Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

uncl0sed

[Arquivado] Suspeita de Keylogger

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:57:45, on 7/3/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Ares\Ares.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\MessengerDiscovery\MessengerDiscovery Live.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\hjackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"

O1 - Hosts: 127.4.7.4 mcafee.com

O1 - Hosts: 127.4.7.4 www.mcafee.com

O1 - Hosts: 127.4.7.4 mcafeesecurity.com

O1 - Hosts: 127.4.7.4 www.mcafeesecurity.com

O1 - Hosts: 127.4.7.4 mcafeeb2b.com

O1 - Hosts: 127.4.7.4 www.mcafeeb2b.com

O1 - Hosts: 127.4.7.4 nai.com

O1 - Hosts: 127.4.7.4 www.nai.com

O1 - Hosts: 127.4.7.4 vil.nai.com

O1 - Hosts: 127.4.7.4 grisoft.com

O1 - Hosts: 127.4.7.4 www.grisoft.com

O1 - Hosts: 127.4.7.4 kaspersky-labs.com

O1 - Hosts: 127.4.7.4 www.kaspersky-labs.com

O1 - Hosts: 127.4.7.4 kaspersky.com

O1 - Hosts: 127.4.7.4 www.kaspersky.com

O1 - Hosts: 127.4.7.4 downloads1.kaspersky-labs.com

O1 - Hosts: 127.4.7.4 downloads2.kaspersky-labs.com

O1 - Hosts: 127.4.7.4 downloads3.kaspersky-labs.com

O1 - Hosts: 127.4.7.4 downloads4.kaspersky-labs.com

O1 - Hosts: 127.4.7.4 download.mcafee.com

O1 - Hosts: 127.4.7.4 grisoft.cz

O1 - Hosts: 127.4.7.4 www.grisoft.cz

O1 - Hosts: 127.4.7.4 norton.com

O1 - Hosts: 127.4.7.4 www.norton.com

O1 - Hosts: 127.4.7.4 symantec.com

O1 - Hosts: 127.4.7.4 www.symantec.com

O1 - Hosts: 127.4.7.4 liveupdate.symantecliveupdate.com

O1 - Hosts: 127.4.7.4 liveupdate.symantec.com

O1 - Hosts: 127.4.7.4 update.symantec.com

O1 - Hosts: 127.4.7.4 securityresponse.symantec.com

O1 - Hosts: 127.4.7.4 sarc.com

O1 - Hosts: 127.4.7.4 www.sarc.com

O1 - Hosts: 127.4.7.4 vaksin.com

O1 - Hosts: 127.4.7.4 www.vaksin.com

O1 - Hosts: 127.4.7.4 forum.vaksin.com

O1 - Hosts: 127.4.7.4 norman.com

O1 - Hosts: 127.4.7.4 www.norman.com

O1 - Hosts: 127.4.7.4 trendmicro.com

O1 - Hosts: 127.4.7.4 www.trendmicro.com

O1 - Hosts: 127.4.7.4 trendmicro.co.jp

O1 - Hosts: 127.4.7.4 www.trendmicro.co.jp

O1 - Hosts: 127.4.7.4 trendmicro-europe.com

O1 - Hosts: 127.4.7.4 www.trendmicro-europe.com

O1 - Hosts: 127.4.7.4 ae.trendmicro-europe.com

O1 - Hosts: 127.4.7.4 it.trendmicro-europe.com

O1 - Hosts: 127.4.7.4 secunia.com

O1 - Hosts: 127.4.7.4 www.secunia.com

O1 - Hosts: 127.4.7.4 winantivirus.com

O1 - Hosts: 127.4.7.4 www.winantivirus.com

O1 - Hosts: 127.4.7.4 pandasoftware.com

O1 - Hosts: 127.4.7.4 www.pandasoftware.com

O1 - Hosts: 127.4.7.4 esafe.com

O1 - Hosts: 127.4.7.4 www.esafe.com

O1 - Hosts: 127.4.7.4 f-secure.com

O1 - Hosts: 127.4.7.4 www.f-secure.com

O1 - Hosts: 127.4.7.4 europe.f-secure.com

O1 - Hosts: 127.4.7.4 bhs.com

O1 - Hosts: 127.4.7.4 www.bhs.com

O1 - Hosts: 127.4.7.4 datafellows.com

O1 - Hosts: 127.4.7.4 www.datafellows.com

O1 - Hosts: 127.4.7.4 cheyenne.com

O1 - Hosts: 127.4.7.4 www.cheyenne.com

O1 - Hosts: 127.4.7.4 ontrack.com

O1 - Hosts: 127.4.7.4 www.ontrack.com

O1 - Hosts: 127.4.7.4 sands.com

O1 - Hosts: 127.4.7.4 www.sands.com

O1 - Hosts: 127.4.7.4 sophos.com

O1 - Hosts: 127.4.7.4 www.sophos.com

O1 - Hosts: 127.4.7.4 icubed.com

O1 - Hosts: 127.4.7.4 www.icubed.com

O1 - Hosts: 127.4.7.4 perantivirus.com

O1 - Hosts: 127.4.7.4 www.perantivirus.com

O1 - Hosts: 127.4.7.4 virusalert.nl

O1 - Hosts: 127.4.7.4 www.virusalert.nl

O1 - Hosts: 127.4.7.4 pagina.nl

O1 - Hosts: 127.4.7.4 www.pagina.nl

O1 - Hosts: 127.4.7.4 antivirus.pagina.nl

O1 - Hosts: 127.4.7.4 castlecops.com

O1 - Hosts: 127.4.7.4 www.castlecops.com

O1 - Hosts: 127.4.7.4 virustotal.com

O1 - Hosts: 127.4.7.4 www.virustotal.com

O1 - Hosts: 127.4.7.4 www.ca.com

O1 - Hosts: 127.4.7.4 ca.com

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKLM\..\Run: [itch ford four knob] C:\Documents and Settings\All Users\Dados de aplicativos\third lies itch ford\Two setup.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [Chicacid] C:\DOCUME~1\jjhol\DADOSD~1\1SOFTW~1\Time jump.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jjhol\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ares] "C:\Arquivos de programas\Ares\Ares.exe" -h

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1757981266-1482476501-725345543-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'PEQUENOS')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Livro de recortes HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Seleção HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Arquivos de programas\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

 

--

End of file - 12646 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! uncl0sed

 

<@> Baixe: < FixPolicies >

<@> Salve-o no Desktop!

<@> Esteja logado como Administrador.

<@> Execute o arquivo FixPolicies.exe,com um duplo-clique.

<@> Clique em Install.

<@> Abra a pasta FixPolicies --> Clique em Fix_policies.cmd --> Enter.

<@> Dê permissão ao reparo,caso seja negada por programas de proteção.

<@> Aguarde o término da verificação!

<><><><><><><><><><><>

<@> Baixe: < LopS&D >

<@> Salve-o no Disco Local-C!

<@> Instale o programa e clique em: LopSD.cmd

<@> Na janela que abrir,aperte o "p" --> Aperte Enter.

<@> Em outra janela,aperte a opção 2 --> Aperte Enter --> Aguarde!

<@> Terminando,salve e poste o relatório. ( C:\Lop SD\LopR_1.txt )

<@> Poste,também,HijackThis atualizado.

 

Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.