Ir ao conteúdo
  • Cadastre-se
Leandro Pieroni

Vírus banker. Banco do Brasil. Reincidência.

Recommended Posts

Caros Analistas,

Meu pc foi infectado por vírus que ataca o site do Banco do Brasil, redirecionando o endereço www.bb.com.br para site fake, onde são solicitadas todas as senhas e número de telefone. Neste momento nem mesmo o site fake abre, porém também não consigo mais acessar o site do BB, o qual é necessário ao meu trabalho, evitando a necessidade de ir diariamente ao banco. Formatei a máquina toda. Estava funfando legal, entrando no site beleza. Instalei apenas programas básicos (windows, office, adobe...) e mesmo assim o vírus se reproduziu de novo. Talvez um HIV virtual que não respeita vacinas. Desta forma, posto abaixo todos os logs necessários a análise, de acordo com os procedimentos do Forum. Os logs também estão em anexo.

Agradeço a atenção desde já.

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2

Run by Leandro Pieroni at 16:50:22 on 2013-08-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1033.18.8140.5240 [GMT -3:00]

.

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\ArcGIS\License10.1\bin\ARCGIS.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll

mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1263.cab

TCP: NameServer = 201.10.128.2 201.10.1.2 8.8.8.8

TCP: Interfaces\{1E2AC89F-DFC2-4B10-B63E-351DA374229C} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{2F83CDBA-D4C8-4EFD-B66D-0F57A2D6FC2C} : NameServer = 201.10.128.2,8.8.4.4

TCP: Interfaces\{2F83CDBA-D4C8-4EFD-B66D-0F57A2D6FC2C} : DHCPNameServer = 201.10.128.2 201.10.1.2 8.8.8.8

TCP: Interfaces\{2F83CDBA-D4C8-4EFD-B66D-0F57A2D6FC2C}\C696E6B6379737 : DHCPNameServer = 10.1.1.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-8-16 45856]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-8-16 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-10-1 204288]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-31 1166848]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.1\bin\lmgrd.exe [2012-1-5 1408904]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-8-16 409640]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-16 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-8-16 2413056]

R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-19 1643184]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-8-9 12289472]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-8-16 91648]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-8-16 208896]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-1-12 338536]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-16 428136]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]

S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2013-8-16 16152]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-16 1255736]

.

=============== Created Last 30 ================

.

2013-08-22 19:09:38 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\ElevatedDiagnostics

2013-08-22 18:50:32 -------- d-sh--w- C:\$RECYCLE.BIN

2013-08-22 18:38:12 -------- d-----w- C:\ComboFix

2013-08-22 18:12:58 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\br.com.iba.magazinesdesktop

2013-08-22 18:01:53 -------- d-----w- C:\Program Files\CCleaner

2013-08-22 17:20:14 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-08-22 17:20:14 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB458A7D-B463-4529-8648-476407F90B54}\gapaengine.dll

2013-08-22 17:19:58 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B12455E-DBC2-4FB5-B863-9B5ADE6DF5AA}\mpengine.dll

2013-08-22 14:05:31 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-08-22 13:57:22 208896 ----a-w- C:\Windows\MBR.exe

2013-08-22 13:57:21 98816 ----a-w- C:\Windows\sed.exe

2013-08-22 13:57:21 256000 ----a-w- C:\Windows\PEV.exe

2013-08-22 13:43:49 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\Malwarebytes

2013-08-22 13:43:32 -------- d-----w- C:\ProgramData\Malwarebytes

2013-08-22 13:43:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-08-22 13:43:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-22 13:36:08 -------- d-----w- C:\LinhaDefensiva

2013-08-22 13:09:44 -------- d-----w- C:\Program Files (x86)\ESRI

2013-08-22 12:56:52 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-22 12:56:51 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-22 12:56:51 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-22 12:56:50 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-22 12:56:50 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-22 12:56:50 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-22 12:56:49 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-22 12:56:48 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-22 12:56:47 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-22 12:56:47 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-22 12:56:47 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-22 12:55:48 -------- d-----w- C:\Program Files (x86)\ESET

2013-08-22 12:19:17 -------- d-----w- C:\Windows\AutoKMS

2013-08-20 13:23:13 -------- d-----w- C:\ProgramData\Microsoft Toolkit

2013-08-19 14:09:29 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

2013-08-19 14:05:51 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant

2013-08-19 12:33:13 -------- d-----w- C:\Program Files (x86)\Common Files\HP

2013-08-19 12:33:11 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard

2013-08-19 12:31:07 859136 ----a-w- C:\Windows\System32\hpowiax4.dll

2013-08-19 12:31:07 540672 ----a-w- C:\Windows\System32\hppldcoi.dll

2013-08-19 12:31:06 729088 ----a-w- C:\Windows\System32\hpotscl4.dll

2013-08-19 12:31:06 488960 ----a-w- C:\Windows\System32\hpovst11.dll

2013-08-19 12:07:49 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp4v2.dll

2013-08-19 12:07:39 134144 ----a-w- C:\Windows\System32\hpzll4v2.dll

2013-08-19 02:52:17 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-08-18 14:20:03 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Adobe

2013-08-17 15:09:16 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\ESRI

2013-08-17 15:09:15 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\ESRI

2013-08-17 15:03:14 -------- d-----w- C:\ProgramData\FNP

2013-08-17 14:58:09 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared

2013-08-17 14:52:43 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 4.0

2013-08-17 14:49:57 -------- d-----w- C:\Python27

2013-08-17 14:49:56 -------- d-----w- C:\Program Files (x86)\Common Files\Data Dynamics

2013-08-17 14:49:47 -------- d-----w- C:\Program Files (x86)\Common Files\Tom Sawyer Software

2013-08-17 14:49:47 -------- d-----w- C:\Program Files (x86)\Common Files\ArcGIS

2013-08-17 14:49:24 -------- d-----w- C:\Program Files (x86)\ArcGIS

2013-08-17 12:51:18 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\pdfforge

2013-08-17 12:51:15 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2013-08-17 12:51:14 662288 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX

2013-08-17 12:51:14 110264 ----a-w- C:\Windows\System32\pdfcmon.dll

2013-08-17 12:51:14 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2013-08-17 12:51:13 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2013-08-17 12:51:13 -------- d-----w- C:\Program Files (x86)\PDFCreator

2013-08-17 12:22:17 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Microsoft Help

2013-08-17 02:40:18 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-08-17 02:40:17 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-08-17 02:40:13 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-08-16 21:47:50 -------- d-----w- C:\ProgramData\boost_interprocess

2013-08-16 21:43:02 49536 ----a-w- C:\Windows\SysWow64\drivers\gbpkm.sys

2013-08-16 21:43:02 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-08-16 21:42:37 -------- d-----w- C:\ProgramData\GbPlugin

2013-08-16 21:42:37 -------- d-----w- C:\Program Files (x86)\GbPlugin

2013-08-16 21:41:40 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\GAS Tecnologia

2013-08-16 21:41:40 -------- d-----w- C:\ProgramData\GAS Tecnologia

2013-08-16 21:41:38 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Programs

2013-08-16 20:45:53 902656 ----a-w- C:\Windows\System32\d2d1.dll

2013-08-16 20:45:53 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-08-16 20:45:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2013-08-16 19:33:42 -------- d-----w- C:\Windows\SysWow64\Wat

2013-08-16 19:33:42 -------- d-----w- C:\Windows\System32\Wat

2013-08-16 19:02:20 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-08-16 19:02:20 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-08-16 19:02:20 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-08-16 19:02:20 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui

2013-08-16 18:47:21 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll

2013-08-16 18:47:21 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-08-16 18:47:21 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-08-16 18:47:21 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-08-16 18:47:21 100864 ----a-w- C:\Windows\System32\fontsub.dll

2013-08-16 18:47:20 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-08-16 18:46:39 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-08-16 18:46:39 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-08-16 18:46:39 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-08-16 18:46:39 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-08-16 18:46:38 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-08-16 18:46:38 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-08-16 18:46:38 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-08-16 18:43:36 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2013-08-16 18:43:36 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-08-16 18:43:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-08-16 18:43:35 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-08-16 18:43:35 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-08-16 18:34:59 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2013-08-16 18:33:58 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-08-16 18:32:00 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-08-16 18:32:00 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-08-16 18:31:59 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-08-16 18:31:59 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-08-16 18:28:27 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2013-08-16 18:27:58 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2013-08-16 18:26:58 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-08-16 18:03:46 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Google

2013-08-16 18:03:22 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Apps

2013-08-16 18:03:21 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Deployment

2013-08-16 17:59:13 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\IDT

2013-08-16 17:54:47 0 ----a-w- C:\Windows\ativpsrm.bin

2013-08-16 17:43:16 -------- d-----w- C:\Windows\Panther

2013-08-16 17:43:15 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-08-16 17:43:07 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-08-16 17:37:58 -------- d-----w- C:\Windows\SysWow64\sda

2013-08-16 17:37:33 9888360 ----a-w- C:\Windows\SysWow64\RtsPStorIcon.dll

2013-08-16 17:35:25 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-08-16 17:35:25 428136 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2013-08-16 17:35:25 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-08-16 17:35:18 -------- d-----w- C:\Program Files (x86)\Realtek

2013-08-16 17:33:40 -------- d-----w- C:\Program Files\Validity Sensors

2013-08-16 17:30:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation

2013-08-16 17:28:54 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\Intel Corporation

2013-08-16 17:28:44 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\Synaptics

2013-08-16 17:28:44 -------- d-----w- C:\ProgramData\Synaptics

2013-08-16 15:45:48 654336 ------w- C:\Windows\System32\stapi64.dll

2013-08-16 15:45:48 528384 ----a-w- C:\Windows\System32\drivers\stwrt64.sys

2013-08-16 15:45:48 431616 ----a-w- C:\Windows\System32\stcplx64.dll

2013-08-16 15:45:48 224256 ----a-w- C:\Windows\System32\staco64.dll

2013-08-16 15:45:48 1965056 ----a-w- C:\Windows\System32\stapo64.dll

2013-08-16 15:45:43 -------- d-----w- C:\Program Files\IDT

2013-08-16 15:31:09 557848 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2013-08-16 15:31:09 -------- d-----w- C:\system.sav

2013-08-16 15:24:24 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\Intel

2013-08-16 15:24:14 -------- d-----w- C:\Users\Leandro Pieroni\Roaming

2013-08-16 15:23:34 -------- d-----w- C:\Program Files\Common Files\Intel

2013-08-16 15:23:34 -------- d-----w- C:\Program Files (x86)\Cisco

2013-08-16 15:08:13 8604672 ----a-w- C:\Windows\System32\drivers\NETwNs64.sys

2013-08-16 15:00:48 -------- d-----w- C:\Program Files\Synaptics

2013-08-16 15:00:34 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll

2013-08-16 15:00:34 411944 ----a-w- C:\Windows\System32\SynCOM.dll

2013-08-16 15:00:34 276264 ----a-w- C:\Windows\System32\SynCtrl.dll

2013-08-16 15:00:34 226600 ----a-w- C:\Windows\System32\SynTPAPI.dll

2013-08-16 15:00:34 222504 ----a-w- C:\Windows\SysWow64\SynCtrl.dll

2013-08-16 15:00:34 177448 ----a-w- C:\Windows\SysWow64\SynCOM.dll

2013-08-16 15:00:34 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2013-08-16 15:00:34 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll

2013-08-16 15:00:34 1451056 ----a-w- C:\Windows\System32\drivers\SynTP.sys

2013-08-16 15:00:34 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll

2013-08-16 14:49:04 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Hewlett-Packard

2013-08-16 14:43:34 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\hpqLog

2013-08-16 14:40:19 -------- d-----w- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-08-16 14:21:14 -------- d-----w- C:\Program Files (x86)\HP

2013-08-16 13:40:28 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Roaming\WinBatch

2013-08-16 13:39:17 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\AVG SafeGuard toolbar

2013-08-16 13:38:53 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-08-16 13:38:49 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar

2013-08-16 13:38:48 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search

2013-08-16 13:38:45 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar

2013-08-16 13:38:16 16152 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys

2013-08-16 13:38:14 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\SlimWare Utilities Inc

2013-08-16 13:38:08 -------- d--h--w- C:\ProgramData\Common Files

2013-08-16 13:37:58 -------- d-----w- C:\Program Files (x86)\SlimDrivers

2013-08-16 13:37:48 -------- d-sh--w- C:\Windows\Installer

2013-08-16 13:37:35 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-08-16 13:37:35 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-08-16 13:37:35 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-08-16 13:31:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-08-16 13:31:21 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-08-16 13:31:10 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-08-16 13:31:10 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-08-16 13:29:09 -------- d-----w- C:\SWSetup

2013-08-16 12:59:07 -------- d-----w- C:\Users\Leandro Pieroni\AppData\Local\Diagnostics

.

==================== Find3M ====================

.

2013-08-16 17:37:31 338536 ----a-w- C:\Windows\System32\drivers\RtsPStor.sys

2013-08-16 15:45:33 6382080 ----a-w- C:\Windows\System32\IDTNGUI.exe

2013-08-16 15:45:33 4933120 ----a-w- C:\Windows\System32\IDTNHP.dll

2013-08-16 15:45:33 4779520 ----a-w- C:\Windows\System32\stlang64.dll

2013-08-16 15:45:33 212480 ----a-w- C:\Windows\System32\IDTNJ.exe

2013-08-16 15:45:33 1523712 ----a-w- C:\Windows\System32\IDTNC64.cpl

2013-08-16 15:45:33 1128448 ----a-w- C:\Windows\sttray64.exe

2013-08-16 15:45:33 1029120 ----a-w- C:\Windows\System32\IDTNX.dll

2013-08-16 15:45:32 90624 ----a-w- C:\Windows\System32\AESTCo64.dll

2013-08-16 15:45:32 68608 ----a-w- C:\Windows\System32\AESTAR64.dll

2013-08-16 15:45:32 442368 ----a-w- C:\Windows\System32\AESTEC64.dll

2013-08-16 15:45:32 221184 ----a-w- C:\Windows\System32\HPToneCtrls64.dll

2013-08-16 15:45:32 162304 ----a-w- C:\Windows\System32\AESTAC64.dll

2013-08-16 15:03:02 91648 ----a-w- C:\Windows\System32\drivers\nusb3hub.sys

2013-08-16 15:03:02 81920 ----a-w- C:\Windows\System32\nusb3co2.dll

2013-08-16 15:03:02 208896 ----a-w- C:\Windows\System32\drivers\nusb3xhc.sys

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-19 00:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2013-06-19 00:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 16:50:49,17 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 16/08/2013 09:51:10

System Uptime: 22/08/2013 15:25:51 (1 hours ago)

.

Motherboard: Hewlett-Packard | | 165A

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU1 | 780/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 384,014 GiB free.

D: is FIXED (NTFS) - 466 GiB total, 309,818 GiB free.

E: is FIXED (NTFS) - 14 GiB total, 1,826 GiB free.

F: is FIXED (FAT32) - 0 GiB total, 0,081 GiB free.

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: SM Bus Controller

Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_165A103C&REV_05\3&11583659&0&FB

Manufacturer:

Name: SM Bus Controller

PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_165A103C&REV_05\3&11583659&0&FB

Service:

.

==== System Restore Points ===================

.

RP28: 18/08/2013 23:52:04 - Windows Update

RP29: 19/08/2013 16:45:36 - Windows Update

RP30: 21/08/2013 17:18:53 - Windows Update

RP32: 22/08/2013 09:22:45 - Removed Microsoft Office Professional Plus 2013

RP33: 22/08/2013 09:22:57 - PROPLUSR

RP34: 22/08/2013 15:18:30 - Windows Update

RP35: 22/08/2013 16:28:48 - Installed Adobe Reader XI.

.

==== Installed Programs ======================

.

3600_Help

64 Bit HP CIO Components Installer

Adobe AIR

Adobe Download Assistant

Adobe Reader XI (11.0.02)

ArcGIS 10.1 for Desktop

ArcGIS 10.1 License Manager

AVG SafeGuard toolbar

BPD_Scan

BPDSoftware_Ini

BufferChm

CCleaner

ESET Online Scanner v3

Google Chrome

Google Earth

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP Customer Experience Enhancements

HP OfficeJet J3600

HP Product Detection

HP Support Assistant

iba revistas

IDT Audio

Intel PROSet Wireless

Intel® Control Center

Intel® Rapid Storage Technology

J3600_Basic

Java 7 Update 25

Java Auto Updater

Malwarebytes Anti-Malware versão 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Security Client

Microsoft Security Essentials

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

PDFCreator

Realtek Ethernet Controller Driver

Realtek PCIE Card Reader

Renesas Electronics USB 3.0 Host Controller Driver

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Software Intel® PROSet/Wireless WiFi

Synaptics TouchPad Driver

Toolbox

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Validity WBF DDK

WebReg

.

==== Event Viewer Messages From Past Week ========

.

22/08/2013 15:45:37, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

22/08/2013 11:01:44, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

18/08/2013 10:46:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2432.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

18/08/2013 10:46:51, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.155.2432.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9700.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

17/08/2013 12:13:04, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

16/08/2013 18:43:02, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\GbpKm.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

16/08/2013 16:40:00, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).

16/08/2013 16:37:21, Error: Service Control Manager [7023] -

16/08/2013 16:34:34, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

16/08/2013 16:34:29, Error: Service Control Manager [7034] - The vToolbarUpdater15.4.0 service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

GMER:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-22 17:19:22

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.GS00 465,76GB

Running: gmer.exe; Driver: C:\Users\LEANDR~1\AppData\Local\Temp\pxldapow.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002ba3000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff80002ba302f 10 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[968] C:\Windows\syswow64\kernel32.dll!FreeLibrary 00000000767234a8 5 bytes JMP 000000013b0ae02d

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[968] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 000000007673d56a 5 bytes JMP 000000013b0adfa5

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[968] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3704] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe[3704] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

? C:\Windows\system32\mssprxy.dll [1848] entry point in ".rdata" section 000000006f5771e6

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007778f9b1 7 bytes {MOV EDX, 0x955628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007778fbf5 7 bytes {MOV EDX, 0x955668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007778fc25 7 bytes {MOV EDX, 0x9555a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007778fc3d 7 bytes {MOV EDX, 0x955528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007778fc55 7 bytes {MOV EDX, 0x955728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007778fc85 7 bytes {MOV EDX, 0x955768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fcb0 5 bytes JMP 00000001010e81e1

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007778fd05 7 bytes {MOV EDX, 0x9556e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007778fd1d 7 bytes {MOV EDX, 0x9556a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007778fd69 7 bytes {MOV EDX, 0x955468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007778fe61 7 bytes {MOV EDX, 0x9554a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000777900b9 7 bytes {MOV EDX, 0x955428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777910c5 7 bytes {MOV EDX, 0x9555e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007779113d 7 bytes {MOV EDX, 0x955568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077791341 7 bytes {MOV EDX, 0x9554e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007778f9b1 7 bytes {MOV EDX, 0x5cb628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007778fbf5 7 bytes {MOV EDX, 0x5cb668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007778fc25 7 bytes {MOV EDX, 0x5cb5a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007778fc3d 7 bytes {MOV EDX, 0x5cb528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007778fc55 7 bytes {MOV EDX, 0x5cb728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007778fc85 7 bytes {MOV EDX, 0x5cb768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fcb0 5 bytes JMP 00000001010e81e1

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007778fd05 7 bytes {MOV EDX, 0x5cb6e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007778fd1d 7 bytes {MOV EDX, 0x5cb6a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007778fd69 7 bytes {MOV EDX, 0x5cb468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007778fe61 7 bytes {MOV EDX, 0x5cb4a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000777900b9 7 bytes {MOV EDX, 0x5cb428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777910c5 7 bytes {MOV EDX, 0x5cb5e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007779113d 7 bytes {MOV EDX, 0x5cb568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077791341 7 bytes {MOV EDX, 0x5cb4e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007778f9b1 7 bytes {MOV EDX, 0xb75628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007778fbf5 7 bytes {MOV EDX, 0xb75668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007778fc25 7 bytes {MOV EDX, 0xb755a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007778fc3d 7 bytes {MOV EDX, 0xb75528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007778fc55 7 bytes {MOV EDX, 0xb75728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007778fc85 7 bytes {MOV EDX, 0xb75768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007778fcb0 5 bytes JMP 00000001010e81e1

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007778fd05 7 bytes {MOV EDX, 0xb756e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007778fd1d 7 bytes {MOV EDX, 0xb756a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007778fd69 7 bytes {MOV EDX, 0xb75468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007778fe61 7 bytes {MOV EDX, 0xb754a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 00000000777900b9 7 bytes {MOV EDX, 0xb75428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000777910c5 7 bytes {MOV EDX, 0xb755e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007779113d 7 bytes {MOV EDX, 0xb75568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077791341 7 bytes {MOV EDX, 0xb754e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076821465 2 bytes [82, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3996] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000768214bb 2 bytes [82, 76]

.text ... * 2

---- Threads - GMER 2.1 ----

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4976:5104] 00000000765f7587

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4976:3276] 0000000072ff0cb3

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4976:4392] 00000000777c2e65

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4976:884] 00000000777c3e85

Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4976:3592] 00000000777c3e85

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch2@Epoch 181

---- EOF - GMER 2.1 ----

dds.txt

attach.txt

gmer.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×