1
Malware removal help / Re: IAT Hook detection
« on: February 18, 2016, 08:35:12 PM »
I'll wait a few days and see if it goes well. In the meantime, here's the Fix Log.
Thanks for your help
Thanks for your help
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
Malware removal help / Re: IAT Hook detection
« on: February 18, 2016, 06:33:24 PM »
Here are both logs.
In the FRST log there're a few whitelisted Registry entries that have been detected by some malware scans as infected:
And the same for modules loaded in the Addition Log:
In the FRST log there're a few whitelisted Registry entries that have been detected by some malware scans as infected:
Quote
HKU\S-1-5-21-3972373143-2646392049-199530508-1001\...\Run: [Ubcvmedia] => C:\Windows\SysWOW64\regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\Eflrtion\WlxCryptPpm24.dll"
HKU\S-1-5-21-3972373143-2646392049-199530508-1001\...\Run: [YmrbPack] => regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\YmrbPack\WlxCryptPpm24.dll" <===== ATTENTION
And the same for modules loaded in the Addition Log:
Quote
2016-02-17 20:43 - 2016-02-17 20:43 - 00043008 _____ () C:\Users\Edu Alonso\AppData\Local\YmrbPack\WlxCryptPpm24.dll
2016-02-17 20:43 - 2016-02-17 20:43 - 00043008 _____ () C:\Users\Edu Alonso\AppData\Local\Eflrtion\WlxCryptPpm24.dll
3
Malware removal help / IAT Hook detection
« on: February 18, 2016, 12:17:29 AM »
Greetings,
I've been getting a constant detection by Windows Defender of Dynamer!AC, so I lookd for help on the net till I bumped into several tutorials for its removal advising the use of your software.
Here's what it found:
RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Free) by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Sistema Operativo : Windows 8 (6.2.9200) 64 bits version
Iniciado en : Modo Normal
Usuario : Edu Alonso [Administrador]
Started from : C:\Users\Edu Alonso\Desktop\RogueKillerX64.exe
Modo : Borrar -- Fecha : 02/17/2016 19:52:11
¤¤¤ Procesos : 1 ¤¤¤
[Suspicious.Path|Proc.Injected|Proc.RunPE] dgsl32.exe(5916) -- C:\Users\Edu Alonso\AppData\Local\Eflrtion\dgsl32.exe[-] -> Eliminado [TermProc]
¤¤¤ Registro : 8 ¤¤¤
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Windows\CurrentVersion\Run | YmrbPack : regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\YmrbPack\CdWIhid8.dll" [-][-] -> Borrado
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ubcvmedia : C:\Windows\SysWOW64\regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\Eflrtion\EventCrtlog54.dll" [-][-] -> Borrado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://samsung13.msn.com -> Reemplazado (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://samsung13.msn.com -> Reemplazado (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Reemplazado (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Reemplazado (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Reemplazado (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Reemplazado (http://search.msn.com/spbasic.htm)
¤¤¤ Tareas : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] \RegIdleBackup -- "C:\windows\icm32.exe" -> ERROR
¤¤¤ Archivos : 7 ¤¤¤
[PUP][Carpeta] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\mia.lib -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.res -> Borrado
[PUP][Carpeta] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\mia.lib -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.res -> Borrado
[PUP][Carpeta] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\mia.lib -> Borrado
¤¤¤ Archivo de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 18 (Driver: Cargado) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ user32.dll) gdi32!GetDeviceCaps : Unknown @ 0x364269c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!MessageBeep : Unknown @ 0x3653334 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!GetSystemMetrics : Unknown @ 0x3640ffc (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!DrawTextExW : Unknown @ 0x361adc4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!SystemParametersInfoW : Unknown @ 0x3641b4c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!GetForegroundWindow : Unknown @ 0x36404ac (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ msctf.dll) user32!IsWindowVisible : Unknown @ 0x36431ec (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ ieframe.dll) user32!DrawTextW : Unknown @ 0x36177a4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ urlmon.dll) wininet!HttpOpenRequestW : Unknown @ 0x364588c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ user32.dll) gdi32!GetDeviceCaps : Unknown @ 0x31b0c84 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!MessageBeep : Unknown @ 0x31b9fbc (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!GetSystemMetrics : Unknown @ 0x31af5e4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!DrawTextExW : Unknown @ 0x31adf44 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!SystemParametersInfoW : Unknown @ 0x31b0134 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!GetForegroundWindow : Unknown @ 0x31aea94 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ msctf.dll) user32!IsWindowVisible : Unknown @ 0x31b1fd4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ ieframe.dll) user32!DrawTextW : Unknown @ 0x31ab3f4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ urlmon.dll) wininet!HttpOpenRequestW : Unknown @ 0x31b46a4 (ret)
¤¤¤ Navegadores Web : 0 ¤¤¤
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 51ed59d4652a1eb11861219d6c9ec368
[BSP] 4c777cabeb935f3db9c51a87027f515c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1638400 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1900544 | Size: 930580 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1907728385 | Size: 21337 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951426561 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HP Photosmart C4400 USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
My questions are
Is my computer infected by malware? If it is so, what can I do to fix it?
Are those IAT hooks found actually malware or are they product of other programs?
What do the error codes (0-8) mean in the results?
I will attach the log on .txt and .json format in case you find it easier to analyze.
Thanks for your help.
I've been getting a constant detection by Windows Defender of Dynamer!AC, so I lookd for help on the net till I bumped into several tutorials for its removal advising the use of your software.
Here's what it found:
RogueKiller V11.0.12.0 (x64) [Feb 15 2016] (Free) by Adlice Software
correo : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Sitio web : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com
Sistema Operativo : Windows 8 (6.2.9200) 64 bits version
Iniciado en : Modo Normal
Usuario : Edu Alonso [Administrador]
Started from : C:\Users\Edu Alonso\Desktop\RogueKillerX64.exe
Modo : Borrar -- Fecha : 02/17/2016 19:52:11
¤¤¤ Procesos : 1 ¤¤¤
[Suspicious.Path|Proc.Injected|Proc.RunPE] dgsl32.exe(5916) -- C:\Users\Edu Alonso\AppData\Local\Eflrtion\dgsl32.exe[-] -> Eliminado [TermProc]
¤¤¤ Registro : 8 ¤¤¤
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Windows\CurrentVersion\Run | YmrbPack : regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\YmrbPack\CdWIhid8.dll" [-][-] -> Borrado
[Suspicious.Path|VT.Unknown] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Windows\CurrentVersion\Run | Ubcvmedia : C:\Windows\SysWOW64\regsvr32.exe "C:\Users\Edu Alonso\AppData\Local\Eflrtion\EventCrtlog54.dll" [-][-] -> Borrado
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://samsung13.msn.com -> Reemplazado (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://samsung13.msn.com -> Reemplazado (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Reemplazado (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://samsung13.msn.com -> Reemplazado (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Reemplazado (http://search.msn.com/spbasic.htm)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3972373143-2646392049-199530508-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Reemplazado (http://search.msn.com/spbasic.htm)
¤¤¤ Tareas : 1 ¤¤¤
[Suspicious.Path|VT.UDS:DangerousObject.Multi.Generic] \RegIdleBackup -- "C:\windows\icm32.exe" -> ERROR
¤¤¤ Archivos : 7 ¤¤¤
[PUP][Carpeta] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\Controller Editor Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{30FA7941-4170-4C83-A9A8-FDF01C431704}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\mia.lib -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{5A23829C-A66E-47B0-AD50-21A3FFE6C325}\Rig Kontrol 3 Setup PC.res -> Borrado
[PUP][Carpeta] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\mia.lib -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{95B4F0ED-951F-4D36-B068-5EC1C4C19C14}\Service Center Setup PC.res -> Borrado
[PUP][Carpeta] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\Guitar Rig Mobile IO Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B0CAD5CC-867E-473E-B55F-339F9635A45D}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\Guitar Rig 5 Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{B7072B15-6E80-42FF-A9AE-4E62AF2B2418}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\Guitar Rig Session IO Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{CB28D9D3-6B5D-4AFA-BA37-B4AFAAAF71B9}\mia.lib -> Borrado
[PUP][Carpeta] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5} -> ERROR [3]
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\instance.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.dat -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.exe -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.msi -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.par -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\Kontakt 5 Setup PC.res -> Borrado
[PUP][Archivo] C:\ProgramData\{D3CD7CDD-9759-4CF4-BE92-BA89914360B5}\mia.lib -> Borrado
¤¤¤ Archivo de hosts : 0 ¤¤¤
¤¤¤ Antirootkit : 18 (Driver: Cargado) ¤¤¤
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ user32.dll) gdi32!GetDeviceCaps : Unknown @ 0x364269c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!MessageBeep : Unknown @ 0x3653334 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!GetSystemMetrics : Unknown @ 0x3640ffc (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!DrawTextExW : Unknown @ 0x361adc4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!SystemParametersInfoW : Unknown @ 0x3641b4c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!GetForegroundWindow : Unknown @ 0x36404ac (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ msctf.dll) user32!IsWindowVisible : Unknown @ 0x36431ec (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ ieframe.dll) user32!DrawTextW : Unknown @ 0x36177a4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ urlmon.dll) wininet!HttpOpenRequestW : Unknown @ 0x364588c (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ user32.dll) gdi32!GetDeviceCaps : Unknown @ 0x31b0c84 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!MessageBeep : Unknown @ 0x31b9fbc (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ gdi32.dll) user32!GetSystemMetrics : Unknown @ 0x31af5e4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!DrawTextExW : Unknown @ 0x31adf44 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!SystemParametersInfoW : Unknown @ 0x31b0134 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ imm32.dll) user32!GetForegroundWindow : Unknown @ 0x31aea94 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ msctf.dll) user32!IsWindowVisible : Unknown @ 0x31b1fd4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ ieframe.dll) user32!DrawTextW : Unknown @ 0x31ab3f4 (ret)
[IAT:Inl(Hook.IEAT)] (iexplore.exe @ urlmon.dll) wininet!HttpOpenRequestW : Unknown @ 0x31b46a4 (ret)
¤¤¤ Navegadores Web : 0 ¤¤¤
¤¤¤ Chequeo MBR : ¤¤¤
+++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] 51ed59d4652a1eb11861219d6c9ec368
[BSP] 4c777cabeb935f3db9c51a87027f515c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 499 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1024000 | Size: 300 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1638400 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 1900544 | Size: 930580 MB
4 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1907728385 | Size: 21337 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1951426561 | Size: 1024 MB
User = LL1 ... OK
User = LL2 ... OK
+++++ PhysicalDrive1: HP Photosmart C4400 USB Device +++++
Error reading User MBR! ([15] El dispositivo no está listo. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Solicitud no compatible. )
My questions are
Is my computer infected by malware? If it is so, what can I do to fix it?
Are those IAT hooks found actually malware or are they product of other programs?
What do the error codes (0-8) mean in the results?
I will attach the log on .txt and .json format in case you find it easier to analyze.
Thanks for your help.
Pages: [1]
