Logo Hardware.com.br
Dallas Alban
Dallas Alban Novo Membro Registrado
5 Mensagens 0 Curtidas

[Resolvido] Análise de log - Fui hackeado e 99% de uso de CPU

#1 Por Dallas Alban 15/09/2021 - 15:27
Boa tarde!

Eu nunca usei antivírus, até que mês passado alguém hackeou meu Facebook e Instagram. Também conseguiram os dados do meu cartão de crédito e tentaram fazer compras. Formatei a máquina e coloquei o Avast Premium, mas agora um processo chamado AvastUI.exe está usando quase toda cpu, deixando ela sempre em 99% e, quando vou ligar o notebook, a inicialização demora quase 10 minutos. Não sei se isso pode ainda ser um vírus ou se meu notebook não aguenta o Avast (ele é bem antigo). Fiz os logs como indicado. Se puderem me ajudar ficarei muito grato!

"FRST.txt"


"Addition.txt"
boa cpu analise 99 logs hackeado avast tarde
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#2 Por joram
15/09/2021 - 19:31
/!\ Boa Noite! Dallas Alban /!\

> Desinstale: Avast Premium Security (HKLM\...\Avast Antivirus) (Version: 21.7.2481 - Avast Software)

> Copie estas informações que estão no Spoiler,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto ou Unicode,caso solicite!
> Salve-as ao desktop! ( Área de trabalho ... )
Executando a partir de C:\Users\dalla\AppData\Local\Temp\scoped_dir5896_895953561

> Remova a execução da FRST desta pasta Temp...que é incorreta!

Imagem
[spoiler]start::
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
GroupPolicy: Restrição ? <==== ATENÇÃO
Policies: C:\ProgramData\NTUSER.pol: Restrição <==== ATENÇÃO
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restrição <==== ATENÇÃO
Task: {4A557F85-0EB6-48DB-960D-8144B35DEF18} - System32\Tasks\Avast Emergency Update => C:\Program Files\Avast Software\Avast\AvEmUpdate.exe [4917528 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
Task: {E48EC43D-3A95-4A7C-A432-A0A731A3753B} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [1790184 2021-09-02] (Avast Software s.r.o. -> Avast Software)
R3 aswbIDSAgent; C:\Program Files\Avast Software\Avast\aswidsagent.exe [8303184 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Antivirus; C:\Program Files\Avast Software\Avast\AvastSvc.exe [630040 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Firewall; C:\Program Files\Avast Software\Avast\afwServ.exe [1631512 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R2 avast! Tools; C:\Program Files\Avast Software\Avast\aswToolsSvc.exe [377624 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R2 AvastWscReporter; C:\Program Files\Avast Software\Avast\wsc_proxy.exe [56912 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [221584 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdriver.sys [367632 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsh.sys [250384 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniv.sys [99344 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [17344 2021-09-02] (Microsoft Windows Early Launch Anti-malware Publisher -> AVAST Software)
R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [41344 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [184120 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswNetHub; C:\WINDOWS\System32\drivers\aswNetHub.sys [538464 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [107840 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [82904 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [851704 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [553496 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215384 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [328568 2021-09-02] (Avast Software s.r.o. -> AVAST Software)
2021-09-02 20:02 - 2021-09-02 20:02 - 000002099 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premium Security.lnk
2021-09-02 20:02 - 2021-09-02 20:02 - 000002087 _____ C:\Users\Public\Desktop\Avast Premium Security.lnk
2021-09-02 20:01 - 2021-09-02 18:23 - 000340248 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2021-09-02 18:29 - 2021-09-02 18:29 - 000000000 ____D C:\Users\dalla\AppData\Local\Avast Software
2021-09-02 18:28 - 2021-09-02 18:28 - 000000000 ____D C:\Users\dalla\AppData\Roaming\Avast Software
2021-09-02 18:25 - 2021-09-14 17:54 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avast Software
2021-09-02 18:24 - 2021-09-15 12:59 - 000004264 _____ C:\WINDOWS\system32\Tasks\Avast Emergency Update
2021-09-02 18:23 - 2021-09-02 18:24 - 000328568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000851704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000553496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000538464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetHub.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000367632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdriver.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000250384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsh.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000221584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000215384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000184120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000107840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000099344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniv.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000082904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000041344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000017344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2021-09-02 18:23 - 2021-09-02 18:23 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2021-09-02 18:22 - 2021-09-02 18:22 - 000000000 ____D C:\Program Files\Avast Software
2021-09-02 18:20 - 2021-09-03 13:24 - 000000000 ____D C:\ProgramData\Avast Software
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-02] (Avast Software s.r.o. -> AVAST Software)
ShellIconOverlayIdentifiers-x32: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-02] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\Avast Software\Avast\ashShell.dll [2021-09-02] (Avast Software s.r.o. -> AVAST Software)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aswSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\aswSP.sys => ""="Driver"
FirewallRules: [TCP Query User{4D85B503-C650-4ED8-A41C-BC08BFE0F20C}C:\users\dalla\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Allow) C:\users\dalla\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => Nenhum Arquivo
FirewallRules: [UDP Query User{61271237-16F6-45D2-BD46-7E647A251ADD}C:\users\dalla\appdata\local\programs\opera gx\77.0.4054.298\opera.exe] => (Allow) C:\users\dalla\appdata\local\programs\opera gx\77.0.4054.298\opera.exe => Nenhum Arquivo
FirewallRules: [{093FFE43-C72D-4DB5-AF1F-7E0D7F442B5B}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{539B7D3A-C098-46D1-9E9A-F5F3ED73BDF0}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{59530720-B78F-4DBF-B3D9-F0D941514EA5}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
FirewallRules: [{01F708AE-856D-4528-829C-1AAD37F48DB0}] => (Block) C:\Program Files\Avast Software\Avast\AvastUI.exe (Avast Software s.r.o. -> AVAST Software)
StartPowershell:
sfc /scannow
DISM /Online /Cleanup-image /Restorehealth
EndPowershell:
CreateRestorePoint:
SystemRestore: On
EmptyTemp:
Reboot:
Hosts:
end::[/spoiler]

Imagem

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Poste o relatório "Resultado da Correção pela Farbar Recovery Scan Tool". (Fixlog.txt)
> Este e outros relatórios,podem ser encontrados na pasta: Disco Local (C) > FRST > Logs

< Este script foi elaborado exclusivamente para este computador,portanto peço aos visitantes que não o utilize em outras "máquinas". >

[]s
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal