Ir ao conteúdo
  • Cadastre-se
winehouse

Malwere ou algo que monitora meu msn em outro computador

Recommended Posts

Olá pessoal!

Tenho certeza que há no meu pc um spylog ou algo do tipo, então fiz os procedimentos para criar os logs para análise. Se houver alguém pra me ajudar, eu agradeceria muito!!!:)

Segue os logs dds e gmer:

DDS (Version 1.0) - NTFSx86

Run by Deise at 18:37:29,79 on sex 05/12/2008

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.479.82 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Arquivos de programas\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Deise\Desktop\ewido_micro.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Deise\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://br.f507.mail.yahoo.com/ym/ShowFolder?rb=Inbox&reset=1&YY=87692&y5beta=yes&y5beta=yes&inc=50&order=down&sort=date&pos=0&view=a&head=b&box=%40B%40Bulk

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelper.dll

BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [MSMSGS] "c:\arquivos de programas\messenger\msmsgs.exe" /background

uRun: [Google Update] "c:\documents and settings\deise\configurações locais\dados de aplicativos\google\update\GoogleUpdate.exe" /c

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [soundMan] SOUNDMAN.EXE

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [iSUSScheduler] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\issch.exe" -start

mRun: [iSUSPM Startup] "c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe" -startup

mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 8.0\reader\Reader_sl.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [rmoc3260.dll OCX] regsvr32.exe /s "c:\windows\system32\rmoc3260.dll"

IE: Add to AMV Convert Tool... - c:\arquivos de programas\mp3 player utilities 4.00\amvconverter\grab.html

IE: Add to AMV Converter... - c:\arquivos de programas\mp3 player utilities 4.13\amvconverter\grab.html

IE: AMV convert tool grab multimedia file - c:\arquivos de programas\mp3 player utilities 5.06\amvconverter\grab.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: MediaManager tool grab multimedia file - c:\arquivos de programas\mp3 player utilities 4.00\mediamanager\grab.html

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\arquivos de programas\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: GbPluginCef - c:\arquivos de programas\gbplugin\gbiehcef.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399003} - c:\arquivos de programas\gbplugin\gbiehcef.dll

============= SERVICES / DRIVERS ===============

? GbpSv;GbpSv; []

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-5 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-5 20560]

R2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast4\ashServ.exe" [2007-7-24 155160]

R3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [2007-7-24 167424]

S3 avast! Mail Scanner;avast! Mail Scanner;"c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe" /service [2007-7-24 254040]

S3 avast! Web Scanner;avast! Web Scanner;"c:\arquivos de programas\alwil software\avast4\ashWebSv.exe" /service [2007-7-24 352920]

=============== Created Last 30 ================

2008-11-12 19:29 12,288 ac------ c:\windows\system32\dllcache\mouhid.sys

2008-11-12 19:29 12,288 a------- c:\windows\system32\drivers\mouhid.sys

2008-11-12 19:29 9,600 ac------ c:\windows\system32\dllcache\hidusb.sys

2008-11-12 19:29 9,600 a------- c:\windows\system32\drivers\hidusb.sys

==================== Find3M ====================

2008-10-19 12:43 344,380 a------- c:\windows\system32\perfh016.dat

2008-10-19 12:43 48,628 a------- c:\windows\system32\perfc016.dat

2008-10-01 00:47 2,828 a--sh--- c:\windows\system32\KGyGaAvL.sys

2008-09-20 00:39 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Downloaded Installations

2008-09-16 13:25 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\GbPlugin

2008-03-01 19:13 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MythPeople

2008-03-01 19:13 <DIR> --d----- c:\docume~1\deise\dadosd~1\Zylom

2008-03-01 19:13 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Zylom

2008-02-24 19:03 <DIR> --d----- c:\docume~1\deise\dadosd~1\BSplayer

2008-02-17 12:18 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\MumboJumbo

2008-02-16 15:16 <DIR> --d----- c:\docume~1\deise\dadosd~1\BSplayer Pro

2007-09-23 12:55 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PopCap

============= FINISH: 18:38:18,60 ===============

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-05 19:09:52

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF4AF5604]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF4AF54C0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF4AF599E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF4AF5098]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF4AF559A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF4AF4FD8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF4AF503C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF4AF56BA]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF4AF567A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF4AF57FA]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\winlogon.exe[1036] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 100678F0 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 10067A60 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\WINDOWS\system32\winlogon.exe[1036] kernel32.dll!FreeLibraryAndExitThread 7C80CEA1 5 Bytes JMP 10067790 C:\Arquivos de programas\GbPlugin\gbiehcef.dll (Gbieh Module/Caixa Economica Federal)

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [ 25, 00, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [ 65, 00, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [ A5, 01, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes [ E5, 01, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [ A5, 02, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [ 65, 01, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [ 65, 02, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes [ E5, 02, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [ A5, 00, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes [ E5, 00, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [ 25, 01, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [ E2 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [ 25, 02, 15, 00 ]

.text C:\Documents and Settings\Deise\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe[3092] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [ E2 ]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[1080] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- Services - GMER 1.0.14 ----

Service C:\ARQUIV~1\GbPlugin\GbpSv.exe (*** hidden *** ) [AUTO] GbpSv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security

Reg HKLM\SYSTEM\CurrentControlSet\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Type 16

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Start 2

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ImagePath C:\ARQUIV~1\GbPlugin\GbpSv.exe

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@DisplayName Gbp Service

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Group GbPlugin Group

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv@Description Service for G-Buster Browser Defense

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security

Reg HKLM\SYSTEM\ControlSet003\Services\GbpSv\Security@Security 0x01 0x00 0x14 0x80 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Poste um novo log do DDS, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×