Análise de log do hijackthis

Resolvido/Fechado
RRG84 Posts 1 Data de inscrição segunda 17 de novembro de 2014 Status Membro Última visita 17 de novembro de 2014 - 17 nov 2014 às 23:07
JESUS CRISTO Posts 1552 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 - 18 nov 2014 às 15:56
Boa noite,

É a minha primeira postagem e gostaria de uma ajuda com relação ao log do hijackthis. Estou com o Pc bastante travado e gostaria, se puderem, que dessem uma olhada no que pode ser feito. Vi em um outro post a colagem do log diretamente na msg, por isso farei o mesmo. Se for o caso mandarei o arquivo txt.

Desde já agradeço a atenção e aguardo contato.

Obrigado.

Segue o log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:52:17, on 17/11/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\sulema\Downloads\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://search.safefinder.com/?st=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.safefinder.com/?st=ds&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://search.safefinder.com/?st=ds&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://search.safefinder.com/?st=ds&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A4EEFE4-DEF8-44DE-B13F-932DCE46690D}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IePlugin Services (IePluginServices) - Unknown owner - C:\ProgramData\IePluginServices\PluginService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: QNaXHaXhfP - Small Island Development - C:\ProgramData\EtYSoCku\QNaXHaXhfP.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

1 Respostas

JESUS CRISTO Posts 1552 Data de inscrição segunda 4 de outubro de 2010 Status Contribuinte Última visita 23 de junho de 2016 3.160
18 nov 2014 às 15:56
HELLO,RRG84


1º DESINSTALE OU APAGUE SE FOR PORTÁTIL ESSES PROGRAMAS;

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe


2º ESSE É SUSPEITO;

C:\Windows\system32\wbem\unsecapp.exe

EM VÁRIOS SITES DIZEM SER UM VIRUS.



3º ALGUNS TOOLBARS

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/{searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/{searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/{searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =


4º AGORA A LIMPEZA;


USE O COMBOFIX PARA TERMINAR TODOS OS ARQUIVOS SUSPEITOS E LIMPAR O NAVEGADOR DOS TOOLBARS E MECANISMOS DE PESQUISA.


LINK; https://www.bleepingcomputer.com/download/combofix/


BAIXE E SALVE ELE NA ÁREA DE TRABALHO,AGORA PAUSE O AVAST E EXECUTE O COMBOFIX.


NÃO TEM MUITO O QUE MEXER NELE POIS ELE FAZ QUASE TUDO SOZINHO.


1º CLICK EM AGREE / PARA ACEITAR OS TERMOS DO PROGRAMA.


2º DEPOIS ELE VAI PERGUNTAR SE VC QUER INSTALAR O MICROSOFT WINDOWS RECOVERY CONSOLE CLICK EM NO.


3º AGORA É SÓ PEGAR UMA PIPOCA E ESPERAR.


4º APÓS A LIMPEZA O PC VAI REINICIAR E VAI SER MOSTRADO UM RELÁTÓRIO DE TUDO O QUE FOI ENCONTRADO E FEITO.


5º AGORA USE ESSE PROGRAMA; AdwCleaner 4.1.0.1


LINK; https://www.bleepingcomputer.com/download/adwcleaner/


BAIXE E SALVE ELE NA ÁREA DE TRABALHO,AGORA PAUSE O AVAST E EXECUTE O AdwCleaner 4.1.0.1.




1º CLICK EM SCAN

2º QUANDO TERMINAR O SCAN CLICK NAS ABAS REGISTRO/SERVICES/..........

3º SE ELE ENCOTRAR ALGO CLICK EM CLEAN E PRONTO.



VEJA SE MELHOROU E POSTE O RESULTADO OK.




Assine nossa newsletter!

Assine nossa newsletter!