Ir para conteúdo
Fórum Script Brasil
  • 0

Máquina Reiniciando (Análise de LOG)


Vagner Nunes

Pergunta

Prezados, a máquina de um cliente, está reiniciando sozinho, apresentando erros inesperados, segue abaixo LOG para análise.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:28:29, on 02/04/2011

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16722)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\Vm_sti.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DAEMON Tools Lite\DTLite.exe

C:\Users\Welington\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\Welington\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files\Avira\AntiVir Desktop\avcenter.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2903601

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minilua.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minilua.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.minilua.com/q/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: TV Bar 1.3 Toolbar - {71e2a01d-715c-4c08-963a-c0b84fedadf8} - C:\Program Files\TV_Bar_1.3\prxtbTV_2.dll

R3 - URLSearchHook: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: TV Bar 1.3 - {71e2a01d-715c-4c08-963a-c0b84fedadf8} - C:\Program Files\TV_Bar_1.3\prxtbTV_2.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: Productivity 2.2 - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll

O3 - Toolbar: TV Bar 1.3 Toolbar - {71e2a01d-715c-4c08-963a-c0b84fedadf8} - C:\Program Files\TV_Bar_1.3\prxtbTV_2.dll

O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll

O3 - Toolbar: Productivity 2.2 Toolbar - {e84cc2c1-b722-48fc-a39c-edb8b525c777} - C:\Program Files\Productivity_2.2\prxtbPro0.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngin0.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE VIMICRO USB PC Camera

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Welington\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun

O4 - HKCU\..\Run: [cacaoweb] "C:\Users\Welington\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer

O4 - HKCU\..\Run: [Google Update] "C:\Users\Welington\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6C45FDB1-D11D-4A50-A19F-E0035BDDE8BD}: NameServer = 4.2.2.2,4.2.2.3

O17 - HKLM\System\CS1\Services\Tcpip\..\{6C45FDB1-D11D-4A50-A19F-E0035BDDE8BD}: NameServer = 4.2.2.2,4.2.2.3

O17 - HKLM\System\CS2\Services\Tcpip\..\{6C45FDB1-D11D-4A50-A19F-E0035BDDE8BD}: NameServer = 4.2.2.2,4.2.2.3

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Avira AntiVir Programador (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 7827 bytes

Abraços a todos

Link para o comentário
Compartilhar em outros sites

1 resposta a esta questão

Posts Recomendados

  • 0

Nós não analisamos casos de empresa, este serviço é exclusivo para usuários finais.

Recomendo que entre em contato com o setor de TI de sua empresa, e caso não haja um, contrate um serviço especializado.

Caso seja você o responsável pela rede, sinta-se a vontade para postar em Dúvidas sobre Infecções e Invasões para consultar os amigos do fórum.

Certo de sua compreensão.

Link para o comentário
Compartilhar em outros sites

Visitante
Este tópico está impedido de receber novos posts.


  • Estatísticas dos Fóruns

    • Tópicos
      152,3k
    • Posts
      652,4k
×
×
  • Criar Novo...