[Resolvido] &nbsplaptop lento com mouse travando

[sappho 0]

Olá pessoal!

 

Preciso de uma ajuda. Estou limpando o laptop de um amigo. Mudei o antivírus dele para o gratuito da MS, passei ele e tirei alguns vírus (três no total, dentre eles "Bandload"). Pareceu ter dado uma melhorada. Usei o limpador de disco do próprio Windows e também o CCleaner. Dei uma olhada nos processos rodando e não encontrei nada que me parecesse anormal. No entanto o computador fica mega lento em alguns momentos. Se eu deixo tudo fechado e movo o mouse de um lado para o outro repetidamente, ele dá umas travadas aleatórias em intervalos quase regulares. Parece que há uns picos no processamento mas não consigo verificar isso pelo process explorer. Estou postando um log pra ver se encontram alguma coisa. Obrigada

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:02:17, on 30/08/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\HPConfig.exe

C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\carpserv.exe

C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

C:\Program Files\Turbo\Manager\desp2k.exe

C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\System32\msiexec.exe

C:\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=1c02&lc=040c&s=search&ap=b204

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html'>http://www.freesurf.fr/recherche.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freesurf.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/2Q00CPT/040C/bF7.asp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = FreeSurf

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s

O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE

O4 - HKLM\..\Run: [desp2k] C:\Program Files\Turbo\Manager\desp2k.exe

O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O17 - HKLM\System\CCS\Services\Tcpip\..\{60ABDF66-128B-4661-9DAD-EF5B193A1EBB}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: ShellCompatibility - Invalid registry found

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe

O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 8473 bytes

[Felipe_88 0]

Olá, sappho! Seja Bem Vindo ao Fórum iMaster!

 

1º

Abra novamente o hijackthis clique em » Do a system scam only marque a(s) seguinte(s) linha(s) abaixo, clique em Fix checked:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...=search&ap=b204

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

O2 - BHO: Banco do Brasil S.A. - {FCAAAC14-BC46-40CA-9CB2-CBB12C6739EB} - (no file)

 

2º

*Baixe o MalwareBytes'>http://www.malwarebytes.org/mbam/program/mbam-setup.exe"]MalwareBytes Anti-Malware e salve-o no desktop

*Instale o programa

*Se alguma atualização existir,o download será automático. Aguarde...

*O programa será aberto automaticamente.

*Na aba [Verificação], selecione a opção [Verificação completa]

*Clique em [Verificar] e selecione as partições a serem examinadas (geralmente C:\ e D:\)

*Ao término do scan, poderá ser interrogado se deseja remover objetos da memória. Clique [sIM] > [OK] > [Mostrar Resultados]

*Clique em [Remover Selecionados]

*Um relatório (mbam-log-ano-mês-data.txt) será apresentado.

*Cole-o na sua próxima resposta

[sappho 0]

Olá, sappho! Seja Bem Vindo ao Fórum iMaster!

 

Antes da sua resposta eu passei o SAS (Super AntiSpyware), que encontrou algumas coisinhas. Segue o log do Anti-Malware.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4511

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

 

31/08/2010 00:47:16

mbam-log-2010-08-31 (00-47-16).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 220015

Time elapsed: 2 hour(s), 11 minute(s), 9 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658} (Adware.ISTBar) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c559105-9ecf-42b8-b3f7-832e75edd959} (Adware.ISTBar) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

C:\Program Files\Programas RFB\IRPF2008windows\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Programas SRF\IRPF2006\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Programas SRF\IRPF2007\DARF32CBX.DLL (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\lnk_dados_2.dll (Malware.Trace) -> Quarantined and deleted successfully.

 

 

Ainda sinto uma lentidão. Não sei o que mais pode ser feito... além de, talvez, formatar. Obrigada

[Felipe_88 0]

sappho,

 

Sugiro que salve o banco de dados dos programas contábeis periodicamente para previnir contra possíveis problemas.

 

*Baixe o ComboFix'>http://download.bleepingcomputer.com/sUBs/ComboFix.exe"]ComboFix e salve-o no desktop

* Desative seu antivírus temporariamente!

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

*Clique em [sIM] para continuar.

*Aguarde a conclusão de todas as etapas

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

[sappho 0]

Esse tópico pode ser fechado. Acabei devolvendo o laptop antes de fazer o último passo. Acho que o problema não era só vírus, mas problema físico do HD. Obrigada

[Felipe_88 0]

Bom dia sappho,

 

Qualquer coisa pode contar conosco!

 

Forte Abraço!

[wings 22]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.