[Resolvido!]PC Lentíssimo!!!

pedrosimoes · Março 18, 2007

Olá...

Meu pc tem estado muito lento esses ultimos dias...

concerteza deve ser vírus!

ajuda ai alguem por favor!!!

segue o log do hijack this -------->

Logfile of HijackThis v1.99.1Scan saved at 21:11:19, on 17/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeC:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\WINDOWS.0\system32\RUNDLL32.EXEC:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXEC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS.0\system32\rundll32.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\WINDOWS.0\system32\svchost.exeC:\Arquivos de programas\eMule\emule.exeC:\Hijack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.netR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Arquivos de programas\Multi_Media\tbMult.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Arquivos de programas\Multi_Media\tbMult.dllO3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Arquivos de programas\VSAdd-in\VSAdd-in.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe"  -lang 1033O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS.0\system32\qsjvuvar.dll",setvmO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6D840A52-A8A9-48CA-B64B-45BF48219F58}: NameServer = 200.165.132.157,200.165.132.148O17 - HKLM\System\CCS\Services\Tcpip\..\{91AA86E8-C1B5-4F7E-A45D-36F9D5AA0A84}: NameServer = 200.165.132.155 200.165.132.148O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS.0\system32\btxppanel.dllO20 - AppInit_DLLs: MsgPlusLoader.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS.0\system32\nvsvc32.exe (file missing)

pedrosimoes · Março 19, 2007

E mais...

hoje quando liguei o PC deu a seguinte mensagem:

Erro ao carregar C:/windows.0/system32/qsjvuvar.dll

acesso inválido ao local da memória

as paginas do IE vivem travando e o pc esta muito lento!

peço ajuda jgarcia pois ja estou muito preocupado, sei que você resolverá meu problema pq tu é o cara!

um abraço.

jgarcia · Março 22, 2007

Opa pedrosimoes,

Vamos lá.

* Baixe o VundoFix.

* Dê duplo-clique sobre VundoFix.exe para iniciá-lo;

* Quando o VundoFix abrir clique em Scan for Vundo. Aguarde o término do scan que pode demorar algum tempo. Seja paciente;

* Terminado o scan clique em Remove Vundo;

* Você receberá um alerta perguntando se deseja remover os arquivos. Clique em YES. O seu desktop irá apagar (isto é normal);

* Para completar o scan será necessário reinicializar a máquina. Clique em OK;

* Favor postar o log do VundoFix (C:\vundofix.txt) em sua próxima resposta, juntamente com um novo do HijackThis.

Abraços.

pedrosimoes · Março 23, 2007

Olá...

feito o que o senhor mandou!

OBS: na mesma pasta onde esta o log do VUNDOFIX, tem os arquivos que ele encontrou na verificação, esses descritos no log(arquivos BAD).

posso exclui-los???

ai vai o log do VUNDOFIX:

C:\WINDOWS.0\system32\ddcyy.dllC:\WINDOWS.0\system32\idnosanw.dllC:\WINDOWS.0\system32\kipwblmy.exeC:\WINDOWS.0\system32\vtustqq.dllC:\WINDOWS.0\system32\wcgvbvyf.dllC:\WINDOWS.0\system32\yycdd.bak1C:\WINDOWS.0\system32\yycdd.bak2C:\WINDOWS.0\system32\yycdd.iniC:\WINDOWS.0\system32\yycdd.ini2C:\WINDOWS.0\system32\yycdd.tmp

aqui o log do Hijackthis:

Logfile of HijackThis v1.99.1Scan saved at 20:52:13, on 22/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeC:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXEC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS.0\system32\rundll32.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\system32\wuauclt.exeC:\Hijack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.netR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS.0\system32\ipv6monl.dllO2 - BHO: (no name) - {7BFE2B1C-27C2-4DA8-AD4F-D27A24FC4592} - C:\WINDOWS.0\system32\ddcyy.dll (file missing)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO2 - BHO: (no name) - {C3AE80DC-CE36-41E6-A011-E498F909614B} - C:\WINDOWS.0\system32\vtustqq.dll (file missing)O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe"  -lang 1033O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINDOWS.0\system32\frhtohsp.dll",setvmO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {33331111-1111-1111-1111-615111193427} - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6D840A52-A8A9-48CA-B64B-45BF48219F58}: NameServer = 200.165.132.157,200.165.132.148O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS.0\system32\btxppanel.dllO20 - AppInit_DLLs: MsgPlusLoader.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS.0\system32\nvsvc32.exe (file missing)

E muito obrigado pela ajuda amigo!

Grande abraço.

jgarcia · Março 23, 2007

Opa pedrosimoes,

O log de que falo apresenta a seguinte conjuntura:

Attempting to delete C:\WINDOWS\System32\oqtwa.bak1
C:\WINDOWS\System32\oqtwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\oqtwa.bak2

C:\WINDOWS\System32\oqtwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\oqtwa.ini

C:\WINDOWS\System32\oqtwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\oqtwa.ini2

C:\WINDOWS\System32\oqtwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\oqtwa.tmp

C:\WINDOWS\System32\oqtwa.tmp Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.3.9

Checking Java version...

Sun Java not detected

Scan started at 23:27:34 27/2/2007

Listing files found while scanning....

C:\Arquivos de programas\VSAdd-in\VSAdd-in.dll

C:\WINDOWS\System32\qtstv.bak1

C:\WINDOWS\System32\qtstv.bak2

C:\WINDOWS\System32\qtstv.ini

C:\WINDOWS\System32\vtstq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\System32\qtstv.bak1

C:\WINDOWS\System32\qtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\qtstv.bak2

C:\WINDOWS\System32\qtstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\qtstv.ini

C:\WINDOWS\System32\qtstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtstq.dll

C:\WINDOWS\System32\vtstq.dll Has been deleted!

Performing Repairs to the registry.

Done!

Você clicou em Remove Vundo? Caso não tenha utilizado esta função, repita a operação contida em meu post anterior.

Abraços.

pedrosimoes · Março 23, 2007

Ops...

desculpa, é que eu pensei que ele ficava dentro da pasta criada pro programa em C:/VundoFix backups...

mas já achei, ta ai.

VundoFix V6.3.17

Checking Java version...

Sun Java not detected

Scan started at 20:45:40 22/3/2007

Listing files found while scanning....

C:\WINDOWS.0\system32\ddcyy.dll

C:\WINDOWS.0\system32\idnosanw.dll

C:\WINDOWS.0\system32\kipwblmy.exe

C:\WINDOWS.0\system32\vtustqq.dll

C:\WINDOWS.0\system32\wcgvbvyf.dll

C:\WINDOWS.0\system32\yycdd.bak1

C:\WINDOWS.0\system32\yycdd.bak2

C:\WINDOWS.0\system32\yycdd.ini

C:\WINDOWS.0\system32\yycdd.ini2

C:\WINDOWS.0\system32\yycdd.tmp

Beginning removal...

Attempting to delete C:\WINDOWS.0\system32\ddcyy.dll

C:\WINDOWS.0\system32\ddcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\idnosanw.dll

C:\WINDOWS.0\system32\idnosanw.dll Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\kipwblmy.exe

C:\WINDOWS.0\system32\kipwblmy.exe Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\vtustqq.dll

C:\WINDOWS.0\system32\vtustqq.dll Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\wcgvbvyf.dll

C:\WINDOWS.0\system32\wcgvbvyf.dll Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\yycdd.bak1

C:\WINDOWS.0\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\yycdd.bak2

C:\WINDOWS.0\system32\yycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\yycdd.ini

C:\WINDOWS.0\system32\yycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\yycdd.ini2

C:\WINDOWS.0\system32\yycdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS.0\system32\yycdd.tmp

C:\WINDOWS.0\system32\yycdd.tmp Has been deleted!

Performing Repairs to the registry.

Done!

Grande abraço!

jgarcia · Março 25, 2007

Opa pedrosimoes,

Poste um novo log do HijackThis.

Abraços.

pedrosimoes · Março 25, 2007

e ai jgarcia...

agora ta com uma frescura que derrepente aparece umas janelinhas do IE com um sinal de alerta ( ! ), assim:

You need to include zapatec.js file!

isso ainda deve ser do virus né?eu acho que o vundofix nao deve ter excluido tudo...

egua mas só aquele VUNDOFIX ja deu uma melhorada bacana...

tai o log.

Logfile of HijackThis v1.99.1

Scan saved at 19:14:38, on 25/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\Explorer.EXE

C:\WINDOWS.0\system32\spoolsv.exe

C:\WINDOWS.0\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\WINDOWS.0\system32\rundll32.exe

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS.0\system32\svchost.exe

c:\arquivos de programas\arquivos comuns\installshield\updateservice\isuspm.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\agent.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS.0\system32\ipv6monl.dll

O2 - BHO: (no name) - {7BFE2B1C-27C2-4DA8-AD4F-D27A24FC4592} - C:\WINDOWS.0\system32\ddcyy.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O2 - BHO: (no name) - {C3AE80DC-CE36-41E6-A011-E498F909614B} - C:\WINDOWS.0\system32\vtustqq.dll (file missing)

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS.0\system32\frhtohsp.dll",setvm

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?96981b8d41b143dd8e23112e6b24cd6b

O8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?96981b8d41b143dd8e23112e6b24cd6b

O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.html

O8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6D840A52-A8A9-48CA-B64B-45BF48219F58}: NameServer = 200.165.132.157,200.165.132.148

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS.0\system32\btxppanel.dll

O20 - AppInit_DLLs: MsgPlusLoader.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS.0\system32\nvsvc32.exe (file missing)

pô, 0x0...

rsrsrsrsrsrs

grande abraço!

jgarcia · Março 26, 2007

Opa pedrosimoes,

Vamos lá.

Habilite o Windows para mostrar todos os arquivos (até ocultos).

1ª Etapa

Baixe o CCleaner em:

CCleaner

Baixe, mas não execute ainda.

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS.0\system32\ipv6monl.dll

C:\WINDOWS.0\system32\ddcyy.dll

C:\WINDOWS.0\system32\frhtohsp.dll

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro (ao reiniciar aperte a tecla F8 repetidamente até que apareça uma tela preta em DOS e escolha a opção Modo Seguro).

Execute o HijackThis, clique em Do a system scan only e marque:

O2 - BHO: (no name) - {36DBC179-A19F-48F2-B16A-6A3E19B42A87} - C:\WINDOWS.0\system32\ipv6monl.dll
O2 - BHO: (no name) - {7BFE2B1C-27C2-4DA8-AD4F-D27A24FC4592} - C:\WINDOWS.0\system32\ddcyy.dll (file missing)

O4 - HKLM\..\Run: [soundService] rundll32.exe "C:\WINDOWS.0\system32\frhtohsp.dll",setvm

O16 - DPF: {33331111-1111-1111-1111-615111193427} -

Clique em Fix Checked.

3ª Etapa

Reinicie em Modo Normal.

Execute o CCleaner e clique em Executar Cleaner.

Execute o VundoFix novamente.

Poste novos logs do HijackThis e VundoFix.

Aguardo retorno.

Um abraço.

pedrosimoes · Março 28, 2007

Saudações Azulinas!!!

amigo, fiz tudo certo.

mas antes, queria saber se possível, que tipo de vírus foi esse que meu pc pegou???

aqui vai o log do hijack this.

[b]Logfile of HijackThis v1.99.1Scan saved at 21:18:24, on 27/3/2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS.0\System32\smss.exeC:\WINDOWS.0\system32\winlogon.exeC:\WINDOWS.0\system32\services.exeC:\WINDOWS.0\system32\lsass.exeC:\WINDOWS.0\system32\svchost.exeC:\WINDOWS.0\System32\svchost.exeC:\WINDOWS.0\Explorer.EXEC:\WINDOWS.0\system32\spoolsv.exeC:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exeC:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeC:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exeC:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXEC:\WINDOWS.0\system32\rundll32.exeC:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS.0\system32\ctfmon.exeC:\Arquivos de programas\MSN Messenger\msnmsgr.exeC:\WINDOWS.0\system32\NOTEPAD.EXEC:\WINDOWS.0\system32\svchost.exeC:\Arquivos de programas\Internet Explorer\iexplore.exeC:\Hijack This\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.netR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO2 - BHO: (no name) - {C3AE80DC-CE36-41E6-A011-E498F909614B} - C:\WINDOWS.0\system32\vtustqq.dll (file missing)O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentO4 - HKLM\..\Run: [ISUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exeO4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [Ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exeO4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Arquivos de programas\D-Tools\daemon.exe"  -lang 1033O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO8 - Extra context menu item: &Windows Live Search - res://C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Abrir em uma nova guia do plano de fundo - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/229?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Abrir em uma nova guia do primeiro plano - res://C:\Arquivos de programas\Windows Live Toolbar\Components\pt-br\msntabres.dll.mui/230?96981b8d41b143dd8e23112e6b24cd6bO8 - Extra context menu item: Add to AMV Convert Tool... - C:\Arquivos de programas\MP3 Player Utilities 4.00\AMVConverter\grab.htmlO8 - Extra context menu item: Add to AMV Converter... - C:\Arquivos de programas\MP3 Player Utilities 4.04\AMVConverter\grab.htmlO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htmO8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Arquivos de programas\MP3 Player Utilities 4.00\MediaManager\grab.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.5.0_05\bin\npjpi150_05.dllO9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra 'Tools' menuitem: Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\WINDOWS.0\system32\shdocvw.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie.htmO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.aspO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{6D840A52-A8A9-48CA-B64B-45BF48219F58}: NameServer = 200.165.132.157,200.165.132.148O17 - HKLM\System\CCS\Services\Tcpip\..\{91AA86E8-C1B5-4F7E-A45D-36F9D5AA0A84}: NameServer = 200.165.132.155 200.165.132.148O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS.0\system32\btxppanel.dllO20 - AppInit_DLLs: MsgPlusLoader.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\WPDShServiceObj.dllO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe (file missing)O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe (file missing)O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS.0\system32\nvsvc32.exe (file missing)

Aqui o do VundoFix.

VundoFix V6.3.17Checking Java version...Sun Java not detectedScan started at 21:23:16 27/3/2007Listing files found while scanning....No infected files were found.

é, pelo jeito já foi tudo removido.

mais uma vez mto obrigado pela ajuda amigão!!!

Grande abraço!

jgarcia · Março 28, 2007

Opa pedrosimoes,

Ainda há o que fazer.

1ª Etapa

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione tudo com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS.0\system32\vtustqq.dll

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

É prudente que você faça a impressão deste documento ou salve-o em um lugar de fácil acesso, pois na próxima etapa entraremos em Modo de Seguro e a conexão à internet não será possível.

2ª Etapa

Reinicie o computador em Modo Seguro.

Execute o HijackThis, clique em Do a system scan only e marque:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {C3AE80DC-CE36-41E6-A011-E498F909614B} - C:\WINDOWS.0\system32\vtustqq.dll (file missing)

Clique em Fix Checked.

Obs.: No caso da O2 você deve fixar qualquer entrada que possua letras aleatórias.dll, bem como removê-la por meio do Killbox.

3ª Etapa

Reinicie em Modo Normal.

Poste um novo log do HijackThis.

... quanto à sua dúvida:

mas antes, queria saber se possível, que tipo de vírus foi esse que meu pc pegou???

Trata-se do Vundo, praga chata e de difícil remoção.

Um abraço.

pedrosimoes · Março 29, 2007

Saudações Azulinas!!!

olha fiz tudo certo...

Só nao intendi direito isso aqui, porisso achei melhor pergunta-lo do que acabar fazendo besteira.

Obs.: No caso da O2 você deve fixar qualquer entrada que possua letras aleatórias.dll, bem como removê-la por meio do Killbox.

Quer dizer que eu posso realizar aqueles procedimentos com o hijackthis, aquele que tem que reiniciar em modo de segurança???

então, posso realizar aqueles procedimentos que eu citei acima com essas entradas aqui:?

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

e mais uma vez, mto obrigado!!!

aguardo reposta...

Grande abraço!

---------------

pedrosimoes

jgarcia · Março 29, 2007

Só nao intendi direito isso aqui, porisso achei melhor pergunta-lo do que acabar fazendo besteira.
Obs.: No caso da O2 você deve fixar qualquer entrada que possua letras aleatórias.dll, bem como removê-la por meio do Killbox.

Por exemplo, se você encontrar a seguinte linha:

O2 - BHO: (no name) - {C3AE80DC-CE36-41E6-A011-E498F909614B} - C:\WINDOWS.0\system32\werloiu.dll (file missing)

... você deverá incluir o caminho C:\WINDOWS.0\system32\werloiu.dll na instrução de remoção do Killbox (1ª Etapa).

Bem, poste um novo log do HijackThis.

Abraços.

pedrosimoes · Março 30, 2007

bom jgarcia,

então quer dizer que eu posso excluir as entradas do meu ultimo post(em vermelho), atraves dos procedimentos pelo Killbox?

observe-as e veja o final, é como no exemplo que você citou.

bem, postei o log como você pediu.

Logfile of HijackThis v1.99.1

Scan saved at 22:39:32, on 29/3/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS.0\System32\smss.exe

C:\WINDOWS.0\system32\winlogon.exe

C:\WINDOWS.0\system32\services.exe

C:\WINDOWS.0\system32\lsass.exe

C:\WINDOWS.0\system32\svchost.exe

C:\WINDOWS.0\System32\svchost.exe

C:\WINDOWS.0\Explorer.EXE

C:\WINDOWS.0\system32\spoolsv.exe

C:\WINDOWS.0\system32\rundll32.exe

C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\issch.exe

C:\Arquivos de programas\Java\jre1.5.0_05\bin\jusched.exe

C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\WINDOWS.0\System32\spool\DRIVERS\W32X86\3\E_S4I4T1.EXE

C:\Arquivos de programas\MessengerPlus! 3\MsgPlus.exe

C:\Arquivos de programas\D-Tools\daemon.exe

C:\WINDOWS.0\system32\ctfmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\WINDOWS.0\system32\rundll32.exe

C:\WINDOWS.0\system32\svchost.exe

C:\Arquivos de programas\eMule\emule.exe

C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsxlive.net

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\isuspm.exe" -startup