Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer sending spam


  • This topic is locked This topic is locked
2 replies to this topic

#1 joaop

joaop

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 July 2014 - 06:37 PM

I changed the password but still sent.
I think svchost.exe is being used to send messages.

 

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.60.2
Run by João Paiva at 20:19:18 on 2014-07-09
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.8055.6069 [GMT -3:00]
.
AV: COMODO Antivirus *Disabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Antivirus *Disabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\João Paiva\Downloads\dds.com
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.br/
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
uRun: [uTorrent] "C:\Users\João Paiva\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 10.1.1.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2} : DHCPNameServer = 10.1.1.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\35B697022556374716572716E64756 : DHCPNameServer = 192.168.1.1 192.168.0.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\75C4C4D294E6164756C6 : DHCPNameServer = 192.168.80.1 192.168.10.68
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\C457369616E6162C0AE45647 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\D416E6F656C6160214262716863EF6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{C52DA074-2AD2-41A9-9939-511A47EC30E2}\D416E6F656C6162C0A14262716863C3AF6 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\João Paiva\AppData\Roaming\Mozilla\Firefox\Profiles\tw6s3opu.default-1368412288224\
.
============= SERVICES / DRIVERS ===============
.
R0 12226415;12226415;C:\Windows\System32\drivers\12226415.sys [2014-7-7 460888]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-13 133728]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-5-31 21616]
R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\System32\drivers\vsflt61.sys [2012-2-13 142944]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-1-9 70256]
R1 2762600drv;2762600drv;C:\Windows\System32\drivers\2762600drv.sys [2014-7-7 556632]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2014-4-16 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2014-4-16 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2014-4-16 48360]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2013-5-21 89600]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2012-9-23 274832]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-2 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-2 860472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-6-21 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-8-5 5093216]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-5-21 2320920]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-5-31 27760]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2013-9-1 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-2-13 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-5-21 151936]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-1 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-2 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-2 63704]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-3-25 2264280]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; [x]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-2-23 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-5-21 222208]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-2-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-15 1255736]
S4 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
S4 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-09 23:19:33    --------    d-----w-    C:\Users\JoÒo Paiva\AppData\Local\Microsoft
2014-07-09 20:54:59    --------    d-sh--w-    C:\$RECYCLE.BIN
2014-07-09 19:47:02    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-07-09 19:45:37    --------    d-----w-    C:\AdwCleaner
2014-07-09 19:45:06    12872    ----a-w-    C:\Windows\System32\bootdelete.exe
2014-07-09 16:33:51    936960    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 16:33:51    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 16:33:51    1389568    ----a-w-    C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-09 16:33:51    1380864    ----a-w-    C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-09 16:33:51    1354240    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 16:33:49    519168    ----a-w-    C:\Windows\System32\aepdu.dll
2014-07-09 16:33:48    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-07-09 16:32:12    1247232    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-07-09 16:32:11    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-07-09 16:32:11    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-07-09 16:32:11    544768    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-07-09 16:32:11    503296    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 16:32:11    449024    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-07-09 16:32:11    348672    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-07-09 16:32:11    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-07-09 16:32:11    224768    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-07-09 16:32:11    110592    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-07-09 16:32:11    10240    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-07-09 16:30:06    810160    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-07-09 16:28:11    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-09 16:28:10    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-09 16:28:10    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-07-09 15:59:35    30312    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-07-09 15:59:33    --------    d-----w-    C:\ProgramData\RogueKiller
2014-07-08 01:42:58    556632    ----a-w-    C:\Windows\System32\drivers\2762600drv.sys
2014-07-08 01:42:58    460888    ----a-w-    C:\Windows\System32\drivers\12226415.sys
2014-07-08 01:11:54    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-07-08 01:02:23    --------    d-----w-    C:\ProgramData\Package Cache
2014-07-08 01:02:15    --------    d-----w-    C:\Program Files (x86)\Seagate
2014-07-07 23:36:40    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-07 21:33:22    --------    d-----w-    C:\FRST
2014-07-07 20:57:32    0    ----a-w-    C:\Windows\System32\nvapi.dll
2014-07-07 20:57:32    0    ----a-w-    C:\Windows\System32\cmdvrt32.dll
2014-07-07 20:42:20    175528    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-07-07 02:59:28    --------    d-----w-    C:\Users\João Paiva\AppData\Roaming\DigitalPersona
2014-07-07 02:54:25    --------    d-----w-    C:\Users\João Paiva\AppData\Roaming\Macrovision
2014-07-07 02:54:20    --------    d-----w-    C:\Users\João Paiva\AppData\Roaming\FLEXnet
2014-07-07 02:50:25    --------    d-----w-    C:\ProgramData\Downloaded Installations
2014-07-07 02:46:33    --------    d-----w-    C:\dell
2014-07-07 02:15:47    --------    d-----w-    C:\Program Files (x86)\Dell
2014-07-07 02:15:46    --------    d-----w-    C:\Windows\SysWow64\Dell
2014-07-06 22:07:40    --------    d-----w-    C:\Users\João Paiva\AppData\Roaming\ProductData
2014-07-06 22:06:32    --------    d-----w-    C:\ProgramData\ProductData
2014-07-06 21:52:40    --------    d-----w-    C:\VTRoot
2014-07-06 21:42:50    1060864    ----a-w-    C:\Windows\SysWow64\mfc71.dll
2014-07-06 21:42:49    1700352    ----a-w-    C:\Windows\SysWow64\gdiplus.dll
2014-07-03 01:26:48    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-07-03 01:23:28    51496    ----a-w-    C:\Windows\System32\drivers\stflt.sys
2014-07-02 19:36:54    --------    d-----w-    C:\Program Files\HitmanPro
2014-07-02 19:36:41    --------    d-----w-    C:\ProgramData\HitmanPro
2014-07-02 18:56:41    --------    d-----w-    C:\Users\João Paiva\AppData\Roaming\ZHP
2014-07-02 16:42:45    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-02 16:42:11    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-02 16:42:11    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-02 16:42:09    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-10 17:05:57    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2014-07-09 15:32:17    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 15:32:17    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-07-06 21:12:05    512    ----a-w-    C:\PhysicalDisk0_MBR.bin
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-12 10:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-05-08 09:32:02    1112064    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-04-25 02:34:59    801280    ----a-w-    C:\Windows\System32\usp10.dll
2014-04-25 02:06:17    626688    ----a-w-    C:\Windows\SysWow64\usp10.dll
2014-04-17 01:12:58    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2014-04-17 01:12:56    738472    ----a-w-    C:\Windows\System32\drivers\cmdguard.sys
2014-04-17 01:12:56    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2014-04-12 02:22:05    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05    155072    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37    28160    ----a-w-    C:\Windows\System32\secur32.dll
2014-04-12 02:19:05    31232    ----a-w-    C:\Windows\System32\lsass.exe
2005-07-14 15:31:20    32256    --sh--w-    C:\Windows\SysWOW64\AVSredirect.dll
2006-05-03 15:06:54    163328    --sha-w-    C:\Windows\SysWOW64\flvDX.dll
2004-01-25 03:00:00    70656    --sh--w-    C:\Windows\SysWOW64\i420vfw.dll
2004-01-25 03:00:00    70656    --sh--w-    C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH: 20:20:36,58 ===============

 

Please help me

Attached Files


Edited by joaop, 10 July 2014 - 02:45 PM.


BC AdBot (Login to Remove)

 


#2 joaop

joaop
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 12 July 2014 - 09:59 PM

I think the problem was solved. I installed another antivirus with firewall and emails stopped being sent. I apologize! Thanks.



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:47 AM

Posted 13 July 2014 - 08:30 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users