blue screen + posibles rootkits - CERRADO

Cerrado
the_hunter
Mensajes: 2
Registrado: 06 Dic 2015, 19:08

blue screen + posibles rootkits - CERRADO

Mensaje por the_hunter » 06 Dic 2015, 19:14

hola

este problema ya lo habia puesto en otra pag web , pero viendo que no me contestaban los moderadores pues he decidido escribir aqui

ayer he tenido un pantallazo azul mientras le pasaba unos anti rootkits bajados de otra pag web

he conseguido acceder al dump y ver el error en el programa bluescreenview

120515-33649-01.dmp 05/12/2015 13:40:42 IRQL_NOT_LESS_OR_EQUAL 0x0000000a

causado por el driver ntoskrnl.exe ( segun he leido , este driver tiene algo que ver con la ram no? )

he pasado el memtest y he esperado unas 2 horas ( y al parecer no ha pillado errores)

viendo que podria descartar la ram , y que no he instalado nada raro que le haya podido sentar mal , le he instalado las ultimas actualizaciones del sistema por si acaso..

luego cuando he tenido un rato , le he pasado el gmer rootkit

tengo el log ya es este:

(seria de agradecer que alguien me diga si puede entenderlo...)

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2015-12-05 17:28:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD1600BEVS-60RST0 rev.04.01G04 149,05GB
Running: InfoSpy_ARK.exe; Driver: C:\Users\Laia\AppData\Local\Temp\fwdiqfow.sys


---- User code sections - GMER 2.0 ----

Código: Seleccionar todo

.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075921401 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075921419 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075921431 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007592144a 2 bytes [92, 75]
.text ... * 9
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000759214dd 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000759214f5 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007592150d 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075921525 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007592153d 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075921555 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007592156d 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075921585 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007592159d 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000759215b5 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000759215cd 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000759216b2 2 bytes [92, 75]
.text C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2072] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000759216bd 2 bytes [92, 75]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fefaf92750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fefaf92b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fefaf97de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fefaf98130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fefaf91908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fefaf91c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fefaf981d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fefaf92878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fefaf97a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement] [7fefaf96c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fefaf977bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fefaf97064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fefaf96544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1876] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fefaf95e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- Threads - GMER 2.0 ----

Thread C:\Windows\system32\svchost.exe [940:1216] 000007fef5c2506c
Thread C:\Windows\system32\svchost.exe [940:2852] 000007fef5cc1c20
Thread C:\Windows\system32\svchost.exe [940:1212] 000007fef5cc1c20
Thread C:\Windows\system32\svchost.exe [940:2724] 000007fef8e65170
Thread C:\Windows\system32\svchost.exe [940:636] 000007fef8e65170
Thread C:\Windows\system32\svchost.exe [940:3968] 000007fef007a190
Thread C:\Windows\system32\svchost.exe [940:2564] 000007fef7984164
Thread C:\Windows\system32\svchost.exe [768:516] 000007fefad2341c
Thread C:\Windows\system32\svchost.exe [768:312] 000007fefad23a2c
Thread C:\Windows\system32\svchost.exe [768:332] 000007fefad23768
Thread C:\Windows\system32\svchost.exe [768:380] 000007fefad25c20
Thread C:\Windows\system32\svchost.exe [768:1988] 000007fef81cbd70
Thread C:\Windows\system32\svchost.exe [768:2464] 000007fef8165124
Thread C:\Windows\system32\svchost.exe [768:5100] 000007fef8e65170
Thread C:\Windows\system32\svchost.exe [768:968] 000007fefad23900
Thread C:\Windows\System32\spoolsv.exe [1124:1828] 000007fef85710c8
Thread C:\Windows\System32\spoolsv.exe [1124:1832] 000007fef8536144
Thread C:\Windows\System32\spoolsv.exe [1124:1836] 000007fef8325fd0
Thread C:\Windows\System32\spoolsv.exe [1124:1840] 000007fef8313438
Thread C:\Windows\System32\spoolsv.exe [1124:1844] 000007fef83263ec
Thread C:\Windows\System32\spoolsv.exe [1124:1852] 000007fef8af5e5c
Thread C:\Windows\System32\spoolsv.exe [1124:1856] 000007fef8b65074
Thread C:\Windows\system32\svchost.exe [1152:1436] 000007fef97235c0
Thread C:\Windows\system32\svchost.exe [1152:1880] 000007fef9725600
Thread C:\Windows\system32\svchost.exe [1152:1400] 000007fef5f32888
Thread C:\Windows\system32\svchost.exe [1152:152] 000007fef5f22940
Thread C:\Windows\System32\svchost.exe [1384:1588] 000007fef9980360
Thread C:\Windows\System32\svchost.exe [1384:1624] 000007fef995e460
Thread C:\Windows\System32\svchost.exe [1384:1628] 000007fef995e450
Thread C:\Windows\System32\svchost.exe [1384:1632] 000007fef9925570
Thread C:\Windows\System32\svchost.exe [1384:1636] 000007fef995a130
Thread C:\Windows\System32\svchost.exe [1384:1640] 000007fef9925560
Thread C:\Windows\System32\svchost.exe [1384:1644] 000007fef99a82a0
Thread C:\Windows\system32\taskhost.exe [1484:1608] 000007fef90d2740
Thread C:\Windows\system32\taskhost.exe [1484:1680] 000007fef8e01010
Thread C:\Windows\system32\taskhost.exe [1484:4320] 000007fef8e65170
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [1920:1964] 00000000750f7587
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1540:1360] 000000005003bf18
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1540:1336] 000000005003bf18
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1540:1340] 000000005003bf18
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1540:1332] 00000000750f7587
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1540:1348] 000000005003bf18
Thread C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe [3516:4056] 0000000073b6781f
Thread C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe [3516:3100] 0000000072447a00
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2960] 000000006f09c59c
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2976] 00000000773bc557
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:1704] 000000006f09c59c
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:4092] 00000000773d27c1
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2216] 00000000773d27c1
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:952] 000000006f09c59c
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2264] 000000006f09c59c
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:3204] 00000000735662ee
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:4284] 000000006f09c59c
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2496] 00000000773d27c1
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:2760] 00000000773d27c1
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:808] 00000000773d27c1
Thread C:\Users\Laia\AppData\Local\MEGAsync\MEGAsync.exe [3652:1356] 00000000773d27c1
Thread C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [3692:3712] 00000000746227e1
Thread C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3472:2688] 00000000750f7587
Thread C:\Windows\system32\svchost.exe [3240:3436] 000007fef4a68470
Thread C:\Windows\system32\svchost.exe [3240:3188] 000007fef4a72418
Thread C:\Windows\system32\svchost.exe [3240:3344] 000007fef8325fd0
Thread C:\Windows\system32\svchost.exe [3240:3492] 000007fef83263ec
Thread C:\Windows\system32\svchost.exe [3240:4016] 000007fef542f130
Thread C:\Windows\system32\svchost.exe [3240:200] 000007fef5424734
Thread C:\Windows\system32\svchost.exe [3240:4544] 000007fef5424734
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [860:3672] 000007fefb4e2ae8
Thread C:\Windows\System32\svchost.exe [2980:3216] 000007fef8e65170
Thread C:\Windows\System32\svchost.exe [2980:4344] 000007fef8169874
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:1748] 00000000773bc557
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:4476] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:4764] 00000000773d27c1
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:3124] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:2080] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:2716] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:4360] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:2880] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:3404] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:3224] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:656] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:2604] 00000000746227e1
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:1620] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:3084] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:5044] 000000005f386770
Thread C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe [3944:2340] 00000000773d27c1
Thread C:\Users\Laia\Desktop\MemTest\memtest.exe [4796:4048] 0000000076ae12e5
Thread C:\Windows\system32\taskhost.exe [3016:4076] 000007fef77cee1c
Thread C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2428:3560] 00000000759c82cd
Thread C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe [4188:4904] 00000000773bc557
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:1020] 00000000773bc557
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:4816] 00000000773d27c1
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:2648] 0000000072b1a94f
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:4892] 00000000773d27c1
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:4404] 00000000731eb1af
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:3800] 00000000773d27c1
Thread C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660:2012] 00000000773d27c1
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [612:4880] 00000000773d27c1
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [612:4800] 00000000750f7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [612:3980] 0000000070db8aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [612:3376] 00000000773bc557
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [612:4300] 00000000773d27c1
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\system32\csrss.exe [364] 000007fefcd90000
Library ? (*** suspicious ***) @ C:\Windows\system32\lsass.exe [540] 000007fef9b40000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [820] 000007fefcc10000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [940] 000007fefce30000
Library ? (*** suspicious ***) @ C:\Program Files\HitmanPro\hmpsched.exe [368] 000007fefcf40000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [768] 000007feff490000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1124] 000007fef9ab0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1152] 000007fefe680000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1308] 0000000075990000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [1384] 000007feff490000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [1424] 0000000075440000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1484] 000007fefd2a0000
Library ? (*** suspicious ***) @ C:\Windows\system32\GWX\GWX.exe [1276] 000007fefc840000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [1512] 000007fefd670000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [1876] 000007fefcd80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2220] 0000000050250000
Library ? (*** suspicious ***) @ C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [1084] 000007fefcd80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [3476] 0000000074d40000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Skillbrains\lightshot\5.2.1.1\Lightshot.exe [3516] 0000000075590000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3540] 00000000727a0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe [3692] 0000000075590000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [3776] 0000000074d40000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [3892] 000007fefa8e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3240] 000007fefcd80000
Library ? (*** suspicious ***) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [860] 000007fef12f0000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2980] 000007fefc240000
Library ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [4128] 000007fefcbe0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [3016] 000007fefcd80000
Library ? (*** suspicious ***) @ C:\Windows\system32\wuauclt.exe [2440] 000007feff4a0000
Library ? (*** suspicious ***) @ c:\Program Files\Microsoft Security Client\MsMpEng.exe [2124] 000007feff4a0000
Library ? (*** suspicious ***) @ C:\Program Files\Microsoft Security Client\msseces.exe [2408] 000007fefe120000
Library ? (*** suspicious ***) @ C:\Windows\servicing\TrustedInstaller.exe [2172] 000007fef0c70000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2428] 0000000048000000
Library C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe (*** suspicious ***) @ C:\Windows\SoftwareDistribution\Download\Install\ndp452-kb2901983-x86-x64-enu.exe [4188] 0000000000d60000
Library C:\66217ce386ddbef40d5216c2d302bd\Setup.exe (*** suspicious ***) @ C:\66217ce386ddbef40d5216c2d302bd\Setup.exe [3660] 00000000003a0000

---- EOF - GMER 2.0 ----

Avatar de Usuario
flacoroo
Mensajes: 6289
Registrado: 09 Mar 2004, 20:32
Ubicación: Paso del Macho,Ver.México

Re: blue screen + posibles rootkits

Mensaje por flacoroo » 07 Dic 2015, 19:05

Entra al siguiente link, baja el programa, reinicia a modo seguro y lo ejecutas y pegas el resultado creado en C:infosat.txt

ElistarA

Y en caso de que sigas con tu problema, baja este programa, lo ejecutas y nos pegas el resultado de log que se crea en C:

Sproces

the_hunter
Mensajes: 2
Registrado: 06 Dic 2015, 19:08

Re: blue screen + posibles rootkits

Mensaje por the_hunter » 08 Dic 2015, 16:00

flacoroo escribió:Entra al siguiente link, baja el programa, reinicia a modo seguro y lo ejecutas y pegas el resultado creado en C:infosat.txt

ElistarA

Y en caso de que sigas con tu problema, baja este programa, lo ejecutas y nos pegas el resultado de log que se crea en C:

Sproces

hola ,

gracias por tu respuesta ,pero resulta que no me puedo descargar los antivirus...

soy de ono y no me deja enviar sms a numeros cortos..

https://www.ono.es/clientes/te-ayudamos ... ist/21346/

hay alguna otra forma de bajarselos?

tengo que ponerme en contacto con satinfo? :?

pd: por cierto ya me contestaron los del otro foro, diciendome otras herramientas :roll:

gracias de todas formas, creo que este tema lo puedes cerrar

Avatar de Usuario
flacoroo
Mensajes: 6289
Registrado: 09 Mar 2004, 20:32
Ubicación: Paso del Macho,Ver.México

Re: blue screen + posibles rootkits

Mensaje por flacoroo » 08 Dic 2015, 16:35

ok pues tema cerrado
:lol: :lol: La vida es hermosa....para que complicarnosla :lol: :lol:

Cerrado

Volver a “Foro Virus - Cuentanos tu problema”