Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Grfujita

Viruz ajuda urgente

Recommended Posts

Meu msn começou a mandar alguns links para meus amigos, do nada aparece umas paginas de internet esquisita dizendo que a pagina está temporariamente fora do ar, alem de fica super lerdo e reniciar sozinho por favor preciso dessa maquina e não posso formata-la, uso uma placa L7VTA "creio que é da" Mainboard, meu computador é um AMD Sempron 1.7 ghz com 1gb de RAM, uso Win Xp Sp3 Profissional versão 2002 e tenho uma placa de vídeo ATI Radeon 9550 AGP com o drivers de 2005

Dessa vez estou postando log do DDS e do HijackThis

DDS (Version 1.0) - NTFSx86

Run by USER at 20:16:45,32 on dom 30/11/2008

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1023.615 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

F:\Download_H\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uInternet Connection Wizard,ShellNext = hxxp://www.google.com/

BHO: {57C9D7B2-0E6A-4CEC-8B3B-EC1911836C27} - c:\windows\system32\vtUlIYsS.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

BHO: {fa487853-f150-4a99-bec1-0464eb7215d8} - c:\windows\system32\votyvd.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - c:\arquiv~1\avg\avg8\AVGTOO~1.DLL

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

mRun: [ATIPTA] c:\arquivos de programas\ati technologies\ati control panel\atiptaxx.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [DAEMON Tools-1033] "d:\arquivos de programas\d-tools\daemon.exe" -lang 1033

mRun: [ATICCC] "c:\arquivos de programas\ati technologies\ati.ace\cli.exe" runtime

mRun: [AVG8_TRAY] c:\arquiv~1\avg\avg8\avgtray.exe

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Windows UDP Control Center] fxstaller.exe

mRun: [cc4db734] rundll32.exe "c:\windows\system32\nlshvsxi.dll",b

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [ATICCC] "c:\arquivos de programas\ati technologies\ati.ace\cli.exe" runtime

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

StartupFolder: c:\documents and settings\user\menu iniciar\programas\inicializar\Reboot.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\aticat~1.lnk - c:\arquivos de programas\ati technologies\ati.ace\CLI.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\symant~1.lnk - c:\arquivos de programas\microsoft office\office\1046\OLFSNT40.EXE

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

TCP: {F512D896-50A8-4464-A671-9B2D91B18486} = 192.168.1.1,200.195.192.133

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\arquivos de programas\avg\avg8\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: vtUnkIca - vtUnkIca.dll

AppInit_DLLs: avgrsstx.dll votyvd.dll

SEH: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - c:\windows\system32\vtUnkIca.dll

LSA: Authentication Packages = msv1_0 c:\windows\system32\vtUlIYsS

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-12 97928]

R1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys [2008-10-14 33824]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\arquiv~1\avg\avg8\avgemc.exe [2008-9-12 875288]

R2 avg8wd;AVG Free8 WatchDog;c:\arquiv~1\avg\avg8\avgwdsvc.exe [2008-9-12 231704]

R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-12 76040]

R2 HWiNFO32;HWiNFO32 Kernel Driver;\??\e:\arquivos de programas\hwinfo32\HWiNFO32.SYS [2006-8-13 15976]

S3 7ByteIo;7ByteIo;\??\e:\arquivos de programas\hot cpu tester\SysInfo.sys []

S3 ATICDSDr;ATICDSDr;\??\h:\install\bin\atiicdxx.sys []

=============== Created Last 30 ================

2008-11-30 19:58 1,025 a------- C:\ous.exe

2008-11-30 19:45 1,377,105 ---sh--- c:\windows\system32\ixsvhsln.ini

2008-11-30 19:45 70,656 a------- c:\windows\system32\nlshvsxi.dll

2008-11-30 19:43 105,984 a------- c:\windows\system32\votyvd.dll

2008-11-30 19:43 105,984 a------- c:\windows\system32\evokkndj.dll

2008-11-30 19:42 362,495 a--sh--- c:\windows\system32\SsYIlUtv.ini2

2008-11-30 19:42 362,495 a--sh--- c:\windows\system32\SsYIlUtv.ini

2008-11-30 19:42 245,248 a------- c:\windows\system32\vtUlIYsS.dll

2008-11-30 19:37 65,536 a------- c:\windows\system32\qoMffddA.dll

2008-11-30 19:36 39,936 a------- c:\windows\system32\vtUnkIca.dll

2008-11-30 14:17 48,690 ---shr-- c:\windows\fxstaller.exe

2008-11-30 11:58 <DIR> --d----- c:\docume~1\user\dadosd~1\Tibia

2008-11-28 17:26 <DIR> --d-h--- c:\windows\system32\GroupPolicy

2008-11-27 20:32 <DIR> --d-h--- c:\windows\PIF

2008-11-26 20:18 <DIR> --d----- c:\windows\system32\drivdrs

==================== Find3M ====================

2008-11-28 09:12 90,112 a------- c:\windows\DUMP72bf.tmp

2008-11-28 09:11 90,112 a------- c:\windows\DUMP73d8.tmp

2008-11-25 22:44 90,112 a------- c:\windows\DUMP6bc9.tmp

2008-11-22 15:52 152,064 a------- c:\windows\snap.dat

2008-11-09 11:06 90,112 a------- c:\windows\DUMP6e79.tmp

2008-10-31 14:48 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\avg8

2008-10-19 13:49 413,126 a------- c:\windows\system32\perfh016.dat

2008-10-19 13:49 61,400 a------- c:\windows\system32\perfc016.dat

2008-10-12 14:54 <DIR> --d----- c:\arquivos de programas\Managed DirectX (0900)

2008-10-10 18:35 5,194 a------- c:\windows\help\hhcolreg.dat

2008-10-10 18:29 <DIR> --d----- c:\arquivos de programas\Snapshot Viewer

2008-10-03 17:38 <DIR> -cdsh--- c:\arquivos de programas\arquivos comuns\WindowsLiveInstaller

2008-09-20 21:30 111,928 ac------ c:\windows\system32\PnkBstrB.exe

2008-09-13 16:28 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\NexonUS

2008-09-12 22:06 <DIR> --d----- c:\docume~1\user\dadosd~1\AVGTOOLBAR

2008-09-12 19:39 10,520 a------- c:\windows\system32\avgrsstx.dll

2008-09-12 11:28 249,856 -------- c:\windows\Setup1.exe

2008-09-12 11:28 73,216 a------- c:\windows\ST6UNST.EXE

2002-01-01 04:08 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Age of Empires 3

============= FINISH: 20:17:28,81 ===============

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:30:49, on 30/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

D:\Arquivos de programas\D-Tools\daemon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\ARQUIV~1\AVG\AVG8\avgrsx.exe

C:\ARQUIV~1\AVG\AVG8\avgemc.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

C:\WINDOWS\explorer.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\AVG\AVG8\avgui.exe

C:\Arquivos de programas\internet explorer\iexplore.exe

F:\Download_H\gmer\gmer.exe

C:\WINDOWS\system32\dumprep.exe

C:\WINDOWS\system32\dumprep.exe

E:\Arquivos de programas\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\ARQUIV~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ATIPTA] C:\Arquivos de programas\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Arquivos de programas\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [AVG8_TRAY] C:\ARQUIV~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe

O4 - HKLM\..\Run: [cc4db734] rundll32.exe "C:\WINDOWS\system32\nlshvsxi.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O4 - Startup: Reboot.exe

O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Arquivos de programas\Microsoft Office\Office\1046\OLFSNT40.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Arquivos de programas\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223061214781

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F512D896-50A8-4464-A671-9B2D91B18486}: NameServer = 192.168.1.1,200.195.192.133

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Arquivos de programas\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll votyvd.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgemc.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\ARQUIV~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

Agradeço a ajuda.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Desculpe a demora.

Caso ainda necessite de ajuda, por execute novamente o DDS.

ATENÇÃO: Não abra um novo tópico, cole os novos logs neste mesmo tópico,

utilizando o botão reply.gif

Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×