Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
Lex Ribeiro

Solicitação de Análise de Logs

Mensagem Recomendada

Já fiz todos os procedimentos solicitados no Tópico Oficial.

O meu problema é que este computador está registrando em nosso filtro de DNS acesso simultâneo a vários bancos, brasileiros e internacionais, sem que haja nenhuma atividade que justifique estas conexões. Os programas Malwarebytes, AdWareCleaner, KasperSky VRT, HitMan Pro e TDSSKiller não acharam nada em nenhuma das verificações. Desconfio que possa ser um vírus ou malware.

Segue meu log para exame:  

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:33, on 03/05/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19326)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Cobian Backup 11\cbInterface.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\system32\rdpclip.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\taskhost.exe
C:\Users\Suporte\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O4 - HKLM\..\Run: [Cobian Backup 11 interface] "C:\Program Files\Cobian Backup 11\cbInterface.exe" -service
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Startup: MesaMP.lnk = C:\Program Files\Digistar\MesaMP\MesaMP.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4C02B9F-632A-4531-8E04-5822300E49BA}: NameServer = 192.168.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{A4C02B9F-632A-4531-8E04-5822300E49BA}: NameServer = 192.168.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{A4C02B9F-632A-4531-8E04-5822300E49BA}: NameServer = 192.168.0.254,8.8.8.8
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Cobian Backup 11 Gravity (CobianBackup11) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 11\cbService.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

--
End of file - 4475 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópicos com "Cracks" (Windows e Office), Logs de Servidores, Computadores em Rede de Empresas ou de terceiros (clientes, amigos, parentes, etc...) não serão analisados, pois o trabalho aqui desenvolvido é voluntário e gratuito, visando ajudar usuários finais (PCs pessoais).


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...