbfake.sys

2013-06-10 22:11:24 -------- d-----w- C:\Program Files (x86)\VIVO INTERNET

2013-06-10 02:16:59 -------- d-----w- C:\Windows\Panther

.

==================== Find3M ====================

.

.

============= FINISH: 19:18:41,37 ===============

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-06-20 20:12:55

Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10002 298,09GB

Running: 7m21niz7.exe; Driver: C:\Users\Rebeca\AppData\Local\Temp\pwdiqpow.sys

---- User code sections - GMER 2.1 ----

? C:\Windows\system32\mssprxy.dll [3448] entry point in ".rdata" section 0000000066e571e6

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

? C:\Windows\system32\mssprxy.dll [3456] entry point in ".rdata" section 0000000066e571e6

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x567a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x567a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x5679a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x567928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x567b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x567b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x567ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x567aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x567868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x5678a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x567828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x5679e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x567968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x5678e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x66f228; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x66f268; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x66f1a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x66f128; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x66f328; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x66f368; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x66f2e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x66f2a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x66f068; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x66f0a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x66f028; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x66f1e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x66f168; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x66f0e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4368] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x3b1a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x3b1a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x3b19a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x3b1928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x3b1b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x3b1b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x3b1ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x3b1aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x3b1868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x3b18a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x3b1828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x3b19e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x3b1968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x3b18e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x3a5a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x3a5a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x3a59a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x3a5928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x3a5b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x3a5b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x3a5ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x3a5aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x3a5868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x3a58a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x3a5828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x3a59e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x3a5968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x3a58e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0xe58228; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0xe58268; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0xe581a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0xe58128; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0xe58328; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0xe58368; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0xe582e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0xe582a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0xe58068; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0xe580a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0xe58028; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0xe581e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0xe58168; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0xe580e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x4dfa28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x4dfa68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x4df9a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x4df928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x4dfb28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x4dfb68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x4dfae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x4dfaa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x4df868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x4df8a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x4df828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x4df9e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x4df968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x4df8e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077e4f941 7 bytes {MOV EDX, 0x1d2228; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077e4fb85 7 bytes {MOV EDX, 0x1d2268; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077e4fbb5 7 bytes {MOV EDX, 0x1d21a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077e4fbcd 7 bytes {MOV EDX, 0x1d2128; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077e4fbe5 7 bytes {MOV EDX, 0x1d2328; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077e4fc15 7 bytes {MOV EDX, 0x1d2368; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077e4fc95 7 bytes {MOV EDX, 0x1d22e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077e4fcad 7 bytes {MOV EDX, 0x1d22a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077e4fcf9 7 bytes {MOV EDX, 0x1d2068; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077e4fdf1 7 bytes {MOV EDX, 0x1d20a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077e50049 7 bytes {MOV EDX, 0x1d2028; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077e51055 7 bytes {MOV EDX, 0x1d21e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077e510cd 7 bytes {MOV EDX, 0x1d2168; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077e512d1 7 bytes {MOV EDX, 0x1d20e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759f1465 2 bytes [9F, 75]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759f14bb 2 bytes [9F, 75]

.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f64247f

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\b4749f64247f@b0358d056c15 0x17 0xAA 0xE4 0x99 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f64247f (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\b4749f64247f@b0358d056c15 0x17 0xAA 0xE4 0x99 ...

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara Kilvynha

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei exexutar o combofix.... Ele instala e roda, só que quando tá naquela tela azul indicando que esta fazendo o scanneamento, ele completa ate a etapa 4 e pronto, nao sai daí. Ja fiquei de 2 horas esperando a etapa 5( se é que existe) e nao sai daquilo e nem origina um log.

O que posso ter feito de errado ou existe outro programa que eu possa usar??

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×