Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
darkyoh

Ajuda... (log hijackthis e panda)

Recommended Posts

Ola a todos :)

Eu tive uma conta de um jogo hackear por alguem e trocaram a senha... eu recuperei a conta e tudo mas o problema é saber como eles conseguiram então queria saber se tem algum keylogger ou alguma coisa no meu pc que eles poderiam obter a minha senha...

Log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:34:17 PM, on 2/23/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16609)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

D:\MPK\MPK.exe

C:\Program Files\Lenovo\file32\hotkey.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\ehome\ehmsas.exe

C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe

C:\Program Files\Lenovo\MultiRecover\multitray.exe

C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

C:\Windows\Explorer.EXE

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [unattend0000000001{7C731146-ECE9-435D-BE9E-AA4304375F14}] C:\Windows\test.bat

O4 - HKLM\..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe

O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"

O4 - HKLM\..\Run: [iMSCMig] E:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

O4 - HKLM\..\Run: [iSUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe" /AutoRun

O4 - HKLM\..\Run: [WPCUMI] E:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe

O4 - HKLM\..\Run: [MSMA Agent] C:\Windows\system32\28463\MSMA.exe

O4 - HKLM\..\Run: [WGV] C:\Program Files\WGV\WGV.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Edward\AppData\Local\Temp\hgdbc.dll,#1

O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] D:\MPK\Mpk.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2939007113-2636569366-30448200-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: LitModeCtrl - Lenovo Software (Beijing) Limited - C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe

O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

O23 - Service: OKAV Agent Service - Trend Micro Inc. - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe

O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe

O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--

End of file - 10091 bytes

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Log do Panda:

;***********************************************************************************************************************************************************************************

ANALYSIS: 2008-02-23 18:15:47

PROTECTIONS: 1

MALWARE: 48

SUSPECTS: 1

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Trend Micro PC-cillin Internet Security 2007 15.30.1132 Yes Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@trafficmp[1].txt

00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@casalemedia[1].txt

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@doubleclick[1].txt

00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@atdmt[2].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@fastclick[1].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@tribalfusion[2].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@mediaplex[2].txt

00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@com[1].txt

00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@yadro[1].txt

00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@toplist[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@statcounter[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@ad.yieldmanager[1].txt

00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@apmebf[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@burstnet[2].txt

00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@bs.serving-sys[2].txt

00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@www.burstbeacon[1].txt

00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@stat.onestat[1].txt

00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@advertising[1].txt

00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@statse.webtrendslive[1].txt

00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@ads.pointroll[1].txt

00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@realmedia[1].txt

00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@questionmarket[2].txt

00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@bluestreak[1].txt

00177033 Application/Ardamax HackTools No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][CKM.004]

00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@adultfriendfinder[2].txt

00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@searchportal.information[2].txt

00219085 Application/Ardamax HackTools No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][CKM.exe]

00219086 Application/Ardamax HackTools No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][CKM.007]

00259819 Application/Ardamax HackTools No 0 No No D:\$RECYCLE.BIN\S-1-5-21-2939007113-2636569366-30448200-1005\$RL3UU18.6\setup_akl.exe[WGV.004]

00259819 Application/Ardamax HackTools No 0 Yes No C:\Users\Edward\Desktop\funnypicture.exe

00259819 Application/Ardamax HackTools No 0 Yes No C:\$Recycle.Bin\S-1-5-21-2939007113-2636569366-30448200-1005\$RDAYXI3.exe

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@smartadserver[2].txt

00286732 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@www3.addfreestats[1].txt

00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@www6.addfreestats[1].txt

00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@ehg-dig.hitbox[1].txt

00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Edward\AppData\Roaming\Microsoft\Windows\Cookies\Low\edward@ads.addynamix[2].txt

00438131 Trj/Agent.DIL Virus/Trojan No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][CKM.006]

00478831 Trj/Agent.DIL Virus/Trojan No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][CKM.003]

00532816 Trj/Agent.DIL Virus/Trojan No 0 No No D:\$RECYCLE.BIN\S-1-5-21-2939007113-2636569366-30448200-1005\$RL3UU18.6\setup_akl.exe[WGV.006]

00536526 Trj/Agent.DIL Virus/Trojan No 0 No No D:\$RECYCLE.BIN\S-1-5-21-2939007113-2636569366-30448200-1005\$RL3UU18.6\setup_akl.exe[AKV.exe]

00888932 Generic Malware Virus/Trojan No 0 No No D:\$RECYCLE.BIN\S-1-5-21-2939007113-2636569366-30448200-1005\$RL3UU18.6\setup_akl.exe[WGV.exe]

01050302 Generic Malware Virus/Trojan No 0 No No D:\$RECYCLE.BIN\S-1-5-21-2939007113-2636569366-30448200-1005\$RL3UU18.6\setup_akl.exe[WGV.007]

01729658 Application/Ardamax HackTools No 0 Yes No C:\$Recycle.Bin\S-1-5-21-2939007113-2636569366-30448200-1005\$RUOY6OX.exe

01729658 Application/Ardamax HackTools No 0 Yes No C:\Users\Edward\Desktop\1199139142_l.jpg

01729658 Application/Ardamax HackTools No 0 Yes No C:\$Recycle.Bin\S-1-5-21-2939007113-2636569366-30448200-1005\$RW3X1T1.exe

01729658 Application/Ardamax HackTools No 0 Yes No C:\Users\Edward\Desktop\Picture.zip[Picture.exe]

01729658 Application/Ardamax HackTools No 0 No No C:\Users\Edward\Desktop\setup_akl.exe[HTV.004]

01729658 Application/Ardamax HackTools No 0 No No C:\Users\Edward\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGJB0VUM\setup_akl[1].exe[HTV.004]

02389085 Application/Ardamax HackTools No 0 No No C:\Users\Edward\Documents\Downloads\AradamaxKeylogger_v2.3.rar[AradamaxKeylogger_v2.3\setup_akl.exe][AKV.exe]

02655753 Application/MyWebSearch HackTools No 0 Yes No C:\Users\Edward\AppData\Local\Temp\asktoolbar.exe

02655753 Application/MyWebSearch HackTools No 0 Yes No C:\Users\Edward\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PGGT5US7\asktoolbar[1].exe

02894859 W32/IRCBot.BQW.worm Virus/Worm No 0 Yes No C:\Users\Edward\AppData\Local\Temp\gun5.4.exe

02898994 Trj/Downloader.SLP Virus/Trojan No 1 No No C:\$Recycle.Bin\S-1-5-21-2939007113-2636569366-30448200-1005\$ROUKEZO.exe[keygen.exe]

02900365 Spyware/Virtumonde Spyware No 1 No No C:\$Recycle.Bin\S-1-5-21-2939007113-2636569366-30448200-1005\$ROUKEZO.exe[crack.exe]

02900824 Rootkit/Spammer.AFN HackTools No 0 Yes No C:\Users\Edward\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\11CLBKK9\sgxllcqhhy[1].htm

02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Edward\AppData\Local\Temp\tmp000142f8

02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\Users\Edward\AppData\Local\Temp\tmp011ef28e

02900909 Spyware/Virtumonde Spyware No 1 Yes No C:\USERS\EDWARD\APPDATA\LOCAL\TEMP\HGDBC.DLL

;===================================================================================================================================================================================

SUSPECTS

Location

;===================================================================================================================================================================================

D:\MPK\MPK.DLL

;===================================================================================================================================================================================

So pra falar, que esses logs sao de antes de eu scanear o pc com anti-spyware to scaneando aqui agora e espero que tire boa parte dos spyware ;D

Agradeco desde ja a ajuda ^^

Compartilhar este post


Link para o post
Compartilhar em outros sites

- Faça o download do Killbox e execute-o:

  • Marque a opção Delete on Reboot. Copie a lista abaixo (selecione e clique em Editar > Copiar ou pressione Ctrl + C):

C:\Program Files\HTV\HTV.exe
  • Volte ao KillBox. Clique em File > Paste from clipboard. Clique no botão All Files;
  • Clique no killbox.png e responda Não à pergunta.

- Reinicie o computador em Modo de Segurança (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização);

- Abra o HijackThis, clique em Do a system scan only e marque as entradas abaixo:

O4 - HKLM\..\Run: [unattend0000000001{7C731146-ECE9-435D-BE9E-AA4304375F14}] C:\Windows\test.bat

O4 - HKLM\..\Run: [HTV Agent] C:\Program Files\HTV\HTV.exe

- Feche todas as janelas, clique em ht-fix.png e em Sim;

- Reinicie em modo normal, gere novo log e cole na sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Ok obrigado pela ajuda aqui esta o novo log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:32:54 PM, on 2/24/2008

    Platform: Windows Vista (WinNT 6.00.1904)

    MSIE: Internet Explorer v7.00 (7.00.6000.16609)

    Boot mode: Normal

    Running processes:

    C:\Windows\system32\Dwm.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Windows Defender\MSASCui.exe

    C:\Program Files\Lenovo\file32\hotkey.exe

    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

    C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe

    C:\Windows\System32\igfxtray.exe

    C:\Windows\System32\hkcmd.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Windows\ehome\ehtray.exe

    C:\Program Files\Windows Media Player\wmpnscfg.exe

    C:\Program Files\Windows Live\Messenger\msnmsgr.exe

    C:\Windows\system32\igfxsrvc.exe

    C:\Windows\ehome\ehmsas.exe

    C:\Program Files\Lenovo\MultiRecover\multitray.exe

    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://youtube.com/

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

    O1 - Hosts: ::1 localhost

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

    O4 - HKLM\..\Run: [Lenovokey] C:\Program Files\Lenovo\file32\hotkey.exe

    O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"

    O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup

    O4 - HKLM\..\Run: [CCUTRAYICON] "C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe"

    O4 - HKLM\..\Run: [iMSCMig] E:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload

    O4 - HKLM\..\Run: [iSUSPM] "E:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

    O4 - HKLM\..\Run: [ModeSwitch] "C:\Program Files\Lenovo\PowerDial\LitModeSwitch.exe" /AutoRun

    O4 - HKLM\..\Run: [WPCUMI] E:\Windows\system32\WpcUmi.exe

    O4 - HKLM\..\Run: [multitray] C:\Program Files\Lenovo\MultiRecover\loadtray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"

    O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

    O4 - HKCU\..\Run: [steam] "D:\Program Files\Steam\Steam.exe" -silent

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

    O4 - HKUS\S-1-5-21-2939007113-2636569366-30448200-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')

    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

    O13 - Gopher Prefix:

    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab

    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab

    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll

    O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

    O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

    O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe

    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

    O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

    O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe

    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

    O23 - Service: LitModeCtrl - Lenovo Software (Beijing) Limited - C:\Program Files\Lenovo\PowerDial\LitModeCtrl.exe

    O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

    O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

    O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe

    O23 - Service: OKAV Agent Service - Trend Micro Inc. - C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe

    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

    O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe

    O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

    --

    End of file - 9490 bytes

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    - Ok, o log está limpo :)

    - Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner:

    • Abra o programa e clique em Executar Limpeza;
    • Após isto, clique em Registro > Procurar > Corrigir erros selecionados

    - Abra o Painel de Controle > Sistema > Proteção do sistema e desmarque "Disco local" > Aplicar e Ok. Em seguida marque novamente > Aplicar e Ok.

    - Leia o artigo Proteja seu PC para mais informações sobre como evitar infecções.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×