Publicado em 9 de out.

[Arquivado] Analise de Log

#topicos-arquivados-seguranca-malwares

Galera este é o log do meu servidor.

Esta consumindo muita memoria e o servidor esta lento.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:26:42, on 09/10/2009

Platform: Windows 2003 SP2 (WinNT 5.02.3790)

MSIE: Internet Explorer v7.00 (7.00.6000.16827)

Boot mode: Normal

Running processes:

C:\Documents and Settings\Ecel\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe

C:\WINDOWS\system32\cmpe.exe

C:\WINDOWS\system32\Dfssvc.exe

C:\WINDOWS\System32\dns.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\System32\ismserv.exe

C:\WINDOWS\system32\ntfrs.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\WINDOWS\system32\lserver.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

c:\windows\system32\inetsrv\w3wp.exe

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

C:\Arquivos de programas\DynDNS Updater\DynDNS.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PVSW\Bin\w3dbsmgr.exe

C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

C:\Arquivos de programas\uTorrent\uTorrent.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

C:\Arquivos de programas\Cobian Backup 9\Cobian.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Cobian Backup 9\cbInterface.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\rdpclip.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Arquivos de programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe

C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\ctfmon.exe

D:\Administrativo\Veiculo\controle de veiculo.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meuip.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ljsistemas.serveftp.net:8080'>http://ljsistemas.serveftp.net:8080

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Arquivos de programas\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NBKeyScan] "C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [HPUsageTracking] C:\Arquivos de programas\Hewlett-Packard\HP UT\bin\hppusg.exe "C:\Arquivos de programas\Hewlett-Packard\HP UT\"

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Arquivos de programas\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"

O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Arquivos de programas\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

O4 - HKLM\..\Run: [ccApp] "C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [smartDefrag] "C:\Arquivos de programas\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [DynDNS Updater] "C:\Arquivos de programas\DynDNS Updater\DynDNS.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-3699788105-3571225688-3576595904-1147\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'remotoalx1')

O4 - HKUS\S-1-5-21-3699788105-3571225688-3576595904-1147\..\Run: [AdobeUpdater] "C:\Arquivos de programas\Arquivos comuns\Adobe\Updater5\AdobeUpdater.exe" (User 'remotoalx1')

O4 - HKUS\S-1-5-21-3699788105-3571225688-3576595904-1189\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'david')

O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')

O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe

O8 - Extra context menu item: Append to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O10 - Broken Internet access because of LSP provider 'c:\documents and settings\ecel\windows\system32\mswsock.dll' missing

O15 - ESC Trusted Zone: http://centralonline.prosoft.com.br

O15 - ESC Trusted Zone: http://www.receita.fazenda.gov.br

O15 - ESC Trusted Zone: http://iisback.googlecode.com

O15 - ESC Trusted Zone: http://ljsistemas.homeip.net

O15 - ESC Trusted Zone: http://www.moonsoftware.com

O15 - ESC Trusted Zone: http://runonce.msn.com

O15 - ESC Trusted Zone: http://www.portforward.com

O15 - ESC Trusted Zone: http://ljsistemas.serveftp.net

O15 - ESC Trusted Zone: http://static.slysoft.com

O15 - ESC Trusted Zone: http://voxel.dl.sourceforge.net

O15 - ESC Trusted Zone: http://www.speedtouch.com.br

O15 - ESC Trusted Zone: http://www.educ.umu.se

O15 - ESC Trusted Zone: http://download.utorrent.com

O15 - ESC Trusted Zone: http://.windowsupdate.com

O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)

O15 - ESC Trusted Zone: http://.windowsupdate.com (HKLM)

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://img2.orkut.com/activex/10035/photouploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1194744286312

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECEL.LOCAL

O17 - HKLM\Software\..\Telephony: DomainName = ECEL.LOCAL

O17 - HKLM\System\CCS\Services\Tcpip\..\{56BD1931-2598-4061-BA12-D8EABDC5AD26}: NameServer = 192.168.1.254

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECEL.LOCAL

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECEL.LOCAL

O23 - Service: Banco de dados interno da Symantec (ASANYs_sem5) - iAnywhere Solutions, Inc. - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Arquivos de programas\Arquivos comuns\Symantec Shared\ccSvcHst.exe

O23 - Service: Context Manager Process Extension (cmpe) - LightComm - C:\WINDOWS\system32\cmpe.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Arquivos de programas\Firebird\Firebird_1_5\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: RoxMediaDB - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: Symantec Endpoint Protection Manager (semsrv) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe

O23 - Service: Cliente de gerenciamento Symantec (SmcService) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Smc.exe

O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\SNAC.EXE

O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Arquivos de programas\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--

End of file - 13668 bytes

Discussão (2)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

Carregando comentários...