Publicado em 26 de mai.

[Arquivado] Máquina lenta - análise de log

#topicos-arquivados-seguranca-malwares

Opas,

Estou com um servidor que começou a ficar lento demais.

Podem avaliar o meu log pra saber se tem algum malware ou vírus?

Logfile of Trend Micro HijackThis v2.0.0 (BETA)Scan saved at 20:51:34, on 26/5/2008

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe

C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe

C:\Program Files\Eset\nod32krn.exe

C:\WINDOWS\system32\RKillSrv.exe

C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe

C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe

C:\WINDOWS\System32\svchost.exe

c:\windows\system32\inetsrv\w3wp.exe

C:\WINDOWS\System32\dmadmin.exe

C:\WINDOWS\System32\svchost.exe

c:\windows\system32\inetsrv\w3wp.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Eset\nod32kui.exe

C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

C:\WINDOWS\system32\taskmgr.exe

c:\windows\system32\inetsrv\w3wp.exe

E:\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ftp://201.76.37.5/

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O15 - ESC Trusted Zone: ftp.*****.com.br

O15 - ESC Trusted Zone: http://***.dev.****.com.br

O15 - ESC Trusted Zone: http://www.google.com.br

O15 - ESC Trusted Zone: http://www.***.com.br

O15 - ESC Trusted Zone: http://mozilla.mirrors.easynews.com

O15 - ESC Trusted Zone: http://by135w.bay135.mail.live.com

O15 - ESC Trusted Zone: http://login.live.com

O15 - ESC Trusted Zone: http://wwwl.meebo.com

O15 - ESC Trusted Zone: http://www.mozilla.com

O15 - ESC Trusted Zone: http://download.mozilla.org

O15 - ESC Trusted Zone: http://ftp-mozilla.netscape.com

O15 - ESC Trusted Zone: http://www.orkut.com

O15 - ESC Trusted Zone: http://www.***.org

O15 - ESC Trusted Zone: http://lms.***.net

O15 - ESC Trusted Zone: http://mc.***.net

O15 - ESC Trusted Zone: http://www.***.net

O15 - ESC Trusted Zone: http://mozilla2.mirrors.tds.net

O15 - ESC Trusted Zone: http://mozilla.hongo.wide.ad.jp

O15 - ESC Trusted Zone: http://.windowsupdate.com

O15 - ESC Trusted Zone: http://.windowsupdate.com (HKLM)

O15 - ESC Trusted IP range: http://...

O15 - ESC Trusted IP range: http://201.17.129.7

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170185345187

O17 - HKLM\System\CCS\Services\Tcpip\..\{2E0B0E3A-1AD6-4168-A06E-C24149842DEA}: NameServer = 200.234.202.10,200.234.202.11

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Flash Communication Server (FlashCom) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Communication Server MX\FlashCom.exe

O23 - Service: Flash Communication Admin Service (FlashComAdmin) - Macromedia, Inc. - C:\Program Files\Macromedia\Flash Communication Server MX\FlashComAdmin.exe

O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - C:\Program Files\Gene6 FTP Server\G6FTPSERVER.EXE

O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

O23 - Service: Remote Process Killer - Unknown owner - C:\WINDOWS\system32\RKillSrv.exe

O23 - Service: Serv-U FTP Server (Serv-U) - Rhino Software, Inc. +1(262) 560-9627 - C:\Program Files\RhinoSoft.com\Serv-U\ServUDaemon.exe

O23 - Service: Smart PowerPoint Converter - - e:\smart powerpoint converter\bin\windowsservice1.exe

--

End of file - 5372 bytes

Desde já agradeço :rolleyes:

Discussão (2)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...