Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
samuelmachado

Análise de Log

Recommended Posts

Recentemente o antivirus acusou um trojan e não sei se ele foi eliminado de fato do computador. Seria possível algum analisar os logs a fim de ver para mim se ele foi eliminado de fato? Desde já agradeço. Muito obrigado.

obs: o scan com o "Gmer" nao gerou nenhum log.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 25/10/2011 20:04:37

System Uptime: 26/04/2012 13:54:59 (7 hours ago)

.

Motherboard: MEGAWARE | | MW-H61H2-M2

Processor: Intel® Core i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/400mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 40 GiB total, 6,429 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 215 GiB total, 204,713 GiB free.

F: is FIXED (NTFS) - 211 GiB total, 23,882 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: Áudio do vídeo Intel®

Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80862805&REV_1000\4&34A8E135&0&0301

Manufacturer: Intel® Corporation

Name: Áudio do vídeo Intel®

PNP Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2805&SUBSYS_80862805&REV_1000\4&34A8E135&0&0301

Service: IntcDAud

.

==== System Restore Points ===================

.

RP136: 24/04/2012 14:29:51 - Windows Update

.

==== Installed Programs ======================

.

4shared Desktop

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 10 ActiveX

Adobe Reader X (10.1.1) - Português

Adobe Shockwave Player 11.5

Adobe Shockwave Player 11.6

AnyBizSoft PDF Converter (Build 2.5.0)

ArcSoft PhotoImpression 5

Avira AntiVir Premium

Biblioteca Autodidata versão Apostila CAIXA 2012

BitComet 1.29

Controle ActiveX do Windows Live Mesh para Conexões Remotas

ConvertXtoDVD 4.1.19.365

D3DX10

DAEMON Tools Lite

DeskPins (remove only)

DVD Shrink 3.2

EASEUS Partition Master 9.1.0 Home Edition

Free Download Manager 3.0

Google Earth

HP Deskjet 2050 J510 series Ajuda

HP Photo Creations

HP Update

ImgBurn

InkSaver

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

K-Lite Mega Codec Pack 8.6.0

Malwarebytes Anti-Malware versão 1.61.0.1400

Media Key

Mesh Runtime

Messenger Companion

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft WorldWide Telescope

mIRC

Mozilla Firefox 12.0 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Notepad++

Online Armor 5.1

Platform

Plugin Letras.mus.br 1.20

PrimoPDF -- brought to you by Nitro PDF Software

QuickTime

ratDVD 0.78.1444

Realtek High Definition Audio Driver

Rosetta Stone Version 3

RPG 2ic

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2478663)

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Skype™ 5.8

STK02N 2.3

StreamTorrent 1.0

Subtitle Workshop 2.51

swMSM

System Requirements Lab CYRI

Ultra Video Joiner 5.2.0603

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Vampire - The Masquerade Bloodlines

VIA Gerenciador de dispositivo de plataforma

VideoImpression

VobSub v2.23 (Remove Only)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinRAR 4.01 (32-bit)

XviD MPEG4 Video Codec (remove only)

Youtube Downloader HD v. 2.6

.

==== End Of File ===========================

---------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29

Run by Machados at 20:29:41 on 2012-04-26

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.6051.3079 [GMT -3:00]

.

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

FW: Online Armor Firewall *Disabled* {32E71E58-6AAE-2557-2ABD-EA739069CE41}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

F:\Program Files (x86)\Online Armor\OAcat.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Media Key\MagicKey.exe

C:\Windows\STK02N\STK02NM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Media Key\OSD.exe

C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

F:\Program Files (x86)\InkSaver\x86\ISApExtSvc32.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

F:\Program Files (x86)\InkSaver\ISApExtSvc64.exe

F:\Program Files (x86)\InkSaver\InkSaver.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\QuickTime\qttask.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

F:\Program Files (x86)\mIRC\mirc.exe

F:\Program Files (x86)\DeskPins\DeskPins.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.br/

uInternet Settings,ProxyOverride = local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [inkSaver.ApExt32] F:\Program Files (x86)\InkSaver\x86\ISApExtSvc32.exe

mRun: [inkSaver.ApExt64] F:\Program Files (x86)\InkSaver\ISApExtSvc64.exe

mRun: [inkSaver] F:\Program Files (x86)\InkSaver\InkSaver.exe hide

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun: [4shared Update] "F:\Program Files (x86)\4shared Desktop\checkUpdate.exe"

mRun: [Malwarebytes' Anti-Malware] "F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDIAK~1.LNK - C:\Program Files (x86)\Media Key\MagicKey.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STK02N~1.LNK - C:\Windows\STK02N\STK02NM.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Download All using 4shared Desktop - F:\Program Files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK

IE: &Download using 4shared Desktop - F:\Program Files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/mjss/MJSS.cab109791.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: Interfaces\{ECA78568-CF3C-4562-BA09-D594B76CBA1B} : NameServer = 187.86.128.99,187.86.128.100

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

{9030D464-4C02-4ABF-8ECC-5164760863C6}

{9FDDE16B-836F-4806-AB1F-1455CBEFF289}

{B4F3A835-0E21-4959-BA22-42B3008E02FF}

{CC59E0F9-7E43-44FA-9FAA-8377850BF205}

{DBC80044-A445-435b-BC74-9C25C1C588A9}

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [inkSaver.ApExt32] F:\Program Files (x86)\InkSaver\x86\ISApExtSvc32.exe

mRun-x64: [inkSaver.ApExt64] F:\Program Files (x86)\InkSaver\ISApExtSvc64.exe

mRun-x64: [inkSaver] F:\Program Files (x86)\InkSaver\InkSaver.exe hide

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime

mRun-x64: [4shared Update] "F:\Program Files (x86)\4shared Desktop\checkUpdate.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Machados\AppData\Roaming\Mozilla\Firefox\Profiles\e8fzdqcf.default\

FF - prefs.js: browser.startup.homepage - www.google.com.br

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Machados\AppData\Roaming\Mozilla\Firefox\Profiles\e8fzdqcf.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D}\plugins\npgbfnc_cef.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 OADevice;OADriver;C:\Windows\SysWOW64\drivers\OADriver.sys [2011-10-26 59176]

R1 OAmon;OAmon;C:\Windows\SysWOW64\drivers\OAmon.sys [2011-10-26 38064]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]

R2 AntiVirMailService;Avira AntiVir MailGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-11-22 340136]

R2 AntiVirSchedulerService;Avira AntiVir Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-11-22 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-11-22 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2011-11-22 428200]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-25 13336]

R2 MBAMService;MBAMService;F:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]

R2 OAcat;Online Armor Helper Service;F:\Program Files (x86)\Online Armor\oacat.exe [2011-11-1 207936]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-25 2656280]

R2 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\system32\viakaraokesrv.exe --> C:\Windows\system32\viakaraokesrv.exe [?]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 OAnet;OnlineArmor Service;C:\Windows\system32\DRIVERS\oanet.sys --> C:\Windows\system32\DRIVERS\oanet.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S1 oahlpXX;Online Armor helper driver;C:\Windows\SysWOW64\drivers\oahlp64.sys [2011-10-26 56648]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S2 SvcOnlineArmor;Online Armor;F:\Program Files (x86)\Online Armor\OAsrv.exe [2011-11-1 4363040]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]

S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248]

S3 DCamUSBSTK02N;Standard Camera;C:\Windows\System32\drivers\STK02NW2.sys [2012-3-28 101520]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-10-25 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-10-25 8456]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Inspeção de Rede da Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-26 18:00:15 -------- d-----w- C:\Users\Machados\AppData\Local\{53B3477A-AB5A-4F4E-9D0E-D3D6002F8D6E}

2012-04-26 18:00:03 -------- d-----w- C:\Users\Machados\AppData\Local\{C936A7B4-2E91-411B-8579-C64DF9E7C4A7}

2012-04-26 17:07:04 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E159DEEF-EB0C-4E9D-A807-44A4D5BCF7E3}\mpengine.dll

2012-04-26 05:59:22 -------- d-----w- C:\Users\Machados\AppData\Local\{3BB6ACEA-D99B-4ACB-A462-CE91D180403C}

2012-04-26 05:59:07 -------- d-----w- C:\Users\Machados\AppData\Local\{B2427AAE-BF66-47A6-BF13-47B15FC62064}

2012-04-25 19:48:56 -------- d-----w- C:\Users\Machados\AppData\Local\ratDVD

2012-04-25 17:48:02 -------- d-----w- C:\Users\Machados\AppData\Local\{D7889EC8-F57B-4606-BFC2-D543430ED7C8}

2012-04-25 17:47:41 -------- d-----w- C:\Users\Machados\AppData\Local\{A52375AA-FDA5-43EC-9940-3DF6469AB587}

2012-04-25 16:14:56 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-25 16:14:52 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-25 16:14:51 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-25 05:25:24 -------- d-----w- C:\Users\Machados\AppData\Local\{77314929-2FE9-48E5-8CC9-D7D8D3283AC8}

2012-04-25 05:25:12 -------- d-----w- C:\Users\Machados\AppData\Local\{536F45F9-94D9-406B-8043-A70A7DAC9E90}

2012-04-24 17:38:24 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-24 17:24:46 -------- d-----w- C:\Users\Machados\AppData\Local\{31055448-C0EE-4AD5-8674-A4536A39F7C3}

2012-04-24 17:24:33 -------- d-----w- C:\Users\Machados\AppData\Local\{83B3AE2B-B158-4206-986F-A619CC5F1CFD}

2012-04-24 03:45:00 -------- d-----w- C:\Users\Machados\AppData\Local\{478D515D-2E05-46FF-9224-7BCCB7832AA6}

2012-04-24 03:44:49 -------- d-----w- C:\Users\Machados\AppData\Local\{238A083F-A125-4B57-AB01-27FB341BCC82}

2012-04-23 15:44:22 -------- d-----w- C:\Users\Machados\AppData\Local\{1CE55768-DA7A-4DD0-BDEB-DAF277410423}

2012-04-23 15:43:54 -------- d-----w- C:\Users\Machados\AppData\Local\{831D442F-7B82-4C87-8421-3D7441F1F220}

2012-04-23 12:17:36 -------- d-----w- C:\Users\Machados\AppData\Local\{79B1D3A7-8589-4337-B5D5-B5E35FDA81C0}

2012-04-23 12:17:25 -------- d-----w- C:\Users\Machados\AppData\Local\{59AA55F9-95D6-45C7-B55C-C9C19CC81A18}

2012-04-22 21:02:22 -------- d-----w- C:\Users\Machados\AppData\Local\{A20E45FA-A976-44B7-B1E4-B021061D4C5E}

2012-04-22 21:02:09 -------- d-----w- C:\Users\Machados\AppData\Local\{1E6E0258-3D42-4CD2-81A3-1831AD25D9EA}

2012-04-22 15:04:35 -------- d-----w- C:\Users\Machados\AppData\Local\{86096BD1-29C8-49C9-B09B-B0DC84530ACF}

2012-04-22 15:04:22 -------- d-----w- C:\Users\Machados\AppData\Local\{9278D737-4926-48BD-B3AE-E18CABBF0247}

2012-04-22 02:29:58 -------- d-----w- C:\Users\Machados\AppData\Local\{6900FD1A-EBFF-47C5-9935-E37DAACE908A}

2012-04-22 02:29:44 -------- d-----w- C:\Users\Machados\AppData\Local\{8B7E0271-365C-4508-B206-C6983397CF5E}

2012-04-21 14:29:19 -------- d-----w- C:\Users\Machados\AppData\Local\{38CF9806-CA46-449C-AD58-B5663AFE65E1}

2012-04-21 14:29:06 -------- d-----w- C:\Users\Machados\AppData\Local\{BE8AD0F5-01B8-4ED4-8759-35BD341F6068}

2012-04-21 01:39:32 -------- d-----w- C:\Users\Machados\AppData\Local\{48F777B5-1777-4D74-949F-F799CBE7703A}

2012-04-21 01:39:11 -------- d-----w- C:\Users\Machados\AppData\Local\{FE93B4F4-9D9F-4B37-A739-14DCD877BF8F}

2012-04-20 13:38:41 -------- d-----w- C:\Users\Machados\AppData\Local\{7542129D-7C80-4BF7-807A-421AE1B0B0E3}

2012-04-20 13:38:29 -------- d-----w- C:\Users\Machados\AppData\Local\{D28096F8-3591-41EE-A371-D4A7530F4208}

2012-04-20 05:42:28 -------- d-----w- C:\Users\Machados\AppData\Local\{67E4E1F5-D426-42B5-8433-EC97D6C6C66F}

2012-04-19 16:55:07 -------- d-----w- C:\Users\Machados\AppData\Local\{F97CCBF4-7C16-4010-9E2D-32DE2F83D0AD}

2012-04-19 16:54:55 -------- d-----w- C:\Users\Machados\AppData\Local\{BFE77F03-C3B6-4C34-8DF2-7D0FD8B778B1}

2012-04-19 04:54:29 -------- d-----w- C:\Users\Machados\AppData\Local\{BDFA4035-D5D7-4145-B42B-C5F2916D50A1}

2012-04-19 04:54:17 -------- d-----w- C:\Users\Machados\AppData\Local\{0C1147DD-FD5C-4B63-9B0D-AA1161949A78}

2012-04-19 01:27:54 -------- d-----w- C:\Program Files\CCleaner

2012-04-18 22:08:20 -------- d-----w- C:\Users\Machados\AppData\Roaming\Moyea

2012-04-18 11:23:35 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

2012-04-18 11:23:35 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2012-04-18 11:23:35 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2012-04-18 11:23:32 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2012-04-18 11:23:29 79360 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2012-04-18 11:23:28 -------- d-----w- C:\Users\Machados\AppData\Roaming\AnvSoft

2012-04-18 10:51:55 -------- d-----w- C:\ProgramData\Boxtools

2012-04-18 10:50:07 -------- d-----w- C:\Program Files (x86)\Common Files\VisioForge Shared

2012-04-18 10:43:43 -------- d-----w- C:\Program Files (x86)\XviD

2012-04-18 02:52:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-18 02:52:05 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-18 02:52:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-18 02:52:04 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-18 02:52:04 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-18 02:52:04 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-18 02:52:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-15 22:10:43 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-04-15 16:59:28 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1e782b821cd1b2903\MeshBetaRemover.exe

2012-04-15 16:59:27 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1dfd2d551cd1b2902\DSETUP.dll

2012-04-15 16:59:27 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1dfd2d551cd1b2902\DXSETUP.exe

2012-04-15 16:59:27 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1dfd2d551cd1b2902\dsetup32.dll

2012-04-03 23:48:02 110592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\inkredist07-messbrasil\Setup.Exe

2012-03-30 03:07:33 1409 ----a-w- C:\Windows\QTFont.for

2012-03-28 12:33:17 106496 ----a-w- C:\Windows\System32\drivers\STK02NW2.sys

2012-03-28 12:33:16 33728 ----a-w- C:\Windows\SysWow64\drivers\STK02NW1.sys

2012-03-28 12:33:16 28416 ----a-w- C:\Windows\System32\drivers\STK02NW1.sys

2012-03-28 12:33:16 101520 ----a-w- C:\Windows\SysWow64\drivers\STK02NW2.sys

2012-03-28 12:33:15 40960 ----a-w- C:\Windows\SysWow64\STK02NP.ax

2012-03-28 12:33:14 -------- d-----w- C:\Windows\STK02N

2012-03-28 00:05:05 -------- d-----w- C:\Users\Machados\AppData\Local\QualityCapture

.

==================== Find3M ====================

.

2012-04-04 18:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-20 23:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys

2012-03-20 23:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys

2012-03-17 22:10:41 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-09 20:35:45 6688 ----a-w- C:\Windows\movexe.exe

2012-03-08 21:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 21:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-14 21:55:04 276248 ----a-w- C:\Windows\SysWow64\IntelCpHeciSvc.exe

2012-02-14 21:55:02 5886232 ----a-w- C:\Windows\System32\GfxUI.exe

2012-02-14 21:55:02 511768 ----a-w- C:\Windows\System32\igfxsrvc.exe

2012-02-14 21:55:02 440600 ----a-w- C:\Windows\System32\igfxpers.exe

2012-02-14 21:55:02 398616 ----a-w- C:\Windows\System32\hkcmd.exe

2012-02-14 21:55:02 250136 ----a-w- C:\Windows\System32\igfxext.exe

2012-02-14 21:55:02 184600 ----a-w- C:\Windows\System32\difx64.exe

2012-02-14 21:55:02 170264 ----a-w- C:\Windows\System32\igfxtray.exe

2012-02-14 21:53:26 90112 ----a-w- C:\Windows\System32\igfxCoIn_v2653.dll

2012-02-14 21:47:40 8086528 ----a-w- C:\Windows\System32\igdumd64.dll

2012-02-14 21:47:38 14692224 ----a-w- C:\Windows\System32\drivers\igdkmd64.sys

2012-02-14 21:47:06 963912 ----a-w- C:\Windows\SysWow64\igkrng600.bin

2012-02-14 21:47:06 963912 ----a-w- C:\Windows\System32\igkrng600.bin

2012-02-14 21:47:06 79360 ----a-w- C:\Windows\System32\igdde64.dll

2012-02-14 21:47:06 261208 ----a-w- C:\Windows\SysWow64\igfcg600m.bin

2012-02-14 21:47:06 261208 ----a-w- C:\Windows\System32\igfcg600m.bin

2012-02-14 21:44:54 6120960 ----a-w- C:\Windows\SysWow64\igdumd32.dll

2012-02-14 21:44:24 58880 ----a-w- C:\Windows\SysWow64\igdde32.dll

2012-02-14 21:42:58 9605632 ----a-w- C:\Windows\System32\igd10umd64.dll

2012-02-14 21:35:26 7794688 ----a-w- C:\Windows\SysWow64\igd10umd32.dll

2012-02-14 21:07:18 18125312 ----a-w- C:\Windows\System32\ig4icd64.dll

2012-02-14 20:59:56 13209600 ----a-w- C:\Windows\SysWow64\ig4icd32.dll

2012-02-14 20:56:42 110592 ----a-w- C:\Windows\System32\hccutils.dll

2012-02-14 20:56:34 9216 ----a-w- C:\Windows\System32\IGFXDEVLib.dll

2012-02-14 20:56:34 430080 ----a-w- C:\Windows\System32\igfxdev.dll

2012-02-14 20:56:34 172032 ----a-w- C:\Windows\System32\gfxSrvc.dll

2012-02-14 20:56:06 286208 ----a-w- C:\Windows\System32\igfxrenu.lrc

2012-02-14 20:56:04 142336 ----a-w- C:\Windows\System32\igfxdo.dll

2012-02-14 20:56:02 9007616 ----a-w- C:\Windows\System32\igfxress.dll

2012-02-14 20:55:06 25088 ----a-w- C:\Windows\SysWow64\igfxexps32.dll

2012-02-14 20:54:36 321024 ----a-w- C:\Windows\SysWow64\igfxdv32.dll

2012-02-14 20:53:08 524800 ----a-w- C:\Windows\System32\iglhsip64.dll

2012-02-14 20:53:08 519680 ----a-w- C:\Windows\SysWow64\iglhsip32.dll

2012-02-14 20:53:08 2967040 ----a-w- C:\Windows\System32\igfxcmjit64.dll

2012-02-14 20:53:08 237056 ----a-w- C:\Windows\SysWow64\igfxcmrt32.dll

2012-02-14 20:53:08 2321408 ----a-w- C:\Windows\SysWow64\igfxcmjit32.dll

2012-02-14 20:53:08 213504 ----a-w- C:\Windows\System32\iglhcp64.dll

2012-02-14 20:53:08 193024 ----a-w- C:\Windows\System32\igfxcmrt64.dll

2012-02-14 20:53:08 177152 ----a-w- C:\Windows\SysWow64\iglhcp32.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-01-08 21:54:12 8192 --sha-w- C:\Windows\SysWOW64\srvany.exe

.

============= FINISH: 20:30:08,16 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em File to upload coloque: C:\Windows\STK02N\STK02NM.exe

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Fiz o que me indicasse a apareceu a msg que segue abaixo:

    ---------------

    This file was already analysed by VirusTotal on 2012-04-27 04:35:05.

    Detection ratio: 0/42

    You can take a look at the last analysis or analyse it again now.

    ssdeep

    3072:ZFRoPRfVy7k6kqDG0om1pVIPAvKqYSoaMYvzNai:ZFRoPRWk6HspCv

    TrID

    Win32 Executable MS Visual C++ (generic) (65.2%)

    Win32 Executable Generic (14.7%)

    Win32 Dynamic Link Library (generic) (13.1%)

    Generic Win/DOS Executable (3.4%)

    DOS Executable Generic (3.4%)

    PEiD packer identifier

    Armadillo v1.71

    ExifTool

    SpecialBuild.............:

    CodeSize.................: 102400

    SubsystemVersion.........: 4.0

    Comments.................:

    InitializedDataSize......: 73728

    ImageVersion.............: 0.0

    ProductName..............: Syntek Camera

    FileVersionNumber........: 2.0.0.1

    UninitializedDataSize....: 0

    LanguageCode.............: English (U.S.)

    FileFlagsMask............: 0x003f

    CharacterSet.............: Unicode

    LinkerVersion............: 6.0

    OriginalFilename.........: STK02HM.exe

    PrivateBuild.............:

    MIMEType.................: application/octet-stream

    Subsystem................: Windows GUI

    FileVersion..............: 2.00.00.01

    TimeStamp................: 2007:03:21 11:50:09+01:00

    FileType.................: Win32 EXE

    PEType...................: PE32

    InternalName.............:

    ProductVersion...........: 1.00.00.01

    FileDescription..........: Syntek Monitor Application

    OSVersion................: 4.0

    FileOS...................: Win32

    LegalCopyright...........: Copyright © Syntek Ltd. 2007

    MachineType..............: Intel 386 or later, and compatibles

    CompanyName..............: Syntek Ltd.

    LegalTrademarks..........:

    FileSubtype..............: 0

    ProductVersionNumber.....: 1.0.0.1

    EntryPoint...............: 0x2dcf

    ObjectFileType...........: Executable application

    Sigcheck

    publisher................: Syntek Ltd.

    product..................: Syntek Camera

    internal name............:

    copyright................: Copyright © Syntek Ltd. 2007

    original name............: STK02HM.exe

    comments.................:

    file version.............: 2.00.00.01

    description..............: Syntek Monitor Application

    Portable Executable structural information

    Compilation timedatestamp.....: 2007-03-21 10:50:09

    Target machine................: 0x14C (Intel 386 or later processors and compatible processors)

    Entry point address...........: 0x00002DCF

    PE Sections...................:

    Name Virtual Address Virtual Size Raw Size Entropy MD5

    .text 4096 100082 102400 6.53 0bf4d47947729751b0d9c9b0998838d7

    .rdata 106496 22292 24576 4.51 f2de10bd9315ad7c53609de2b814ed21

    .data 131072 31464 16384 1.87 c1d6c9f6d2bd123c4932d69d504f683e

    .rsrc 163840 15376 16384 3.73 01f638b9fdd5df03cd4ff1647e7e2b02

    PE Imports....................:

    COMCTL32.dll

    GDI32.dll

    SaveDC, RestoreDC, SelectObject, GetStockObject, SetBkMode, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, CreateBitmap, DeleteObject, GetDeviceCaps, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, BitBlt, GetTextExtentPointA, PatBlt, GetObjectA, SetBkColor, SetTextColor, GetClipBox, DeleteDC, CreateCompatibleDC, CreateDIBitmap

    ADVAPI32.dll

    RegSetValueExA, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA, RegCloseKey

    KERNEL32.dll

    RtlUnwind, GetCurrentProcessId, GetStartupInfoA, GetCommandLineA, ExitProcess, RaiseException, HeapAlloc, HeapFree, TerminateProcess, HeapSize, HeapReAlloc, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, FlushFileBuffers, SetFilePointer, WriteFile, GetCurrentProcess, SetErrorMode, SizeofResource, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, lstrcpynA, LocalFree, WritePrivateProfileStringA, lstrlenA, GetModuleFileNameA, GlobalAlloc, lstrcmpA, GlobalFree, GlobalLock, GlobalUnlock, MulDiv, SetLastError, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GetProfileStringA, GlobalDeleteAtom, lstrcpyA, LoadLibraryA, InterlockedDecrement, FreeLibrary, InterlockedIncrement, GetCurrentThread, GetCurrentThreadId, GetLastError, GetACP, MultiByteToWideChar, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, CreateProcessA, GetVersionExA, lstrcmpiA, CloseHandle, GetModuleHandleA, GetProcAddress

    WINSPOOL.DRV

    ClosePrinter, DocumentPropertiesA, OpenPrinterA

    SHELL32.dll

    DragQueryFileA, DragFinish

    ole32.dll

    CoCreateInstance, CoUninitialize, CoInitialize

    SHLWAPI.dll

    StrStrIA

    USER32.dll

    IsDialogMessageA, SetWindowTextA, ShowWindow, IsWindowEnabled, GetNextDlgTabItem, EnableMenuItem, CheckMenuItem, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, LoadBitmapA, GetMenuCheckMarkDimensions, ClientToScreen, GetDC, ReleaseDC, GetWindowDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, CreateDialogIndirectParamA, GetActiveWindow, EndDialog, PostQuitMessage, ShowOwnedPopups, SetCursor, GetCursorPos, ValidateRect, TranslateMessage, GetMessageA, SetRectEmpty, LoadAcceleratorsA, TranslateAcceleratorA, ReleaseCapture, GetDesktopWindow, DestroyMenu, LoadMenuA, SetMenu, ReuseDDElParam, UnpackDDElParam, InvalidateRect, BringWindowToTop, GetClassNameA, PtInRect, GetSysColorBrush, LoadStringA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, EqualRect, DeferWindowPos, GetClientRect, BeginDeferWindowPos, CopyRect, EndDeferWindowPos, IsWindowVisible, GetSysColor, GetTopWindow, MessageBoxA, GetParent, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, SendMessageA, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, DispatchMessageA, wsprintfA, UnregisterClassA, HideCaret, ShowCaret, PeekMessageA, KillTimer, SetTimer, GetWindowThreadProcessId, PostMessageA, EnumWindows, UpdateWindow, EnableWindow, LoadCursorA, LoadIconA, SendDlgItemMessageA, MapWindowPoints, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, InflateRect, CharNextA, IsWindowUnicode, GetFocus

    OLEAUT32.dll

    PE Exports....................:

    Symantec Reputation

    Suspicious.Insight

    First seen by VirusTotal

    2008-05-07 21:45:55 UTC ( 3 anos, 11 meses ago )

    Last seen by VirusTotal

    2012-04-27 04:35:05 UTC ( 4 minutos ago )

    File names (max. 25)

    file-3106316_exe

    smona_f56ddf87e949660fa5af25c8a5816b35fe2561d245005c79504d93d74baf5c13.bin

    DPYWRSXBBL-570.pms.exe.SVD

    STK02NM.exe

    D88D63B10087F052800E028005747F00C4D3F56A.exe

    stk02nm.exe

    file-403643_exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Baixe o Kaspersky AVP Tool de um desses 2 links:

    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

    http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

    Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

    Informe seu email depois clique no botão Submit Form.

    A página será recarregada. Clique no botão Download

    Salve-o em sua área de trabalho.

    Execute o arquivo e aguarde a instalação.

    ** Usuários do Windows Vista e Windows 7:

    Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador
    • Disco local (C:)

    Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

    KRT_install2_.png

    De volta à tela inicial do programa, clique no botão Start scanning

    Tenha paciência, é um pouco demorado.

    Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

    Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

    Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

    De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

    Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

    Escolha um local de fácil acesso e salve como log.txt

    Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

    Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

    Para sair do programa, basta clicar no X no canto superior direito.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×