[Arquivado] Análise de Log

[Rnd 0]

Boa tarde amigos,

 

Tenho um computador aqui na empresa, que está dando erro no explorer.exe e fica travando constantemente.

 

Criei um log no hijackthis.

Se puderem me ajudar desde já agradeço;

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:51:20, on 05/05/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\ARQUIV~1\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\dklog.exe

C:\WINDOWS\system32\dkvcm.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McSACore.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe

C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Arquivos de programas\McAfee\Common Framework\naPrdMgr.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe

C:\Arquivos de programas\Kyocera\FileUtility\SFUSVC.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Kyocera\FileUtility\nsCatCom.exe

C:\Arquivos de programas\TOPConnect 4.0\topconnect.exe

C:\Arquivos de programas\TOTVS\TotvsSPED\appserver\TotvsAppServer.exe

C:\WINDOWS\system32\dkcktkn.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\CAPM2RSK.EXE

C:\Arquivos de programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe

C:\Arquivos de programas\McAfee\VirusScan Enterprise\mfeann.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPM2SWK.EXE

C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

C:\Arquivos de programas\Intelbras\Remoraw5\WRECEBE.EXE

C:\Arquivos de programas\Cobian Backup 9\Cobian.exe

C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\McAfee\Common Framework\udaterui.exe

C:\WINDOWS\system32\S3trayp.exe

C:\Arquivos de programas\Cobian Backup 9\cbInterface.exe

C:\Arquivos de programas\McAfee\Common Framework\McTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

C:\Arquivos de programas\Kyocera\FileUtility\NsCatCom.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Gilcimar.GENEZE.000\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.terra.com.br/portal/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.3:3128

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Arquivos de programas\Scpad\scpsssh2.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: (no name) - {546D0BB7-6894-48D2-89EB-DFABF5E4EC7D} - (no file)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan Enterprise\scriptsn.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Arquivos de programas\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Arquivos de programas\Arquivos comuns\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PaperPort PTD] C:\Arquivos de programas\ScanSoft\PaperPort\pptd40nt.exe

O4 - HKLM\..\Run: [indexSearch] C:\Arquivos de programas\ScanSoft\PaperPort\IndexSearch.exe

O4 - HKLM\..\Run: [Comunicação com PABX] C:\Arquivos de programas\Intelbras\Remoraw5\WRECEBE.EXE

O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"

O4 - HKLM\..\Run: [DkStartup] C:\Arquivos de programas\SafeNet\BSecClient\dkstartup.exe

O4 - HKLM\..\Run: [AxMonitor] C:\Arquivos de programas\SafeNet\BSecClient\axmonitor.exe

O4 - HKLM\..\Run: [DkAutoReg] C:\Arquivos de programas\SafeNet\BSecClient\DkAutoReg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Arquivos de programas\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

O4 - HKLM\..\Run: [shStatEXE] "C:\Arquivos de programas\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NBJ] "C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Scanner File Utility.lnk = ?

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259058690334

O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab

O16 - DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} (WLCTSCControl Class) - https://www.mesh.com/0.9.4014.3/TSWeb.cab

O16 - DPF: {B3D3825B-2120-4B0E-8C45-80ECC1D3E70D} (GeraCert Class) - https://bradesconetempresa.com.br/ne/CA.cab

O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O16 - DPF: {DCEDAC5B-5CDD-4EE3-882D-51F7D3232650} (fetchMails.fetcher) - http://www3.catho.com.br/7dias/fetchmails.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = GENEZE.REDE

O17 - HKLM\Software\..\Telephony: DomainName = GENEZE.REDE

O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3D91DE-69B9-4E60-AB8A-36346B6966AB}: NameServer = 192.168.0.1,192.168.2.1,192.168.2.10

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = GENEZE.REDE

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = GENEZE.REDE

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McIEPlg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: GbPluginBb - C:\ARQUIV~1\GBPLUGIN\gbieh.dll

O20 - Winlogon Notify: GbPluginCef - C:\Arquivos de programas\GbPlugin\gbiehCef.dll

O20 - Winlogon Notify: DkWLNP - C:\WINDOWS\SYSTEM32\DkWLNP.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Arquivos de programas\Scpad\scpLIB.dll

O23 - Service: SafeNet Log Service (DkLogger) - SafeNet, Inc. - C:\WINDOWS\system32\dklog.exe

O23 - Service: SafeNet Token Service (DkTknSrv) - SafeNet, Inc. - C:\WINDOWS\system32\dkcktkn.exe

O23 - Service: SafeNet Virtual Channel Monitor (DkVcm) - SafeNet, Inc. - C:\WINDOWS\system32\dkvcm.exe

O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Arquivos de programas\McAfee\SiteAdvisor Enterprise\McSACore.exe

O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\EngineServer.exe

O23 - Service: Serviço McAfee Framework (McAfeeFramework) - McAfee, Inc. - C:\Arquivos de programas\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Arquivos de programas\McAfee\VirusScan Enterprise\VsTskMgr.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe

O23 - Service: RM.Host.Service - TOTVS S.A. - C:\CorporeRM\RM.Net\RM.Host.Service.exe

O23 - Service: SFUSVC - KYOCERA MITA CORPORATION - C:\Arquivos de programas\Kyocera\FileUtility\SFUSVC.exe

O23 - Service: TOPConnect 4.0 Server (top4) - Unknown owner - C:\Arquivos de programas\TOPConnect 4.0\topconnect.exe

O23 - Service: Totvs Web Service (TotvsAppServer) - TOTVS S/A - C:\Arquivos de programas\TOTVS\TotvsSPED\appserver\TotvsAppServer.exe

 

--

End of file - 11412 bytes

[DigRam 144]

Bom Dia! Rnd

 

<@> Baixe: < OTL > ( ...by OldTimer Tools )

<@> Salve-o no desktop!

<@> Clique duplo em: < >

<@> Ps: Sigamos,agora,com sua configuração!

 

<!> 1 - Em "Saída",deixe marcado o botão "Resumida".

<!> 2 - Marque as caixas: Verificar All Users e Incluir Verificação 64bit <-- Ps: Caso o SO seja 64 bit!

<!> 3 - Processos: Usar SafeList <-- Marque!

<!> 4 - Módulos: Usar SafeList <-- Marque!

<!> 5 - Serviços: Usar SafeList <-- Marque!

<!> 6 - Drivers: Usar SafeList <-- Marque!

<!> 7 - Exame Padrão do Registro: Usar SafeList <-- Marque!

<!> 8 - Exame Extra do Registro: Usar SafeList <-- Marque!

<!> 9 - Verificação de Arquivos:

 

<!> Data de Criação >> Escolha: 14 dias

 

<!> Marque: Usar WhiteList para Nomes de Companhias

<!> Marque: Ignorar Arquivos Microsoft

 

<!> 10 - Arquivos Criados Desde:

 

<!> Marque: Data de Criação

 

<!> 11 - Arquivos Modificados Desde:

 

<!> Marque: Data de Criação

<!> Marque as caixas:

 

[] Verificar Lop

[] Verificar Purity

 

<@> Ps: Sugiro que imprima estas orientações,para posterior leitura.

 

netsvcsmsconfigsafebootminimalsafebootnetworkactivexdrivers32%SYSTEMDRIVE%\*.exe%SYSTEMDRIVE%\eventlog.dll /s /md5%SYSTEMDRIVE%\scecli.dll /s /md5%SYSTEMDRIVE%\netlogon.dll /s /md5%SYSTEMDRIVE%\cngaudit.dll /s /md5%SYSTEMDRIVE%\sceclt.dll /s /md5%SYSTEMDRIVE%\ntelogon.dll /s /md5%SYSTEMDRIVE%\logevent.dll /s /md5%SYSTEMDRIVE%\iaStor.sys /s /md5%SYSTEMDRIVE%\nvstor.sys /s /md5%SYSTEMDRIVE%\atapi.sys /s /md5%SYSTEMDRIVE%\IdeChnDr.sys /s /md5%SYSTEMDRIVE%\viasraid.sys /s /md5

<@> Ps: Copie e cole estas informações,que estão no Code,para o campo abaixo de: Exames Personalizados/Correções

<@> Clique em: Verificar --> Aguarde!

<@> Concluindo,poste:

 

<1> OTL.txt <--

<2> Extra.txt <--

 

Abraços!

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.