[Resolvido] Notebook lento

Ionara · Agosto 7, 2015

Note lento,

segue log...

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:53:53, on 06/08/2015

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v11.0 (11.00.9600.17840)

Boot mode: Normal

Running processes:

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe

C:\Program Files (x86)\OEM\iBrightness 1.0.1\iBrightness.exe

C:\Program Files (x86)\OEM\IPM 1.9.4\IPM.exe

C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: VirtualKeyboardBrowserHelperObject - {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

O2 - BHO: ContentBlockerBrowserHelperObject - {93BC2EA7-2F17-4729-948A-D2E03FFB2412} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll

O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll

O2 - BHO: Safe Money Plugin - {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.1\bin\EpmNews.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - Global Startup: iBrightness.lnk = ?

O4 - Global Startup: IPM.lnk = ?

O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: Teclado Virtual - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: imagem.caixa.gov.br

O15 - Trusted Zone: internetbanking.caixa.gov.br

O15 - Trusted Zone: internetbankingpf.caixa.gov.br

O15 - Trusted Zone: www.caixa.gov.br

O15 - Trusted Zone: http://www.caixa.gov.br

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\WINDOWS\system32\EasyAntiCheat.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater18.8.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

--

End of file - 11127 bytes

DigRam · Agosto 9, 2015

/!\ Bom Dia! Ionara /!\

> Baixe: <

> ( ... by Farbar )

> No banner àcima,é para sistemas 32bits!

< Farbar Recovery Scan Tool 64-Bit >

> No link àcima,é para sistemas 64bits!

> Salve-o no desktop! (Área de trabalho ...)

> Execute a ferramenta! Clique "Yes" >> "Scan".

> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.

> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".

> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.

> Poste os relatórios! (FRST.txt + Addition.txt)

> Como o log será extenso,envie-o à

>

> Clique no botão Parcourir...

> Busque o relatório e clique no botão Abrir.

> Clique no botão "Créer le lien Cjoint".

> Copie o link que está ao lado de "Le lien a été créé" e poste-o em sua resposta.

> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.

> Ou clique "Copier le lien (*)" e cole o link ao seu Post.

A+

Ionara · Agosto 10, 2015

Boa noite,

seguem logs...

http://www.cjoint.com/c/EHkw7lOdlSg

http://www.cjoint.com/c/EHkxanfMMLg

DigRam · Agosto 10, 2015

/!\ Boa Noite! Ionara /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as no desktop! ( Área de trabalho ... ) -/- C:\Users\Valmor\Desktop <<

start

CloseProcesses:

emptytemp:

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\ToolbarUpdater.exe

() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe

HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3175312 2015-07-22] ()

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll [2015-07-22] (AVG)

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.5.143\AVG Web TuneUp.dll [2015-07-22] (AVG)

FF SelectedSearchEngine: AVG Secure Search

FF Extension: AVG Web TuneUp - C:\Users\Valmor\AppData\Roaming\Mozilla\Firefox\Profiles\37lmntv0.default\Extensions\avg@toolbar [2015-05-06]

R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1195920 2015-07-22] ()

S4 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

S3 EasyAntiCheatSys; \??\C:\WINDOWS\system32\EasyAntiCheat.sys [X]

S3 ew_usbenumfilter; \SystemRoot\System32\drivers\ew_usbenumfilter.sys [X]

S3 huawei_cdcacm; \SystemRoot\system32\DRIVERS\ew_jucdcacm.sys [X]

S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]

U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

2015-08-06 21:53 - 2015-08-06 21:53 - 00011129 _____ C:\Users\Valmor\Desktop\hijackthis.log

2015-08-06 21:50 - 2015-08-06 21:50 - 00003013 _____ C:\Users\Valmor\Desktop\HiJackThis.lnk

2015-08-06 21:50 - 2015-08-06 21:50 - 00000000 ____D C:\Users\Valmor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis

2015-08-06 21:50 - 2015-08-06 21:50 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2015-08-06 21:47 - 2015-08-06 21:47 - 01402880 _____ C:\Users\Valmor\Desktop\HijackThis.msi

2015-07-22 18:19 - 2015-05-06 10:28 - 00000000 ____D C:\Program Files\AVG Web TuneUp

2015-07-22 18:19 - 2015-05-06 10:28 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp

2014-02-19 16:13 - 2014-02-19 16:13 - 0510976 _____ () C:\ProgramData\DRV10.tmp

2014-02-19 16:13 - 2014-02-19 16:20 - 9891328 _____ (OEM) C:\ProgramData\E1010.tmp

2015-05-06 10:28 - 2015-07-22 18:19 - 01195920 _____ () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe

2015-07-22 18:19 - 2015-07-22 18:19 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.8.0\loggingserver.exe

Task: {BDFC3145-819C-41D8-9805-21E924B1D55F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)

C:\Users\Valmor\AppData\Local\Temp\SkypeSetup.exe

CreateRestorePoint:

Reboot:

end

> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+

Ionara · Agosto 11, 2015

Boa noite,

segue fixlog...

Fix result of Farbar Recovery Scan Tool (x64) Version:11-08-2015 02

Ran by Ionara (2015-08-11 20:20:58) Run:1

Running from C:\Users\Valmor\Desktop

Loaded Profiles: Ionara & Administrador (Available Profiles: Ionara & Administrador & Convidado)

Boot Mode: Normal

==============================================

fixlist content:

*****************