[Resolvido!] Iexplore System Error. Code: 1400 O Identificador da

eneigatinho · Outubro 29, 2008

Bom dia

Aconteceu aqui comigo num computador da empresa em que trabalho favor analizar o log.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:00:44, on 29/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\WINDOWS\system32\ctfmon.exe

C:\ARQUIV~1\SecCopy\SecCopy.exe

C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe

C:\Arquivos de programas\UltraVNC\winvnc.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\Arquivos de programas\Java\jre1.6.0_03\bin\jucheck.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\oobe\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\hijack\hijackthis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.folhape.com.br/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.254:3128

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Banco do Brasil S.A. - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - C:\WINDOWS\system32\oobe\msobe.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [ErrorRepairPro] ' '

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinVNC] "C:\Arquivos de programas\UltraVNC\winvnc.exe" -servicehelper

O4 - HKLM\..\Run: [cctray] "C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [second Copy] "C:\ARQUIV~1\SecCopy\SecCopy.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: UltraVNC Server.lnk = C:\Arquivos de programas\UltraVNC\winvnc.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\MSMSGS.EXE

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F88893BB-EB42-4991-BA95-DA7970F08C79}: NameServer = 201.10.1.2,201.10.128.3

O23 - Service: CaCCProvSP - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Arquivos de programas\UltraVNC\winvnc.exe

O24 - Desktop Component 0: (no name) - http://www.pernambuco.com/turismo/imagens/...0109213758p.jpg

O24 - Desktop Component 1: (no name) - http://www.coralnet.com.br/downloads/papel...lo2_800x600.jpg

O24 - Desktop Component 2: (no name) - http://jesusosalvador.blogger.zip.net/imag...024x768_jpg.jpg

O24 - Desktop Component 3: (no name) - http://www.pernambuco.com/turismo/papel_parede/2006/p18.jpg

--

End of file - 6025 bytes

DigRam · Outubro 30, 2008

Boa Noite! eneigatinho

<@> BAIXE: < Kaspersky Virus Removal Tool >

-----------------------------

<@> Faça o download da atualização mais recente! <-- Observe as datas!

<@> Salve-o em Arquivos de Programas!

<@> Reinicie o computador,em Modo de Segurança! <-- Importante!

<@> Execute a ferramenta com um duplo-clique,em seu executável.

<@> Abrir-se-á,a seguinte janela:

<@> Na opção: Manual Cure,marque todas as caixas e clique em Scan.

<@> Terminando o scan,copie e poste o relatório.

Ps: Confirme a solicitação de remoção,aos arquivos detectados!

Abraços!

eneigatinho · Outubro 30, 2008

BOA TARDE!!!

FIZ CONFORME DITO, MAS NA HORA QUE FUI COLOCAR O CPU EM MODO DE SEGURANÇA ELE NÃO ENTRA DE JEITO NENHUM, POSSO PASSAR O KASPERSKY MESMO ASSIM???

DEIXEI A MADRUGADA PASSANDO... O PROBLEMA FOI RESOLVIDO LOGO ABAIXO ESTA O LOG DEPOIS DEPOIS DE LIMPO.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:33:07, on 31/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\ARQUIV~1\SecCopy\SecCopy.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\CA\CA Internet Security Suite\ccprovsp.exe

C:\hijackthis.exe