Ir para conteúdo
Fórum Script Brasil

Cristoferson

Membros
 Perfil  Explorar Conteúdo

  • Total de itens

    0

  • Registro em

  • Última visita

Sobre Cristoferson

Cristoferson's Achievements

0

Reputação

  1. Cristoferson
    conclui. Pen clean e hijack Iniciando relatório do PenClean 2.0.3 Por Renato Victor Mejias renatomejias@yahoo.com.br 26/10/2008 02:01:03 ----------------------------------------------------------- Arquivos e chaves excluídos do computador: Malware não detectado no computador! ----------------------------------------------------------- Fim da análise no computador. ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: Malware não detectado em nenhuma unidade! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" ----------------------------------------------------------- Arquivos e chaves excluídos da unidade escolhida: Malware não detectado em nenhuma unidade! ----------------------------------------------------------- Fim da análise, a unidade verificada foi: "Todas as unidades" Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:12:59, on 26/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\TightVNC\WinVNC.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE64D6-3AC2-4966-8AAD-AC4C1B302AC1}: NameServer = 201.10.128.2 201.10.120.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Arquivos de programas\TightVNC\WinVNC.exe -- End of file - 3241 bytes
  2. Cristoferson
    Conforme solicitado envio log e combo fix Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:38:24, on 25/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\TightVNC\WinVNC.exe C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe C:\Arquivos de programas\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Internet Explorer\iexplore.exe C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\SoftwareDistribution\Download\db4af1ac6589f72c1b526a2c3dd4eb21\update\update.exe C:\WINDOWS\system32\wuauclt.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE64D6-3AC2-4966-8AAD-AC4C1B302AC1}: NameServer = 201.10.128.2 201.10.120.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Arquivos de programas\NOS\bin\getPlus_HelperSvc.exe O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Arquivos de programas\TightVNC\WinVNC.exe -- End of file - 3376 bytes ComboFix 08-10-24.02 - Afonsinho 2008-10-25 19:36:57.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1046.18.9 [GMT -2:00] Executando de: C:\Documents and Settings\Afonsinho\Desktop\ComboFix.exe * Criado um novo ponto de restauro . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\amvo.exe C:\WINDOWS\system32\amvo0.dll C:\WINDOWS\system32\amvo1.dll C:\WINDOWS\system32\mdm.exe C:\xyw9tmdj.com . (((((((((((((((( Arquivos/Ficheiros criados de 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))) . 2008-10-25 15:20 . 2008-10-25 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NOS 2008-10-25 15:20 . 2008-10-25 15:20 <DIR> d-------- C:\Arquivos de programas\NOS 2008-10-24 13:04 . 2008-10-24 13:28 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak 2008-10-24 04:27 . 2008-10-24 04:27 <DIR> d-------- C:\Arquivos de programas\Trend Micro 2008-10-24 02:08 . 2008-10-24 02:08 <DIR> d-------- C:\Arquivos de programas\Alwil Software 2008-10-24 02:08 . 2003-03-18 17:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-10-24 01:05 . 2008-10-24 01:05 <DIR> d---s---- C:\Documents and Settings\Glau\UserData 2008-10-22 23:16 . 2008-10-22 23:16 <DIR> d--hs---- C:\Documents and Settings\Afonsinho\PrivacIE 2008-10-22 23:13 . 2007-07-30 20:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2008-10-22 23:13 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2008-10-22 23:13 . 2007-07-30 20:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2008-10-22 23:13 . 2007-07-30 20:18 20,824 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2008-10-22 22:57 . 2008-10-23 03:05 <DIR> d-------- C:\WINDOWS\system32\pt-br 2008-10-22 22:57 . 2004-08-04 01:45 81,920 --a------ C:\WINDOWS\system32\ieencode.dll 2008-10-22 22:57 . 2004-08-04 01:45 81,920 --a------ C:\WINDOWS\system32\dllcache\ieencode.dll . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-15 15:40 1,846,144 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-11 19:08 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Avg7 2008-09-11 16:51 --------- d-----w C:\Arquivos de programas\MSN Messenger 2008-09-11 16:46 --------- d-----w C:\Arquivos de programas\Google 2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-20 05:37 661,504 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 13:45 2,184,576 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 13:45 2,061,952 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-08-05 20:55 265,720 ----a-w C:\WINDOWS\system32\msdbg2.dll . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por defeito não são mostradas. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Arquivos de programas\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Microsoft Office.lnk] path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Microsoft Office.lnk backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] --a------ 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 14:24 1694208 C:\Arquivos de programas\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC] --a------ 2003-08-01 19:28 474624 C:\Arquivos de programas\TightVNC\WinVNC.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTVOICE] --a------ 2002-03-21 09:31 163840 C:\WINDOWS\system32\pctspk.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Arquivos de programas\\Messenger\\msmsgs.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{80caa2c2-1e42-11db-8f0c-806d6172696f}] \Shell\AutoRun\command - D:\INDEX.EXE *Newly Created Service* - PROCEXP90 . - - - - ORFÃOS REMOVIDOS - - - - MSConfigStartUp-SlipStream - C:\Arquivos de programas\Acelerador POP\slipcore.exe . ------- Scan Suplementar ------- . FireFox -: Profile - C:\Documents and Settings\Afonsinho\Dados de aplicativos\Mozilla\Firefox\Profiles\y18n4z0t.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orkut.com.br/Main#Home.aspx?client=firefox-a&rls=org.mozilla:pt-BR:official&hl=pt-BR&tab=w0|http://www.google.com.br/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-25 19:40:59 Windows 5.1.2600 Service Pack 2 NTFS Procurando processos ocultos ... Procurando entradas auto inicializáveis ocultas ... Procurando ficheiros/arquivos ocultos ... Varredura completada com sucesso arquivos/ficheiros ocultos: 0 ************************************************************************** . --------------------- DLLs Carregadas Sob os Processos em Execução --------------------- PROCESSOS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\tsd32.dll . Tempo para conclusão: 2008-10-25 19:44:03 ComboFix-quarantined-files.txt 2008-10-25 21:43:57 Pré-execução: 8.045.813.760 bytes disponíveis Pós execução: 8,288,002,048 bytes disponíveis WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 109 --- E O F --- 2008-10-24 15:54:21
  3. Cristoferson
    gostaria de análisasem meu log, a máquina tem travado muito, e vários programas não estão respondendo, começam a execução e depois param de responder. ao executar mais de um programa o computador fica parecendo um 386 de tão lento. desde já agradeço Cristoferson Santos Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:41:34, on 24/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Arquivos de programas\TightVNC\WinVNC.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\CoolSMS\CoolSMS.exe C:\Arquivos de programas\Alwil Software\Avast4\ashSimpl.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R3 - URLSearchHook: CUOLSearchHook Object - {1FE8243E-0A3A-41B9-B9CE-EFFEE51974D3} - C:\Arquivos de programas\Arquivos comuns\uol\urlsearch\UOLSearchHook.dll O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CoolSMS] C:\Arquivos de programas\CoolSMS\CoolSMS.exe /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O17 - HKLM\System\CCS\Services\Tcpip\..\{C8BE64D6-3AC2-4966-8AAD-AC4C1B302AC1}: NameServer = 201.10.128.2 201.10.120.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe O23 - Service: VNC Server (winvnc) - Constantin Kaplinsky - C:\Arquivos de programas\TightVNC\WinVNC.exe -- End of file - 2765 bytes
×
×
  • Criar Novo...