[Resolvido] Notebook com lentidão excessiva

keysha · Agosto 30, 2015

Boa noite, Imasters

Há algum tempo suspeito da existência de vírus ou malwares, devido a lentidão no notebook. Recentemente confirmei a suspeita quando uma amiga detectou vírus em seu pendrive após ele ser usado no meu note.

Além disso, não consigo me livrar do arquivo de Diagnóstico do BB (segurança do Banco do Brasil). Sempre aparece um alerta quando inicio o sistema, perguntando se desejo executar o arquivo.

Quando executei o HiJackThis, apareceu a seguinte mensagem:

[For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HiJackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and Type:

notepad C:\Windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HiJackThis reports and delete them. Save the file as "hosts". (with quotes), and reboot.

For Vista: simply, exit HiJackThis, right click on the HiJackThis icon, choose "Run as administrator".]

No hosts encontrei o que se segue e não fiz nenhuma alteração:

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.

# 127.0.0.1 localhost

# ::1 localhost

E finalmente, segue o Log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:11:54, on 30/08/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16635)

Boot mode: Normal

Running processes:

C:\Users\MICHELLE\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ae8ba] C:\Users\MICHELLE\AppData\Roaming\b89db\ae8ba.js

O4 - HKCU\..\Run: [Microsoft] wscript.exe //B "C:\Users\MICHELLE\AppData\Local\Temp\Microsoft.vbe"

O4 - HKCU\..\Run: [AutoHelpDesk] C:\Users\MICHELLE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N47QS0K5\DiagnosticoBB.exe

O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\MICHELLE\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5628F351CD597A3AB5D5342FAB3354F1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - Startup: Dropbox.lnk = C:\Users\MICHELLE\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: f8c.js

O4 - Startup: Microsoft.vbe

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0BD6F99-0824-47A0-BF5A-F3515BA7998D}: NameServer = 208.67.222.222,208.67.220.220

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--

End of file - 7815 bytes

Desde já, obrigada!

DigRam · Agosto 31, 2015

/!\ Boa Noite! keysha /!\

> Baixe:

>

> Salve-a no desktop!

> Abra a ferramenta UsbFix >> Clique: Opções

> Marque a caixa "Desativar Autorun/AutoPlay". ( Windows XP )

> Clique "Aplicar".

> Insira,agora,seu pendrive ou unidade externa,infectada,e na tela principal da ferramenta,clique "Limpar".

> Poste o relatório!

A+

keysha · Agosto 31, 2015

############################## | UsbFix V 8.019 | [Limpar]

Usuário: MICHELLE (Administrador) # MICHELLE-PC

Atualizado em 31/08/2015 por El Desaparecido - SosVirus

Começou em 19:26:08 | 31/08/2015

Site : http://www.pt.usbfix.net/

Changelog : http://www.usbfix.net/maj/

Asistencia : http://www.sos-virus.net/

Detecção en vivo : http://www.como-remover.com/category/usb-virus/

Contato : http://www.pt.usbfix.net/contato/

################## | System information |

MB: SAMSUNG ELECTRONICS CO., LTD. (RV411)

CPU: Intel® Core i3 CPU M 380 @ 2.53GHz

RAM -> [Total : 1909 Mo | Free : 1107 Mo]

Bios: Phoenix Technologies Ltd.

Boot: Normal boot

OS: Microsoft™ Windows 7 Home Basic (6.1.7601 64-Bit) Service Pack 1

WB: Internet Explorer : 10.00.9200.16521

WB: Google Chrome : 44.0.2403.157

WB: Mozilla Firefox : 29.0.1

################## | Security Information |

AS: Windows Defender [Ativo |Atualizado]

FW: Windows Firewall [Ativo]

SC: Security Center [Ativo]

WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 111 Gb (21 Gb livre - 19%) [] # NTFS

D:\ -> Disco fixo # 166 Gb (46 Gb livre - 27%) [] # NTFS

F:\ -> Disco removível # 8 Gb (8 Gb livre - 99%) [MICHELLE] # FAT32

################## | Procura genérica |

Supprimido! C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\f8c.js

Supprimido! C:\Users\MICHELLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbe

Supprimido! C:\Users\MICHELLE\AppData\Local\Temp\Microsoft.vbe

Supprimido! F:\Microsoft.vbe

Supprimido! F:\Inspetor DENIS.lnk

Supprimido! F:\PLAYER.lnk

Supprimido! F:\Despachos - Recebimento e remessa de IP - Cópia.lnk

Supprimido! F:\INVESTIGAÇÕES SOBRE TRAFICO DE ENTORPECENTES.lnk

Supprimido! F:\RunClubSanDisk.lnk

Supprimido! F:\RunSanDiskSecureAccess_Win.lnk

Supprimido! F:\TRANSFERENCIA DE INQUÉRITOS DE HOMICÍDIO.lnk

Supprimido! F:\Capa com logo - Local do Fato.lnk

Supprimido! F:\Despachos - Recebimento e remessa de IP.lnk

Supprimido! F:\CI REMOCAO NOVO MODELO 1 docx.lnk

Supprimido! F:\C6_TP_SISTEMA INTEGRADO DE METAS E.lnk

Supprimido! F:\despacho - Primeiro contato com os autos.lnk

Supprimido! C:\Users\MICHELLE\AppData\Roaming\b89db\ae8ba.js

Supprimido! C:\Users\MICHELLE\AppData\Roaming\b89db

Supprimido! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Microsoft

Supprimido! HKU\S-1-5-21-2283475913-1075874766-1198143118-1000\Software\Microsoft\Windows\CurrentVersion\Run|ae8ba

Restorado! [N] F:\Despachos - Recebimento e remessa de IP - Cópia.docx

Restorado! [N] F:\Inspetor DENIS.docx

Restorado! [N] F:\INVESTIGAÇÕES SOBRE TRAFICO DE ENTORPECENTES.xlsx

Restorado! [N] F:\PLAYER.EXE

Restorado! [N] F:\RunClubSanDisk.exe

Restorado! [N] F:\RunSanDiskSecureAccess_Win.exe

Restorado! [N] F:\TRANSFERENCIA DE INQUÉRITOS DE HOMICÍDIO.docx

Restorado! [N] F:\Capa com logo - Local do Fato.docx

Restorado! [N] F:\Despachos - Recebimento e remessa de IP.docx

Restorado! [N] F:\CI REMOCAO NOVO MODELO 1 docx.docx

Restorado! [N] F:\C6_TP_SISTEMA INTEGRADO DE METAS E.pdf

Restorado! [N] F:\despacho - Primeiro contato com os autos.docx

(!) Ficheiros temporários suprimido. (250.085990905762 MB)

################## | Startup |

F2 - HKLM\..\Winlogon : [shell] explorer.exe

F2 - [x64] HKLM\..\Winlogon : [shell] explorer.exe

F2 - HKLM\..\Winlogon : [userinit] userinit.exe

F2 - [x64] HKLM\..\Winlogon : [userinit] C:\Windows\system32\userinit.exe,

04 - HKCU\..\Run : [AutoHelpDesk] C:\Users\MICHELLE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N47QS0K5\DiagnosticoBB.exe

04 - HKCU\..\Run : [Dropbox Update] "C:\Users\MICHELLE\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

04 - HKCU\..\Run : [GoogleChromeAutoLaunch_5628F351CD597A3AB5D5342FAB3354F1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

04 - HKLM\..\Run : [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

04 - [x64] HKLM\..\Run : [ETDCtrl] %ProgramFiles%\Elantech\ETDCtrl.exe

04 - [x64] HKLM\..\Run : [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"

04 - HKU\S-1-5-19\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

04 - HKU\S-1-5-20\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

04 - HKU\S-1-5-21-2283475913-1075874766-1198143118-1000\..\Run : [AutoHelpDesk] C:\Users\MICHELLE\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N47QS0K5\DiagnosticoBB.exe

04 - HKU\S-1-5-21-2283475913-1075874766-1198143118-1000\..\Run : [Dropbox Update] "C:\Users\MICHELLE\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

04 - HKU\S-1-5-21-2283475913-1075874766-1198143118-1000\..\Run : [GoogleChromeAutoLaunch_5628F351CD597A3AB5D5342FAB3354F1] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

04GS - Dropbox.lnk : C:\Users\MICHELLE\AppData\Roaming\Dropbox\bin\Dropbox.exe

################## | UsbFix - Informação |

Info :

Info : Como remover o vírus que transforma pastas e arquivos em atalhos ?

Detecção en vivo : http://www.como-remover.com/category/usb-virus/

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.pt.usbfix.net/ |

DigRam · Setembro 1, 2015

/!\ Boa Noite! keysha /!\

> Tudo Ok?

> Baixe: <

SFTGC > ( ... de Pierre13 )

> Tendo dificuldades no download,utilize o navegador Internet Explorer.

> Salve-o no desktop!

> Para Windows Vista e 7,execute "SFTGC.exe" como administrador!

> Execute-o e clique "Go".

> Aguarde seu término,que é rápido.

> Poste o relatório! ( SFT.txt )

> Ps: De acordo com o tamanho do relatório,não poste-o diretamente!

> Acesse,para esta tarefa! <

>

Abs!

keysha · Setembro 5, 2015

Boa tarde!!

Relatório: http://www.cjoint.com/c/EIfroRHbI5v

Obrigada :)

DigRam · Setembro 5, 2015

/!\ Boa Noite! keysha /!\

< Internet Explorer 11 para Windows 7 >

> Seu navegador IE está desatualizado! Baixe aqui o IE11,que já está disponível.

> Poste relatório atualizado do HijackThis.

A+

keysha · Setembro 13, 2015

Boa noite! IE atualizado! Segue o Relatório do HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:27:39, on 13/09/2015

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17840)