Ir para conteúdo
  • Cadastre-se

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

Conheça as novidades de 2019 para o BABOO e Fórum do BABOO

Otacilio

Computador travando, lento e mouse sai de operação

Avalie este tópico:

Mensagem Recomendada

Fiz os procedimentos no painel de controle do Ccleaner, segue abaixo o log do hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:06:52, on 11/02/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
C:\Contabil\Utilitários\ServicoAgendador.exe
C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
C:\Contabil\Utilitários\gerencatu.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Dropbox\Client\QtWebEngineProcess.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Otacilio\Downloads\HijackThis (2).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files\GbPlugin\gbiehscd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Serasa Update.lnk = C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O15 - Trusted Zone: correspondente.sicredi.com.br
O15 - Trusted Zone: ibpf.sicredi.com.br
O15 - Trusted Zone: ibpj.sicredi.com.br
O15 - Trusted Zone: si-plg.sicredi.com.br
O15 - Trusted Zone: www.sicredi.com.br
O15 - Trusted Zone: internet.sicreditotal.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB80BC6-B425-4DA4-B790-8F2404F4FA87}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginScd - C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: ServicoAgendador - Unknown owner - C:\Contabil\Utilitários\ServicoAgendador.exe
O23 - Service: ServicoDominioAtendimento - Unknown owner - C:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe
O23 - Service: ServicoGerenciadorAtualizacao - Unknown owner - C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 11942 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

~ ZHPCleaner v2019.2.11.20 by Nicolas Coolman (2019/02/11) ~ Run by Otacilio (Administrator) (11/02/2019 19:50:32) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Otacilio\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Otacilio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Starter, 32-bit Service Pack 1 (Build 7601) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (1) ~ The hosts file is legitimate (1) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (20) MOVED file: C:\Windows\Installer\MSI264D.tmp [Serasa Experian - InstallMSI] =>.SUP.MSIInstaller MOVED file: C:\Windows\Installer\MSI8250.tmp [Ask Partner Network - Reporter Application] =>.SUP.MSIInstaller MOVED file: C:\Windows\Installer\MSIA9B9.tmp [Ask Partner Network - Reporter Application] =>.SUP.MSIInstaller MOVED file: C:\Windows\Installer\MSIDCC6.tmp [Ask Partner Network - Reporter Application] =>.SUP.MSIInstaller MOVED file: C:\Windows\Installer\MSIF28C.tmp [Ask Partner Network - Reporter Application] =>.SUP.MSIInstaller MOVED file: C:\Windows\Installer\1a68e0.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\2174b9.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\29ad7c.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\2cfdc1.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\3cba7c.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\a9a87.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\bda14.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\df3f0.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Windows\Installer\ee067.msp =>.SUP.Obsolete.Adobe MOVED file: C:\Users\Otacilio\Downloads\antimalwaresetup.exe [Plumbytes Software - Plumbytes Anti-Malware] =>.SUP.Plumbytes MOVED folder: C:\Users\Otacilio\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Otacilio\AppData\LocalLow\Brother =>.SUP.Empty MOVED folder: C:\Users\Otacilio\AppData\LocalLow\EmieBrowserModeList =>.SUP.Empty MOVED folder: C:\Users\Otacilio\AppData\LocalLow\EmieSiteList =>.SUP.Empty MOVED folder: C:\Users\Otacilio\AppData\LocalLow\EmieUserList =>.SUP.Empty ---\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. (Register) ---\ Summary of the elements found (5) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MSIInstaller https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe https://nicolascoolman.eu/2017/09/09/sup-plumbytes/ =>.SUP.Plumbytes https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty ---\ Other deletions. (28) ~ Registry Keys Tracing deleted (26) ~ Remove the old reports ZHPCleaner. (2) ---\ Result of repair ~ Repair carried out successfully ---\ Statistics ~ Items scanned : 1738 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of clean in 00h01mn03s ---\ Reports (2) ZHPCleaner--11022019-19_43_28.txt ZHPCleaner-[R]-11022019-19_51_35.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do Mbam

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/02/2019
Hora da análise: 11:14
Arquivo de registro: 28eb5532-2ec8-11e9-af8e-00235a63c749.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.538
Versão do pacote de definições: 1.0.9228
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Otacilio-PC\Otacilio

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 176745
Ameaças detectadas: 13
Ameaças em quarentena: 13
Tempo decorrido: 6 min, 33 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 1
PUP.Optional.WiperSoft, C:\USERS\OTACILIO\APPDATA\ROAMING\WIPERSOFT, Quarentena, [4416], [340918],1.0.9228

Arquivo: 12
PUP.Optional.WiperSoft, C:\USERS\OTACILIO\APPDATA\ROAMING\WIPERSOFT\SIGNATURES.DAT, Quarentena, [4416], [340918],1.0.9228
PUP.Optional.WiperSoft, C:\Users\Otacilio\AppData\Roaming\WiperSoft\whitelist.dat, Quarentena, [4416], [340918],1.0.9228
PUP.Optional.WiperSoft, C:\Users\Otacilio\AppData\Roaming\WiperSoft\wipersoft.dat, Quarentena, [4416], [340918],1.0.9228
PUP.Optional.WiperSoft, C:\Users\Otacilio\AppData\Roaming\WiperSoft\wipersoft.eni, Quarentena, [4416], [340918],1.0.9228
PUP.Optional.WiperSoft, C:\Users\Otacilio\AppData\Roaming\WiperSoft\WiperSoft.Fix.log, Quarentena, [4416], [340918],1.0.9228
PUP.Optional.WiperSoft, C:\Users\Otacilio\AppData\Roaming\WiperSoft\WiperSoft.Scan.log, Quarentena, [4416], [340918],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\ANTIMALWARESETUP.EXE, Quarentena, [0], [392686],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\MSIA9B9.TMP, Quarentena, [0], [392686],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\MSIF28C.TMP, Quarentena, [0], [392686],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\MSI8250.TMP, Quarentena, [0], [392686],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\MSIDCC6.TMP, Quarentena, [0], [392686],1.0.9228
Generic.Malware/Suspicious, C:\USERS\OTACILIO\DOWNLOADS\ANTIMALWARESETUP (1).EXE, Quarentena, [0], [392686],1.0.9228

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

LOG DO HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:47, on 12/02/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
C:\Contabil\Utilitários\ServicoAgendador.exe
C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
C:\Contabil\Utilitários\gerencatu.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\taskhost.exe
C:\Users\Otacilio\Desktop\HijackThis (2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files\GbPlugin\gbiehscd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Serasa Update.lnk = C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O15 - Trusted Zone: correspondente.sicredi.com.br
O15 - Trusted Zone: ibpf.sicredi.com.br
O15 - Trusted Zone: ibpj.sicredi.com.br
O15 - Trusted Zone: si-plg.sicredi.com.br
O15 - Trusted Zone: www.sicredi.com.br
O15 - Trusted Zone: internet.sicreditotal.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB80BC6-B425-4DA4-B790-8F2404F4FA87}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginScd - C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\72.0.3626.96\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: ServicoAgendador - Unknown owner - C:\Contabil\Utilitários\ServicoAgendador.exe
O23 - Service: ServicoDominioAtendimento - Unknown owner - C:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe
O23 - Service: ServicoGerenciadorAtualizacao - Unknown owner - C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 11552 bytes
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Postando novamente

log mbam

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/02/2019
Hora da análise: 16:44
Arquivo de registro: 41d23633-2ef6-11e9-a37c-00235a63c749.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.538
Versão do pacote de definições: 1.0.9230
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: Otacilio-PC\Otacilio

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 177479
Ameaças detectadas: 0
Ameaças em quarentena: 0
Tempo decorrido: 20 min, 40 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 0
(Nenhum item malicioso detectado)

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

log Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:25:42, on 12/02/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
C:\Contabil\Utilitários\ServicoAgendador.exe
C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
C:\Windows\system32\svchost.exe
C:\Contabil\Utilitários\gerencatu.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Dropbox\Client\QtWebEngineProcess.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Otacilio\Desktop\HijackThis (2).exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files\GbPlugin\gbiehscd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Serasa Update.lnk = C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O15 - Trusted Zone: correspondente.sicredi.com.br
O15 - Trusted Zone: ibpf.sicredi.com.br
O15 - Trusted Zone: ibpj.sicredi.com.br
O15 - Trusted Zone: si-plg.sicredi.com.br
O15 - Trusted Zone: www.sicredi.com.br
O15 - Trusted Zone: internet.sicreditotal.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB80BC6-B425-4DA4-B790-8F2404F4FA87}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginScd - C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\72.0.3626.96\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: ServicoAgendador - Unknown owner - C:\Contabil\Utilitários\ServicoAgendador.exe
O23 - Service: ServicoDominioAtendimento - Unknown owner - C:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe
O23 - Service: ServicoGerenciadorAtualizacao - Unknown owner - C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 11659 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.

Informe a situação atual do PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\APNSetup.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\SO.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.R potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT\vntldr.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\GOSafer\nfapi.dll.vir    a variant of Win32/NetFilter.A potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\WNet\nfapi.dll.vir    a variant of Win32/NetFilter.A potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Otacilio\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Otacilio\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Users\Otacilio\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll.vir    a variant of Win32/Bundled.Toolbar.Ask.O potentially unsafe application    cleaned by deleting
C:\Users\Otacilio\Desktop\coisas henrique\$RECYCLE.BIN\$RWRBTOS.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Windows\System32\wsrundll.dll    a variant of MSIL/WaveSpy.A potentially unsafe application    cleaned by deleting
 

 

LOG NOVO DO HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:51:02, on 13/02/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19267)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\DbxSvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\HPSIsvc.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
C:\Contabil\Utilitários\ServicoAgendador.exe
C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
C:\Contabil\Utilitários\gerencatu.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\Dropbox\Client\Dropbox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Dropbox\Client\QtWebEngineProcess.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Users\Otacilio\Desktop\HijackThis (2).exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: G-Buster Browser Defense Sicredi - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\Program Files\GbPlugin\gbiehscd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Dropbox] "C:\Program Files\Dropbox\Client\Dropbox.exe" /systemstartup
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Serasa Update.lnk = C:\Program Files\Serasa Experian\Service\eSfUpdateForm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O15 - Trusted Zone: correspondente.sicredi.com.br
O15 - Trusted Zone: ibpf.sicredi.com.br
O15 - Trusted Zone: ibpj.sicredi.com.br
O15 - Trusted Zone: si-plg.sicredi.com.br
O15 - Trusted Zone: www.sicredi.com.br
O15 - Trusted Zone: internet.sicreditotal.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB80BC6-B425-4DA4-B790-8F2404F4FA87}: NameServer = 4.2.2.1,4.2.2.2
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify:  GbPluginScd - C:\Program Files\GbPlugin\gbiehScd.dll
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files\Dropbox\Update\DropboxUpdate.exe
O23 - Service: DbxSvc - Dropbox, Inc. - C:\Windows\system32\DbxSvc.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\72.0.3626.96\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - HP - C:\Windows\system32\HPSIsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Serasa Update (SerasaUpdate) - Serasa Experian - C:\Program Files\Serasa Experian\Service\SerasaUpdate.exe
O23 - Service: ServicoAgendador - Unknown owner - C:\Contabil\Utilitários\ServicoAgendador.exe
O23 - Service: ServicoDominioAtendimento - Unknown owner - C:\Contabil\Agente de Comunicação com o Domínio Atendimento\Servico\ServicoDominioAtendimento.exe
O23 - Service: ServicoGerenciadorAtualizacao - Unknown owner - C:\Contabil\Utilitários\ServicoGerenciadorAtualizacao.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 12117 bytes
 

SITUAÇÃO DO PC

Ainda não reiniciei após o último processo. mas já parece mais rápido. vou reiniciar para ver como está o acesso a internet e aos arquivos do PC. retorno com a situação encontrada.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia.

hoje consegui verificar meu computador.

liguei e achei ele ainda lento. e depois de uns 15 minutos ligado, cliquei no icone do Google Chrome para acessar a internet e levou uns 7 minutos para abrir a janela.

Depois de acessar um vez, se eu sair do chrome e voltar a clicar para acessar novamente ele é rápido.

Alguma outra ação para verificar?

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por aqui nada mais a fazer, não é problema relacionado a Vírus/Malwares.

O PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×