[Resolvido!]Computador lento

[campanita 0]

Estou enviando o log, pois meu computador está muit lento. Passei o Panda on line e encontrou spywares mas não consegui removê-los.

Aguardo uma resposta.

Obrigada

Campanita

 

Logfile of HijackThis v1.99.1

Scan saved at 11:48:59, on 6/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Arquivos de programas\Dell\OpenManage\Client\ActionAgent.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Arquivos de programas\Dell\OpenManage\Client\EventAgt.exe

C:\Arquivos de programas\Dell\OpenManage\Client\DLT.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\dmi\win32\bin\Win32sl.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

C:\WINDOWS\TEMP\WSC021.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\DELLMMKB.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe

C:\Arquivos de programas\Netropa\OSD.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\down\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145468491453

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pt/big/1.1....g/GoogleNav.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EE22C14E-CE70-40D7-932C-708E74DFAAB3}: NameServer = 172.16.0.15

O23 - Service: ActionAgent - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\ActionAgent.exe

O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe

O23 - Service: DEventAgent - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\EventAgt.exe

O23 - Service: DLT - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\DLT.exe

O23 - Service: Iap - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

[jgarcia 1]

Opa campanita,

 

1. Baixe o BankerFix.

 

2. Desative o seu anti-vírus temporariamente.

 

3. Dê um duplo-clique sobre o bankerfix.exe. Uma mensagem aparecerá avisando que o mesmo será baixado via internet. Clique em Ok -> Ok. Aperte Enter e aguarde o término do scan.

 

4. Terminado o scan, leia a mensagem na tela e aperte Enter novamente.

 

5. Habilite o seu anti-vírus.

 

6. Retorne com um novo log do HijackThis, juntamente com o relatorio.txt do BankerFix (ele estará em C:\LinhaDefensiva\).

 

7. Depois de postar a sua resposta você poderá deletar a pasta LinhaDefensiva contida no C.

 

Abraços.

[campanita 0]

Fiz umas alterações, tirei o antivirus da trend e coloquei o avg, pois estavamos suspeitando que havia ficado mais lento devido ao "peso" do trend.

 

 

 

Aqui vai o novo log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:16:44, on 12/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Nhksrv.exe

C:\Arquivos de programas\Dell\OpenManage\Client\ActionAgent.exe

C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

C:\DMI\WIN32\bin\DellDmi.exe

C:\Arquivos de programas\Dell\OpenManage\Client\EventAgt.exe

C:\Arquivos de programas\Dell\OpenManage\Client\DLT.exe

C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

C:\dmi\win32\bin\Win32sl.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Arquivos de programas\Netropa\OSD.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\WinZip\WZQKPICK.EXE

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\Misc\xpupg.exe

C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntupd.exe

C:\Arquivos de programas\SEC\Natural Color\NaturalColorLoad.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Grisoft\AVG7\avgcc.exe

C:\ARQUIV~1\WINZIP\winzip32.exe

C:\Documents and Settings\Orlando\Configurações locais\Temp\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/intl/la/brazil/index.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/intl/la/brazil/index.htm

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\WINDOWS\Downloaded Program Files\googlenav.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Arquivos de programas\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: NaturalColorLoad.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Arquivos de programas\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\Downloaded Program Files\googlenav.dll/cmsimilar.html

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://saturno:8080/officescan/console/Cli...ll/WinNTChk.cab

O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://saturno:8080/officescan/console/Cli...stall/setup.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://saturno:8080/officescan/console/Cli.../RemoveCtrl.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1145468491453

O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) - http://toolbar.google.com/data/pt/big/1.1....g/GoogleNav.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC30} (Encrypt Class) - http://saturno:8080/SMB/console/html/root/AtxEnc.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{EE22C14E-CE70-40D7-932C-708E74DFAAB3}: NameServer = 172.16.0.15

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ActionAgent - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\ActionAgent.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVG7\avgemc.exe

O23 - Service: DellDmi - Dell Computer Corporation - C:\DMI\WIN32\bin\DellDmi.exe

O23 - Service: DEventAgent - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\EventAgt.exe

O23 - Service: DLT - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\DLT.exe

O23 - Service: Iap - Dell Computer Corporation - C:\Arquivos de programas\Dell\OpenManage\Client\Iap.exe

O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\ntrtscan.exe

O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe

O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Arquivos de programas\Trend Micro\Client Server Security Agent\tmlisten.exe

O23 - Service: Win32Sl - Intel - C:\dmi\win32\bin\Win32sl.exe

 

Log do bankefix

 

BankerFix 2.3 - Removedor de Bankers

Linha Defensiva - http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

Data: 12/7/2007 - 10:13

-------------------------------------------------------

Lista de Definição: 2007-07-08-1

=======================================================

 

 

Log do FoxFix

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[jgarcia 1]

Opa campanita,

 

Não há entradas anormais em seus logs.

 

Abraços.

[campanita 0]

Opa campanita,

 

Não há entradas anormais em seus logs.

 

Abraços.

 

 

 

Ok Obrigada

Campanita

[jgarcia 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.