Code : rOG3df1KKJr6dl/AQTpgd16ZbfLfBacviYQRgwEGH+yNjgsuKt/hoA==

프로그램분석

Code : rOG3df1KKJr6dl/AQTpgd16ZbfLfBacviYQRgwEGH+yNjgsuKt/hoA==

프로세스 천국 2013. 8. 1. 14:03

[00-PROCESS]**AdobeARM -/- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[00-PROCESS]**alg -/- C:\WINDOWS\System32\alg.exe
[00-PROCESS]**ASCService -/- C:\Arquivos de programas\IObit\Advanced SystemCare 5\ASCService.exe
[00-PROCESS]**ASCTray -/- C:\Arquivos de programas\IObit\Advanced SystemCare 5\ASCTray.exe
[00-PROCESS]**aspnet_state -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
[00-PROCESS]**avp -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
[00-PROCESS]**chrome -/- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
[00-PROCESS]**cisvc -/- C:\WINDOWS\system32\cisvc.exe
[00-PROCESS]**clipsrv -/- C:\WINDOWS\system32\clipsrv.exe
[00-PROCESS]**ctfmon -/- C:\WINDOWS\system32\ctfmon.exe
[00-PROCESS]**dllhost -/- C:\WINDOWS\system32\dllhost.exe
[00-PROCESS]**dmadmin -/- C:\WINDOWS\System32\dmadmin.exe
[00-PROCESS]**DTAgent -/- C:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe
[00-PROCESS]**DTShellHlp -/- C:\Arquivos de programas\DAEMON Tools Pro\DTShellHlp.exe
[00-PROCESS]**explorer -/- C:\WINDOWS\explorer.exe
[00-PROCESS]**FacebookUpdate -/- C:\Documents and Settings\Administrator\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
[00-PROCESS]**FNPLicensingService -/- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[00-PROCESS]**GoogleUpdate -/- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
[00-PROCESS]**hkcmd -/- C:\WINDOWS\system32\hkcmd.exe
[00-PROCESS]**IDMan -/- C:\Arquivos de programas\Internet Download Manager\IDMan.exe
[00-PROCESS]**IEMonitor -/- C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe
[00-PROCESS]**igfxpers -/- C:\WINDOWS\system32\igfxpers.exe
[00-PROCESS]**igfxsrvc -/- C:\WINDOWS\system32\igfxsrvc.exe
[00-PROCESS]**igfxtray -/- C:\WINDOWS\system32\igfxtray.exe
[00-PROCESS]**imapi -/- C:\WINDOWS\system32\imapi.exe
[00-PROCESS]**infocard -/- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
[00-PROCESS]**klwtblfs -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
[00-PROCESS]**locator -/- C:\WINDOWS\system32\locator.exe
[00-PROCESS]**lsass -/- C:\WINDOWS\system32\lsass.exe
[00-PROCESS]**maintenanceservice -/- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
[00-PROCESS]**mDNSResponder -/- C:\Arquivos de programas\Bonjour\mDNSResponder.exe
[00-PROCESS]**mnmsrvc -/- C:\WINDOWS\system32\mnmsrvc.exe
[00-PROCESS]**mscorsvw -/- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00-PROCESS]**mscorsvw -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00-PROCESS]**msdtc -/- C:\WINDOWS\system32\msdtc.exe
[00-PROCESS]**msiexec -/- C:\WINDOWS\system32\msiexec.exe
[00-PROCESS]**muaway -/- C:\Arquivos de programas\MuAwaY\muaway.exe
[00-PROCESS]**NBService -/- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
[00-PROCESS]**NeroCheck -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[00-PROCESS]**netdde -/- C:\WINDOWS\system32\netdde.exe
[00-PROCESS]**NMBgMonitor -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[00-PROCESS]**NMIndexingService -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
[00-PROCESS]**NMIndexStoreSvr -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
[00-PROCESS]**PresentationFontCache -/- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[00-PROCESS]**rsvp -/- C:\WINDOWS\system32\rsvp.exe
[00-PROCESS]**RTHDCPL -/- C:\WINDOWS\RTHDCPL.EXE
[00-PROCESS]**SCardSvr -/- C:\WINDOWS\System32\SCardSvr.exe
[00-PROCESS]**services -/- C:\WINDOWS\system32\services.exe
[00-PROCESS]**sessmgr -/- C:\WINDOWS\system32\sessmgr.exe
[00-PROCESS]**smlogsvc -/- C:\WINDOWS\system32\smlogsvc.exe
[00-PROCESS]**smss -/- C:\WINDOWS\System32\smss.exe
[00-PROCESS]**SMSvcHost -/- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[00-PROCESS]**spoolsv -/- C:\WINDOWS\system32\spoolsv.exe
[00-PROCESS]**svchost -/- C:\WINDOWS\system32\svchost.exe
[00-PROCESS]**tlntsvr -/- C:\WINDOWS\system32\tlntsvr.exe
[00-PROCESS]**Updater -/- C:\Arquivos de programas\Skype\Updater\Updater.exe
[00-PROCESS]**ups -/- C:\WINDOWS\System32\ups.exe
[00-PROCESS]**vssvc -/- C:\WINDOWS\System32\vssvc.exe
[00-PROCESS]**winlogon -/- C:\WINDOWS\system32\winlogon.exe
[00-PROCESS]**wmiapsrv -/- C:\WINDOWS\system32\wbem\wmiapsrv.exe
[00-PROCESS]**WMPNetwk -/- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe
[00-PROCESS]**WPFFontCache_v0400 -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[00-PROCESS]**wscntfy -/- C:\WINDOWS\system32\wscntfy.exe
[01-HKCUREG]**Adobe ARM -/- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[01-HKCUREG]**Advanced SystemCare 5 -/- C:\Arquivos de programas\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart
[01-HKCUREG]**Alcmtr -/- ALCMTR.EXE
[01-HKCUREG]**AVP -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
[01-HKCUREG]**BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[01-HKCUREG]**CTFMON.EXE -/- C:\WINDOWS\system32\ctfmon.exe
[01-HKCUREG]**DAEMON Tools Pro Agent -/- C:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe -autorun
[01-HKCUREG]**EArquivosdep0 -/- C:\Arquivos de programas\ViaVoice\bin\prtStart.exe 10 42 8 09 2013 C:\Arquivos de programas\ViaVoice\bin\PRTIBM.exe /splashDelay=3
[01-HKCUREG]**Facebook Update -/- C:\Documents and Settings\Administrator\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
[01-HKCUREG]**HotKeysCmds -/- C:\WINDOWS\system32\hkcmd.exe
[01-HKCUREG]**IDMan -/- C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
[01-HKCUREG]**IgfxTray -/- C:\WINDOWS\system32\igfxtray.exe
[01-HKCUREG]**NeroFilterCheck -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[01-HKCUREG]**Persistence -/- C:\WINDOWS\system32\igfxpers.exe
[01-HKCUREG]**RTHDCPL -/- RTHDCPL.EXE
[01-HKCUREG]**SkyTel -/- SkyTel.EXE
[02-HKLMREG]**Adobe ARM -/- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe
[02-HKLMREG]**Advanced SystemCare 5 -/- C:\Arquivos de programas\IObit\Advanced SystemCare 5\ASCTray.exe /AutoStart
[02-HKLMREG]**Alcmtr -/- ALCMTR.EXE
[02-HKLMREG]**AVP -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
[02-HKLMREG]**BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
[02-HKLMREG]**CTFMON.EXE -/- C:\WINDOWS\system32\ctfmon.exe
[02-HKLMREG]**DAEMON Tools Pro Agent -/- C:\Arquivos de programas\DAEMON Tools Pro\DTAgent.exe -autorun
[02-HKLMREG]**EArquivosdep0 -/- C:\Arquivos de programas\ViaVoice\bin\prtStart.exe 10 42 8 09 2013 C:\Arquivos de programas\ViaVoice\bin\PRTIBM.exe /splashDelay=3
[02-HKLMREG]**Facebook Update -/- C:\Documents and Settings\Administrator\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
[02-HKLMREG]**HotKeysCmds -/- C:\WINDOWS\system32\hkcmd.exe
[02-HKLMREG]**IDMan -/- C:\Arquivos de programas\Internet Download Manager\IDMan.exe /onboot
[02-HKLMREG]**IgfxTray -/- C:\WINDOWS\system32\igfxtray.exe
[02-HKLMREG]**NeroFilterCheck -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
[02-HKLMREG]**Persistence -/- C:\WINDOWS\system32\igfxpers.exe
[02-HKLMREG]**RTHDCPL -/- RTHDCPL.EXE
[02-HKLMREG]**SkyTel -/- SkyTel.EXE
[03-BHOCLSD]**Content Blocker Plugin -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll -/- {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}
[03-BHOCLSD]**IDM integration (IDMIEHlprObj Class) -/- C:\Arquivos de programas\Internet Download Manager\IDMIECC.dll -/- {0055C089-8582-441B-A0BF-17B458C2A3A8}
[03-BHOCLSD]**Safe Money Plugin -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll -/- {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}
[03-BHOCLSD]**URL Advisor Plugin -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll -/- {E33CF602-D945-461A-83F0-819F76A199F8}
[03-BHOCLSD]**Virtual Keyboard Plugin -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll -/- {73455575-E40C-433C-9784-C78DC7761455}
[05-SERVICE]**AdvancedSystemCareService5 -/- Advanced SystemCare Service 5 -/- C:\Arquivos de programas\IObit\Advanced SystemCare 5\ASCService.exe
[05-SERVICE]**aljwcqncu -/- Config Universal -/- C:\WINDOWS\System32\alg.exe
[05-SERVICE]**AVP -/- Kaspersky Anti-Virus Service -/- C:\Arquivos de programas\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -r
[05-SERVICE]**Bonjour Service -/- ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## -/- C:\Arquivos de programas\Bonjour\mDNSResponder.exe
[05-SERVICE]**dyyiy -/- fbltlhus -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\dot3svc.dll
[05-SERVICE]**fdgyqziqw -/- vaqrvmxq -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\shsvcs.dll
[05-SERVICE]**FLEXnet Licensing Service -/- FLEXnet Licensing Service -/- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[05-SERVICE]**gupdate -/- Serviço do Google Update (gupdate) -/- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
[05-SERVICE]**gupdatem -/- Serviço do Google Update (gupdatem) -/- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
[05-SERVICE]**heidadwhn -/- Manager Security -/- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
[05-SERVICE]**HidServ -/- Acesso a dispositivo de interface humana -/- C:\WINDOWS\System32\svchost.exe
[05-SERVICE]**jbcwfxk -/- Microsoft System -/- C:\WINDOWS\system32\imapi.exe
[05-SERVICE]**jfqjonljx -/- fwufyvevo -/- C:\WINDOWS\system32\imapi.exe
[05-SERVICE]**jjtdqkkw -/- Center Image -/- C:\WINDOWS\system32\imapi.exe
[05-SERVICE]**jwbdfbs -/- Driver Manager -/- C:\WINDOWS\system32\imapi.exe
[05-SERVICE]**lxhvy -/- Windows Manager -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\lmhsvc.dll
[05-SERVICE]**MozillaMaintenance -/- Mozilla Maintenance Service -/- C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
[05-SERVICE]**mvqpgxaj -/- Manager Center -/- C:\WINDOWS\system32\msiexec.exe
[05-SERVICE]**napagent -/- Agente de Proteção de Acesso à Rede -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\qagentrt.dll
[05-SERVICE]**NBService -/- NBService -/- C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
[05-SERVICE]**NMIndexingService -/- NMIndexingService -/- C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
[05-SERVICE]**ouhtwzci -/- Task Security -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\ntmssvc.dll
[05-SERVICE]**owrjqybp -/- Driver Update -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\ntmssvc.dll
[05-SERVICE]**pvhlpley -/- System Support -/- C:\WINDOWS\system32\lsass.exe
[05-SERVICE]**SkypeUpdate -/- Skype Updater -/- C:\Arquivos de programas\Skype\Updater\Updater.exe
[05-SERVICE]**tfxopvyg -/- Helper Driver -/- C:\WINDOWS\System32\svchost -k DComLaunch -/- C:\WINDOWS\System32\termsrv.dll
[05-SERVICE]**WMPNetworkSvc -/- Serviço de Compartilhamento de Rede do Windows Media Player -/- C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe
[05-SERVICE]**WPFFontCache_v0400 -/- Windows Presentation Foundation Font Cache 4.0.0.0 -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe