Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
nandinemp

Processos Abertos inumeras vezes

Recommended Posts

nandinemp    0

Na minha cpu os seguintes processos aparecem repetidas vezes ocupando uma enorme parte da memoria : ntvm.exe , conhost.exe , PING.EXE .

Log DDS :

DDS (Ver_10-12-12.02) - NTFSx86

Run by w at 19:10:13,82 on 11/01/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2037.867 [GMT -2:00]

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Windows\system32\IoctlSvc.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\system32\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\vmnetdhcp.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\VMware\VMware Workstation\vmware-tray.exe

C:\Program Files\Real\RealPlayer\Update\realsched.exe

C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\WU114789.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\ntvdm.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\WINDOWS\SYSTEM32\PING.EXE

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\w\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.perucheats.com

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

BHO: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll

TB: PandoraTV Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: @c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\6.3.2322.0\npwinext.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [setup-5.0.2.exe] c:\users\w\setup-5.0.2.exe

uRun: [<NO NAME>] C:\Project1.exe

uRun: [Windows Updating] c:\windows\WU114789.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [intelMonitor] c:\windows\IntelMon.exe

mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start

StartupFolder: c:\users\w\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\program files\ubisoft\heroes of might and magic v\registration\RegistrationReminder.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\vmware\vmware workstation\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\w\appdata\roaming\mozilla\firefox\profiles\w3rejqgw.default\

FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-26 165584]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-26 17744]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-26 50768]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-26 40384]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-12-6 1238408]

R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]

S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-26 40384]

S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-26 40384]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2011-01-11 20:50:16 388096 ----a-r- c:\users\w\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-01-11 20:50:15 -------- d-----w- c:\program files\Trend Micro

2011-01-09 20:51:00 505344 ----a-w- c:\windows\PCheatsTrainer.exe

2011-01-09 00:03:51 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d0dc4aa1-beee-4c4b-8462-dc0ca53f7df8}\mpengine.dll

2011-01-08 18:40:08 -------- d-----w- c:\program files\PopCap Games

2011-01-08 18:40:08 -------- d-----w- c:\progra~2\PopCap Games

2011-01-06 12:17:44 -------- d-----w- C:\GMouse20

2011-01-06 12:17:04 283648 ----a-w- c:\windows\uninst.exe

2011-01-06 00:56:23 -------- d-----w- c:\windows\pt-PT

2011-01-06 00:56:16 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT

2011-01-06 00:56:16 -------- d-----w- c:\windows\system32\drivers\pt-PT

2011-01-06 00:56:12 -------- d-----w- c:\windows\system32\wbem\pt-PT

2011-01-06 00:56:12 -------- d-----w- c:\windows\system32\pt

2011-01-06 00:53:13 4096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\pt-pt\LXKPTPRC.DLL.mui

2011-01-06 00:51:04 -------- d-----w- c:\windows\system32\drivers\umdf\ru-RU

2011-01-06 00:51:04 -------- d-----w- c:\windows\system32\drivers\ru-RU

2011-01-06 00:51:02 -------- d-----w- c:\windows\system32\ru

2011-01-06 00:51:01 -------- d-----w- c:\windows\system32\wbem\ru-RU

2011-01-06 00:50:54 -------- d-----w- c:\windows\ru-RU

2011-01-06 00:47:51 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ru-ru\LXKPTPRC.DLL.mui

2011-01-06 00:46:22 -------- d-----w- c:\windows\system32\es

2011-01-06 00:46:22 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES

2011-01-06 00:46:22 -------- d-----w- c:\windows\system32\0C0A

2011-01-06 00:46:21 -------- d-----w- c:\windows\system32\drivers\es-ES

2011-01-06 00:46:18 -------- d-----w- c:\windows\system32\wbem\es-ES

2011-01-06 00:46:11 -------- d-----w- c:\windows\es-ES

2011-01-06 00:43:06 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\es-es\LXKPTPRC.DLL.mui

2011-01-06 00:41:23 -------- d-----w- c:\windows\system32\wbem\th-TH

2011-01-06 00:41:23 -------- d-----w- c:\windows\system32\drivers\th-TH

2011-01-06 00:41:20 -------- d-----w- c:\windows\th-TH

2011-01-06 00:37:32 -------- d-----w- c:\windows\ko-KR

2011-01-06 00:37:30 -------- d-----w- c:\windows\system32\drivers\umdf\ko-KR

2011-01-06 00:37:30 -------- d-----w- c:\windows\system32\drivers\ko-KR

2011-01-06 00:37:24 -------- d-----w- c:\windows\system32\ko

2011-01-06 00:37:22 -------- d-----w- c:\windows\system32\wbem\ko-KR

2011-01-06 00:34:42 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ko-kr\LXKPTPRC.DLL.mui

2011-01-06 00:34:38 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkor.dll

2011-01-06 00:34:38 13579776 ----a-w- c:\program files\common files\microsoft shared\ink\mshwkorr.dll

2011-01-06 00:33:11 -------- d-----w- c:\windows\fr-FR

2011-01-06 00:33:03 -------- d-----w- c:\windows\system32\fr

2011-01-06 00:33:03 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR

2011-01-06 00:33:03 -------- d-----w- c:\windows\system32\drivers\fr-FR

2011-01-06 00:33:03 -------- d-----w- c:\windows\system32\040C

2011-01-06 00:32:59 -------- d-----w- c:\windows\system32\wbem\fr-FR

2011-01-06 00:30:13 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\fr-fr\LXKPTPRC.DLL.mui

2011-01-06 00:28:20 -------- d-----w- c:\windows\system32\zh-CHS

2011-01-06 00:28:20 -------- d-----w- c:\windows\system32\drivers\zh-CN

2011-01-06 00:28:20 -------- d-----w- c:\windows\system32\drivers\umdf\zh-CN

2011-01-06 00:28:17 -------- d-----w- c:\windows\system32\wbem\zh-CN

2011-01-06 00:28:10 -------- d-----w- c:\windows\zh-CN

2011-01-06 00:25:26 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\zh-cn\LXKPTPRC.DLL.mui

2011-01-06 00:25:19 27136 ----a-w- c:\program files\common files\microsoft shared\ink\imchxlm.dll

2011-01-06 00:25:16 378368 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchs.dll

2011-01-06 00:25:16 12607488 ----a-w- c:\program files\common files\microsoft shared\ink\mshwchsr.dll

2011-01-06 00:20:25 3584 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\en-us\LXKPTPRC.DLL.mui

2010-12-23 15:56:50 507392 ----a-w- c:\windows\WU114789.exe

2010-12-17 15:04:09 -------- d-----w- c:\windows\ja-JP

2010-12-17 15:03:51 -------- d-----w- c:\windows\system32\ja

2010-12-17 15:03:51 -------- d-----w- c:\windows\system32\0411

2010-12-17 15:03:49 -------- d-----w- c:\windows\system32\drivers\umdf\ja-JP

2010-12-17 15:03:49 -------- d-----w- c:\windows\system32\drivers\ja-JP

2010-12-17 15:03:40 -------- d-----w- c:\windows\system32\wbem\ja-JP

2010-12-17 08:56:10 3072 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\ja-jp\LXKPTPRC.DLL.mui

2010-12-17 08:55:59 9728 ----a-w- c:\program files\common files\microsoft shared\ink\dicjp.dll

2010-12-17 08:55:59 377856 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpn.dll

2010-12-17 08:55:59 1179136 ----a-w- c:\program files\common files\microsoft shared\ink\imjplm.dll

2010-12-17 08:55:59 11507712 ----a-w- c:\program files\common files\microsoft shared\ink\mshwjpnr.dll

2010-12-17 08:55:45 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

2010-12-17 08:41:02 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-12-15 14:48:45 516096 ----a-w- c:\program files\windows mail\wab.exe

2010-12-15 14:48:45 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-12-15 14:48:45 294400 ----a-w- c:\windows\system32\atmfd.dll

2010-12-15 14:48:44 314368 ----a-w- c:\windows\system32\webio.dll

2010-12-15 14:48:36 101760 ----a-w- c:\windows\system32\consent.exe

2010-12-15 14:48:18 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-14 22:30:49 -------- d-----w- c:\program files\TibiaBot NG

2010-12-14 03:27:03 -------- d-----w- c:\users\w\appdata\local\LogMeIn Hamachi

2010-12-14 03:26:46 -------- d-----w- c:\program files\LogMeIn Hamachi

2010-12-14 02:32:23 -------- d-----w- c:\program files\Valve

2010-12-13 23:31:33 -------- d-----w- c:\users\w\appdata\roaming\mIRC

2010-12-13 23:31:33 -------- d-----w- c:\program files\mIRC

==================== Find3M ====================

2011-01-10 17:13:12 631808 ----a-w- c:\windows\MachineCore.dll

2010-12-23 17:21:43 627200 ---h--w- C:\One.dll

2010-12-23 17:21:43 627200 ---h--w- C:\Extras.dll

2010-12-23 17:21:43 627200 ---h--w- C:\Drop.dll

2010-12-23 17:21:43 627200 ---h--w- C:\Auto.dll

2010-11-24 16:03:36 2290176 ----a-w- c:\windows\IntelMon.exe

2010-11-22 22:30:45 3072 ----a-w- C:\unicows.dll

2010-11-12 21:27:49 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-12 21:27:49 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-11-12 20:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-11-08 09:55:39 34064 ----a-w- c:\windows\system32\lhacm.acm

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec

2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-10-30 02:28:59 86528 ----a-w- c:\windows\bnetunin.exe

2010-10-30 02:28:59 61440 ----a-w- c:\windows\diabunin.exe

2010-10-30 02:24:41 2829 ----a-w- c:\windows\DiabUnin.pif

2010-10-28 22:05:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2010-10-28 22:01:37 1 ----a-w- c:\windows\system32\SI.bin

2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

2010-10-26 20:32:43 2829 ----a-w- c:\windows\War3Unin.pif

2010-10-26 20:32:43 139264 ----a-w- c:\windows\War3Unin.exe

2010-10-19 12:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 19:11:41,71 ===============

Log Attach :

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 26/10/2010 08:36:06

System Uptime: 11/01/2011 17:33:14 (2 hours ago)

Motherboard: Foxconn | | G31MXP

Processor: Pentium® Dual-Core CPU E5400 @ 2.70GHz | Socket 775 | 2700/200mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 369,429 GiB free.

D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

==== System Restore Points ===================

RP54: 04/01/2011 14:52:49 - Windows Update

RP55: 05/01/2011 22:18:48 - Windows Update

RP56: 07/01/2011 13:05:03 - Windows Update

RP57: 08/01/2011 22:01:17 - Windows Update

RP58: 11/01/2011 18:49:03 - Installed HiJackThis

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.1 - Português

Arquivo do WinRAR

Ask Toolbar

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Audacity 1.3.12 (Unicode)

avast! Free Antivirus

Barra do Bing

Battle.net

Bing Bar Platform

Chronicles RF

Controle ActiveX do Windows Live Mesh para Conexões Remotas

D3DX10

Diablo

English on CD-ROM

Garena 2010

GhostMouse 2.0

Guitar Pro 5.2

HiJackThis

Intel® Graphics Media Accelerator Driver

Intel® TV Wizard

Java Auto Updater

Java 6 Update 23

JDownloader

kikin plugin 2.3

LogMeIn Hamachi

McAfee Security Scan Plus

Media Player Classic - Home Cinema v1.4.2499.0

Media Player Codec Pack 3.9.6

Messenger Plus! Live

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIRC

Miro

Mozilla Firefox (3.6.13)

MSVCRT

Nero 8 Essentials

Pando Media Booster

Plants vs. Zombies

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RF Chronicles

RF Online Brasil

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Sitecom USB EasyCam VP-001

Skype Toolbars

Skype™ 5.0

System Requirements Lab CYRI

TeamSpeak 2 RC2

The KMPlayer (remove only)

Tibia

TibiaBot NG 5.0.2

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2466076)

VCRedistSetup

VMware Workstation

Warcraft III

Warcraft III: All Products

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

==== End Of File ===========================

Log gmer :

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-01-11 22:39:02

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 ST3500418AS rev.CC38

Running: gmer.exe; Driver: C:\Users\w\AppData\Local\Temp\uxldqpow.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DF919D2]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DF91B0C]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A49599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A6DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

? System32\Drivers\spno.sys O sistema não pode encontrar o caminho especificado. !

.text USBPORT.SYS!DllUnload 93C9CCA0 5 Bytes JMP 85DF34E0

? C:\Users\w\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1300] kernel32.dll!SetUnhandledExceptionFilter 75E03162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3104] kernel32.dll!SetUnhandledExceptionFilter 75E03162 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [888BB042] \SystemRoot\System32\Drivers\spno.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [888BB6D6] \SystemRoot\System32\Drivers\spno.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [888BB800] \SystemRoot\System32\Drivers\spno.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [888BB13E] \SystemRoot\System32\Drivers\spno.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84A671F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys

Device \Driver\volmgr \Device\VolMgrControl 84A631F8

Device \Driver\usbuhci \Device\USBPDO-0 85E83500

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys

Device \Driver\usbuhci \Device\USBPDO-1 85E83500

Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys

Device \Driver\usbuhci \Device\USBPDO-2 85E83500

Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-3 85E83500

Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys

Device \Driver\usbehci \Device\USBPDO-4 85E2F500

Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbhub \Device\00000070 hcmon.sys

Device \Driver\volmgr \Device\HarddiskVolume1 84A631F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000071 hcmon.sys

Device \Driver\volmgr \Device\HarddiskVolume2 84A631F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 85D271F8

Device \Driver\usbhub \Device\00000072 hcmon.sys

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84A651F8

Device \Driver\atapi \Device\Ide\IdePort0 84A651F8

Device \Driver\atapi \Device\Ide\IdePort1 84A651F8

Device \Driver\atapi \Device\Ide\IdePort2 84A651F8

Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3 84A651F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 85DE31F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{A9B8EFFD-6621-4B8B-BB11-359AA29AEB17} 85DE31F8

Device \Driver\usbuhci \Device\USBFDO-0 85E83500

Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys

Device \Driver\usbuhci \Device\USBFDO-1 85E83500

Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys

Device \Driver\usbhub \Device\0000006e hcmon.sys

Device \Driver\usbuhci \Device\USBFDO-2 85E83500

Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys

Device \Driver\usbhub \Device\0000006f hcmon.sys

Device \Driver\usbuhci \Device\USBFDO-3 85E83500

Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys

Device \Driver\usbehci \Device\USBFDO-4 85E2F500

Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x75 0xC1 0xB2 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2E 0x75 0xC1 0xB2 ...

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites
RenatoMejias    1.041

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Windows\WU114789.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
nandinemp    0
  • Autor do tópico
  • File name:

    WU114789.exe

    Submission date:

    2011-01-13 16:48:21 (UTC)

    Current status:

    queued (#22) queued (#22) analysing finished

    Result:

    20/ 43 (46.5%)

    VT Community

    not reviewed

    Safety score: -

    Compact

    Print results

    Antivirus Version Last Update Result

    AhnLab-V3 2011.01.13.00 2011.01.12 Trojan/Win32.Gen

    AntiVir 7.11.1.118 2011.01.13 -

    Antiy-AVL 2.0.3.7 2011.01.13 -

    Avast 4.8.1351.0 2011.01.13 -

    Avast5 5.0.677.0 2011.01.13 -

    AVG 10.0.0.1190 2011.01.13 -

    BitDefender 7.2 2011.01.13 Trojan.Generic.5238790

    CAT-QuickHeal 11.00 2011.01.13 -

    ClamAV 0.96.4.0 2011.01.13 -

    Command 5.2.11.5 2011.01.13 -

    Comodo 7381 2011.01.13 TrojWare.Win32.TrojanDownloader.Dadobra.~J3

    DrWeb 5.0.2.03300 2011.01.13 BackDoor.Sturf.161

    Emsisoft 5.1.0.1 2011.01.13 Trojan-Downloader.Win32.Delf.kc!IK

    eSafe 7.0.17.0 2011.01.13 -

    eTrust-Vet 36.1.8097 2011.01.13 -

    F-Prot 4.6.2.117 2011.01.13 -

    F-Secure 9.0.16160.0 2011.01.13 Trojan.Generic.5238790

    Fortinet 4.2.254.0 2011.01.13 W32/Banc.C!tr

    GData 21 2011.01.13 Trojan.Generic.5238790

    Ikarus T3.1.1.97.0 2011.01.13 Trojan-Downloader.Win32.Delf.kc

    Jiangmin 13.0.900 2011.01.13 -

    K7AntiVirus 9.75.3535 2011.01.13 -

    Kaspersky 7.0.0.125 2011.01.13 -

    McAfee 5.400.0.1158 2011.01.13 Generic.dx!vkt

    McAfee-GW-Edition 2010.1C 2011.01.13 Generic.dx!vkt

    Microsoft 1.6402 2011.01.13 -

    NOD32 5784 2011.01.13 -

    Norman 6.06.12 2011.01.13 -

    nProtect 2011-01-13.01 2011.01.13 Trojan.Generic.5238790

    Panda 10.0.2.7 2011.01.12 -

    PCTools 7.0.3.5 2011.01.13 Trojan.Gen

    Prevx 3.0 2011.01.13 High Risk Cloaked Malware

    Rising 22.82.03.04 2011.01.13 -

    Sophos 4.61.0 2011.01.13 Mal/Banc-C

    SUPERAntiSpyware 4.40.0.1006 2011.01.13 -

    Symantec 20101.3.0.103 2011.01.13 Trojan.Gen.2

    TheHacker 6.7.0.1.114 2011.01.13 -

    TrendMicro 9.120.0.1004 2011.01.13 TROJ_GEN.R3EC3A8

    TrendMicro-HouseCall 9.120.0.1004 2011.01.13 TROJ_GEN.R3EC3A8

    VBA32 3.12.14.2 2011.01.13 BScope.Trojan.Banker

    VIPRE 8060 2011.01.13 Trojan.Win32.Generic!BT

    ViRobot 2011.1.13.4252 2011.01.13 -

    VirusBuster 13.6.143.1 2011.01.13 -

    Additional information

    Show all

    MD5 : 218b4030c490936acadb1bcf64dc58bf

    SHA1 : 107d671258a2fc480f280163964e4ac9cbbbbae1

    SHA256: c31abfefaa5d43305a5f4a4623c55e768fa16e2a9bae6569c27991ef3bcf2fa4

    ssdeep: 12288:15fSjk/IAVyLcx6FoUP+fM2YmAinnskT:vqjOV8cxJUmbpnnsk

    File size : 507392 bytes

    First seen: 2010-12-14 03:39:01

    Last seen : 2011-01-13 16:48:21

    TrID:

    Win32 Executable Borland Delphi 7 (66.2%)

    Win32 Executable Borland Delphi 6 (25.9%)

    Win32 EXE PECompact compressed (generic) (4.1%)

    Win32 Executable Delphi generic (1.4%)

    Win32 Executable Generic (0.8%)

    sigcheck:

    publisher....: n/a

    copyright....: n/a

    product......: n/a

    description..: n/a

    original name: n/a

    internal name: n/a

    file version.: n/a

    comments.....: n/a

    signers......: -

    signing date.: -

    verified.....: Unsigned

    PEiD: BobSoft Mini Delphi -> BoB / BobSoft

    PEInfo: PE structure information

    [[ basic data ]]

    entrypointaddress: 0x69154

    timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992)

    machinetype......: 0x14c (I386)

    [[ 8 section(s) ]]

    name, viradd, virsiz, rawdsiz, ntropy, md5

    CODE, 0x1000, 0x6819C, 0x68200, 6.51, 0c19630f754f87b17d88db65027ae3a8

    DATA, 0x6A000, 0x1C48, 0x1E00, 4.32, 246039bac10738558beb5c94d4fdfd3c

    BSS, 0x6C000, 0xEF5, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

    .idata, 0x6D000, 0x20B2, 0x2200, 4.93, 75c915e7df81878e15cd936882711cb4

    .tls, 0x70000, 0x10, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e

    .rdata, 0x71000, 0x18, 0x200, 0.16, c92dfc0ca3f0fca7394aa10658025283

    .reloc, 0x72000, 0x8390, 0x8400, 6.64, c1d8c487d2ecccada1707e4f50428d19

    .rsrc, 0x7B000, 0x7200, 0x7200, 4.32, 4f093eeaf0024d3021f6bf4d30ab1808

    [[ 13 import(s) ]]

    kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle

    user32.dll: GetKeyboardType, LoadStringA, MessageBoxA, CharNextA

    advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

    oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen

    kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA

    advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey

    kernel32.dll: lstrcpyA, WriteFile, WinExec, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetExitCodeThread, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle

    version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA

    gdi32.dll: UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt

    user32.dll: CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout

    kernel32.dll: Sleep

    oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit

    comctl32.dll: ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

    Prevx Info:

    http://info.prevx.com/aboutprogramtext.asp?PX5=397EA559002D5D65BED907991B891E00FCB2EC0E

    ExifTool:

    file metadata

    CodeSize: 426496

    EntryPoint: 0x69154

    FileSize: 496 kB

    FileType: Win32 EXE

    ImageVersion: 0.0

    InitializedDataSize: 79872

    LinkerVersion: 2.25

    MIMEType: application/octet-stream

    MachineType: Intel 386 or later, and compatibles

    OSVersion: 4.0

    PEType: PE32

    Subsystem: Windows GUI

    SubsystemVersion: 4.0

    TimeStamp: 1992:06:20 00:22:17+02:00

    UninitializedDataSize: 0

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Leia as instruções contidas neste link:

    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

    1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

    [*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

    • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
    • Clique em "OK" ao EULA.
    • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

    [*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

    NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

    NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

    • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
    • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
    • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    nandinemp    0
  • Autor do tópico
  • ComboFix 11-01-13.01 - w 14/01/2011 14:01:19.1.2 - x86

    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.2037.1037 [GMT -2:00]

    Executando de: c:\users\w\Desktop\ComboFix.exe

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-12-14 to 2011-01-14 ))))))))))))))))))))))))))))

    .

    2011-01-14 17:54 . 2011-01-14 17:54 -------- d-----w- c:\users\Default\AppData\Local\temp

    2011-01-11 20:50 . 2011-01-11 20:50 388096 ----a-r- c:\users\w\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2011-01-11 20:50 . 2011-01-11 20:50 -------- d-----w- c:\program files\Trend Micro

    2011-01-09 20:51 . 2011-01-10 17:13 505344 ----a-w- c:\windows\PCheatsTrainer.exe

    2011-01-09 00:03 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D0DC4AA1-BEEE-4C4B-8462-DC0CA53F7DF8}\mpengine.dll

    2011-01-08 18:40 . 2011-01-08 18:40 -------- d-----w- c:\programdata\PopCap Games

    2011-01-08 18:40 . 2011-01-08 18:40 -------- d-----w- c:\program files\PopCap Games

    2011-01-06 12:17 . 2011-01-06 12:17 -------- d-----w- C:\GMouse20

    2011-01-06 12:17 . 1996-01-09 12:38 283648 ----a-w- c:\windows\uninst.exe

    2011-01-06 00:56 . 2011-01-06 00:56 -------- d-----w- c:\windows\pt-PT

    2011-01-06 00:56 . 2011-01-06 00:56 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT

    2011-01-06 00:56 . 2011-01-06 00:56 -------- d-----w- c:\windows\system32\drivers\pt-PT

    2011-01-06 00:56 . 2011-01-06 00:56 -------- d-----w- c:\windows\system32\wbem\pt-PT

    2011-01-06 00:56 . 2011-01-06 00:56 -------- d-----w- c:\windows\system32\pt

    2011-01-06 00:53 . 2009-07-13 20:38 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LXKPTPRC.DLL.mui

    2011-01-06 00:51 . 2011-01-06 00:51 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU

    2011-01-06 00:51 . 2011-01-06 00:51 -------- d-----w- c:\windows\system32\drivers\ru-RU

    2011-01-06 00:51 . 2011-01-06 00:51 -------- d-----w- c:\windows\system32\ru

    2011-01-06 00:51 . 2011-01-06 00:51 -------- d-----w- c:\windows\system32\wbem\ru-RU

    2011-01-06 00:50 . 2011-01-06 00:50 -------- d-----w- c:\windows\ru-RU

    2011-01-06 00:47 . 2009-07-13 20:44 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ru-RU\LXKPTPRC.DLL.mui

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\system32\es

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\system32\0C0A

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\system32\drivers\es-ES

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\system32\wbem\es-ES

    2011-01-06 00:46 . 2011-01-06 00:46 -------- d-----w- c:\windows\es-ES

    2011-01-06 00:43 . 2009-07-13 20:37 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\es-ES\LXKPTPRC.DLL.mui

    2011-01-06 00:41 . 2011-01-06 00:41 -------- d-----w- c:\windows\system32\wbem\th-TH

    2011-01-06 00:41 . 2011-01-06 00:41 -------- d-----w- c:\windows\system32\drivers\th-TH

    2011-01-06 00:41 . 2011-01-06 00:41 -------- d-----w- c:\windows\th-TH

    2011-01-06 00:37 . 2011-01-06 00:37 -------- d-----w- c:\windows\ko-KR

    2011-01-06 00:37 . 2011-01-06 00:37 -------- d-----w- c:\windows\system32\drivers\ko-KR

    2011-01-06 00:37 . 2011-01-06 00:37 -------- d-----w- c:\windows\system32\drivers\UMDF\ko-KR

    2011-01-06 00:37 . 2011-01-06 00:37 -------- d-----w- c:\windows\system32\ko

    2011-01-06 00:37 . 2011-01-06 00:37 -------- d-----w- c:\windows\system32\wbem\ko-KR

    2011-01-06 00:34 . 2009-07-13 21:58 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ko-KR\LXKPTPRC.DLL.mui

    2011-01-06 00:34 . 2009-07-13 20:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkor.dll

    2011-01-06 00:34 . 2009-07-13 20:07 13579776 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwkorr.dll

    2011-01-06 00:33 . 2011-01-06 00:33 -------- d-----w- c:\windows\fr-FR

    2011-01-06 00:33 . 2011-01-06 00:33 -------- d-----w- c:\windows\system32\fr

    2011-01-06 00:33 . 2011-01-06 00:33 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR

    2011-01-06 00:33 . 2011-01-06 00:33 -------- d-----w- c:\windows\system32\drivers\fr-FR

    2011-01-06 00:33 . 2011-01-06 00:33 -------- d-----w- c:\windows\system32\040C

    2011-01-06 00:32 . 2011-01-06 00:32 -------- d-----w- c:\windows\system32\wbem\fr-FR

    2011-01-06 00:30 . 2009-07-13 20:38 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\fr-FR\LXKPTPRC.DLL.mui

    2011-01-06 00:28 . 2011-01-06 00:28 -------- d-----w- c:\windows\system32\zh-CHS

    2011-01-06 00:28 . 2011-01-06 00:28 -------- d-----w- c:\windows\system32\drivers\zh-CN

    2011-01-06 00:28 . 2011-01-06 00:28 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN

    2011-01-06 00:28 . 2011-01-06 00:28 -------- d-----w- c:\windows\system32\wbem\zh-CN

    2011-01-06 00:28 . 2011-01-06 00:28 -------- d-----w- c:\windows\zh-CN

    2011-01-06 00:25 . 2009-07-13 21:51 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\zh-CN\LXKPTPRC.DLL.mui

    2011-01-06 00:25 . 2009-07-13 20:15 27136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imchxlm.dll

    2011-01-06 00:25 . 2009-07-13 20:15 378368 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchs.dll

    2011-01-06 00:25 . 2009-07-13 20:06 12607488 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwchsr.dll

    2011-01-06 00:20 . 2009-07-13 20:03 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\en-US\LXKPTPRC.DLL.mui

    2010-12-23 15:56 . 2010-12-23 15:56 507392 ----a-w- c:\windows\WU114789.exe

    2010-12-17 15:04 . 2010-12-17 15:04 -------- d-----w- c:\windows\ja-JP

    2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\system32\ja

    2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\system32\0411

    2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\system32\drivers\ja-JP

    2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

    2010-12-17 15:03 . 2010-12-17 15:03 -------- d-----w- c:\windows\system32\wbem\ja-JP

    2010-12-17 08:56 . 2009-07-13 21:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui

    2010-12-17 08:55 . 2009-07-13 20:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll

    2010-12-17 08:55 . 2009-07-13 20:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll

    2010-12-17 08:55 . 2009-07-13 20:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll

    2010-12-17 08:55 . 2009-07-13 20:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll

    2010-12-17 08:55 . 2009-07-13 20:16 266240 ----a-w- c:\windows\system32\lzhfldr2.dll

    2010-12-17 08:41 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2011-01-12 01:07 . 2010-11-08 11:17 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

    2011-01-10 17:13 . 2010-12-12 09:03 631808 ----a-w- c:\windows\MachineCore.dll

    2010-12-23 17:21 . 2010-11-27 10:41 627200 ---h--w- C:\One.dll

    2010-12-23 17:21 . 2010-11-27 10:41 627200 ---h--w- C:\Extras.dll

    2010-12-23 17:21 . 2010-11-27 10:41 627200 ---h--w- C:\Drop.dll

    2010-12-23 17:21 . 2010-11-27 10:41 627200 ---h--w- C:\Auto.dll

    2010-11-25 08:08 . 2010-11-25 08:08 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

    2010-11-24 16:03 . 2010-11-27 02:46 2290176 ----a-w- c:\windows\IntelMon.exe

    2010-11-22 22:30 . 2010-11-22 22:29 3072 ----a-w- C:\unicows.dll

    2010-11-12 21:27 . 2003-03-18 22:14 499712 ----a-w- c:\windows\system32\msvcp71.dll

    2010-11-12 21:27 . 2003-02-21 06:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

    2010-11-12 20:53 . 2010-10-31 07:40 472808 ----a-w- c:\windows\system32\deployJava1.dll

    2010-11-08 10:15 . 2010-11-08 10:15 578880 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

    2010-11-08 09:55 . 2010-11-08 09:55 34064 ----a-w- c:\windows\system32\lhacm.acm

    2010-11-04 05:52 . 2010-12-15 14:49 978944 ----a-w- c:\windows\system32\wininet.dll

    2010-11-04 05:48 . 2010-12-15 14:49 44544 ----a-w- c:\windows\system32\licmgr10.dll

    2010-11-04 04:41 . 2010-12-15 14:49 386048 ----a-w- c:\windows\system32\html.iec

    2010-11-04 04:08 . 2010-12-15 14:49 1638912 ----a-w- c:\windows\system32\mshtml.tlb

    2010-11-02 04:41 . 2010-12-15 14:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

    2010-11-02 04:40 . 2010-12-15 14:49 496128 ----a-w- c:\windows\system32\taskschd.dll

    2010-11-02 04:40 . 2010-12-15 14:49 305152 ----a-w- c:\windows\system32\taskcomp.dll

    2010-11-02 04:39 . 2010-12-15 14:49 749056 ----a-w- c:\windows\system32\schedsvc.dll

    2010-11-02 04:34 . 2010-12-15 14:49 192000 ----a-w- c:\windows\system32\taskeng.exe

    2010-11-02 04:34 . 2010-12-15 14:49 179712 ----a-w- c:\windows\system32\schtasks.exe

    2010-10-30 02:28 . 2010-10-30 02:01 86528 ----a-w- c:\windows\bnetunin.exe

    2010-10-30 02:28 . 2010-10-30 02:01 61440 ----a-w- c:\windows\diabunin.exe

    2010-10-30 02:24 . 2010-10-30 02:02 2829 ----a-w- c:\windows\DiabUnin.pif

    2010-10-30 02:06 . 2010-10-30 02:06 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

    2010-10-28 22:05 . 2010-10-28 22:05 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

    2010-10-27 04:32 . 2010-12-15 14:49 2048 ----a-w- c:\windows\system32\tzres.dll

    2010-10-26 20:32 . 2010-10-26 20:31 2829 ----a-w- c:\windows\War3Unin.pif

    2010-10-26 20:32 . 2010-10-26 20:31 139264 ----a-w- c:\windows\War3Unin.exe

    2010-10-20 04:54 . 2010-12-15 14:48 34304 ----a-w- c:\windows\system32\atmlib.dll

    2010-10-20 03:00 . 2010-12-15 14:48 2327552 ----a-w- c:\windows\system32\win32k.sys

    2010-10-20 02:58 . 2010-12-15 14:48 294400 ----a-w- c:\windows\system32\atmfd.dll

    2010-10-19 12:41 . 2010-10-26 12:57 222080 ------w- c:\windows\system32\MpSigStub.exe

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

    2010-09-29 00:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]

    2010-11-12 16:51 917744 ----a-w- c:\program files\kikin\ie_kikin.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

    "Windows Updating"="c:\windows\WU114789.exe" [2010-12-23 507392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-10 2221352]

    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]

    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-12 274608]

    "IntelMonitor"="c:\windows\IntelMon.exe" [2010-11-24 2290176]

    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

    c:\users\w\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Registration Heroes of Might & Magic 5.LNK - c:\program files\Ubisoft\Heroes of Might and Magic V\registration\RegistrationReminder.exe [N/A]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]

    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2010-10-11 4172888]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-30 691696]

    S1 aswSP;aswSP; [x]

    S2 aswFsBlk;aswFsBlk; [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]

    S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]

    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2009-10-22 70704]

    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

    --- =Outros Serviços/Drivers Na Memória ---

    *Deregistered* - dump_wmimmc

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.perucheats.com

    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll

    LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll

    FF - ProfilePath - c:\users\w\AppData\Roaming\Mozilla\Firefox\Profiles\w3rejqgw.default\

    FF - prefs.js: browser.startup.homepage - hxxp://pt-BR.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:pt-BR:official

    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

    FF - Ext: PandoraTV Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    HKCU-Run-setup-5.0.2.exe - c:\users\w\setup-5.0.2.exe

    AddRemove-Chronicles RF - c:\rf online\Uninstal.exe

    AddRemove-RF Chronicles - c:\rfunleashed\Uninstal.exe

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

    "ImagePath"="c:\windows\system32\GameMon.des -service"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2011-01-14 15:56:23

    ComboFix-quarantined-files.txt 2011-01-14 17:56

    Pré-execução: 394.666.921.984 bytes disponíveis

    Pós execução: 400.329.474.048 bytes disponíveis

    - - End Of File - - 65502898D6B603ECAAD5AF3FE09454D6

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Você costuma jogar algum jogo online?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Esse arquivo que enviamos para análise, te é familiar? Como um cheating para jogos online?

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    nandinemp    0
  • Autor do tópico
  • Sim, eu me lembro dele tanto gm grand chase quanto em tibia.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    RenatoMejias    1.041

    Ele é malicioso, você colocou sua segurança em risco para poder fazer "trapaças" em jogos online. Pelas nossas regras não ajudamos usuários que por conta própria colocam sua segurança em risco.

    Tópico fechado.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×