Guest --Jonathan -- Postado Março 17, 2007 Denunciar Share Postado Março 17, 2007 Tenho o virus copy.exe e não consigo acessar ao C:, já fiz tudo que mandarm em alguns topicos e mesmo assim o problema continua. Tenho aqui este log, espero uma ajuda. Obg :)C:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programas\CyberLink\PowerDVD\PDVDServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\Programas\Internet Explorer\iexplore.exeC:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1B819F3D-171F-7DB5-3303-04D21731957C} - (no file)O2 - BHO: (no name) - {69B33F75-BA4F-4060-A99A-D4F5970C33E3} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exeO4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O17 - HKLM\System\CCS\Services\Tcpip\..\{09AC4AB6-09D8-4CD7-8635-E90D29706CE8}: NameServer = 212.55.154.174O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 18, 2007 Denunciar Share Postado Março 18, 2007 Baixe o KillBoxSalve em uma pasta em C:\Sugiro que imprima ou salve as instruções abaixo.Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\WINDOWS\system32\winmfu32.dllClique no botão vermelho com um X, e ao perguntar Reboot Now? Clique em Não.Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.O2 - BHO: (no name) - {1B819F3D-171F-7DB5-3303-04D21731957C} - (no file)O2 - BHO: (no name) - {69B33F75-BA4F-4060-A99A-D4F5970C33E3} - (no file)O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)Reinicie e poste um novo Log do Hijackthis. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest Jonathanz Postado Março 18, 2007 Denunciar Share Postado Março 18, 2007 Logfile of HijackThis v1.99.1Scan saved at 18:21:16, on 18-03-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programas\CyberLink\PowerDVD\PDVDServ.exeC:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exeO4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exeFiz tudo que mandou, mas continua a dar erro :x Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 19, 2007 Denunciar Share Postado Março 19, 2007 Execute este scan on-line e poste o resultado para ser análisado:Kaspersky Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest Jonathanz Postado Março 19, 2007 Denunciar Share Postado Março 19, 2007 Boas, tentei fazer o que voçe disse mas quando aquilo está no Update Kaspersky Anti-Virus Databases [100%] dá me um erro a dizer: "Update process FAILED. No further antivirus actions can be performed! Attention, you must be online to activate Kaspersky Online Scanner, since the lastest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest virus. [21]"Obg por me estar a tentar ajudar.[[]] Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 20, 2007 Denunciar Share Postado Março 20, 2007 Tente este:http://www.pandasoftware.com/activescan/ac...can/ascan_2.asp Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 20, 2007 Denunciar Share Postado Março 20, 2007 ;***********************************************************************************************************************************************************************************ANALYSIS: 2007-03-20 20:27:19PROTECTIONS: 1MALWARE: 19SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Kaspersky Anti-Virus 6.0 6.0.0.303 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@fastclick[2].txt00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@2o7[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@tribalfusion[1].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@mediaplex[1].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@statcounter[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[1].txt00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@burstnet[2].txt00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@weborama[2].txt00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@adtech[2].txt00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@fl01.ct2.comclick[1].txt00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@de.uol.com[1].txt00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[1].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@overture[2].txt00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[1].txt00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[1].txt00232552 application/winantivirus2006 Unknow No 0 Yes No c:\documents and settings\all users\application data\winantivirus pro 200600341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ywrbkyte.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\bdskxjpr.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\bgtuimdl.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\btgdwwxg.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\chjqwkef.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\cpgswllt.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\cutknilr.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dfedgepc.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dpvphmyi.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dqpeqrhn.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ednbytaf.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\flrwxuxw.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\gicoebor.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hhiepvmm.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hlhymsbn.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hoxrhwla.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hqobhrah.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\huhslpqu.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\icgeimsk.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ilvtynvv.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\jtsxgryj.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\jxpqdtng.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\kjsftwcd.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\lnfduamx.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\lpcoujen.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\mhdiclto.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\niitqxax.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nmifvfor.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nrmbmfar.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nyghdcej.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ocwfrnka.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\okxgobvr.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ompexbuc.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ownekefm.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pdkxgake.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pfwehish.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\prjvysdl.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pwgikfyi.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qhcsrlnn.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qkupyppq.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qtrvglry.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qxpiqtkw.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rfhelkog.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rjqydxst.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rrrqqaap.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rsmlpwmb.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rttldixj.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\toeiehto.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\varebafp.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\verrwwcg.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\veurxvst.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\vxxscsem.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\waeugaqf.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\xcthntml.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\xolpygoj.exe00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\yjdysltx.exe00506966 Application/PocketKillBox Unknow No 0 Yes No D:\killbox.exe00506966 Application/PocketKillBox Unknow No 0 Yes No C:\RECYCLER\S-1-5-21-823518204-1123561945-1177238915-500\Dc1.exe;===================================================================================================================================================================================SUSPECTSLocation;===================================================================================================================================================================================;=================================================================================================================================================================================== Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Baixe esta ferramenta VundoFix.exeSugiro que salve ou imprima estas instruções: Dê um duplo-clique no VundoFix e depois clique no botão Scan for Vundo.Ao final do scan, clique no botão Remove Vundo. Quando aparecer o aviso perguntando se quer remover os arquivos, clique em Sim (Yes). O desktop poderá sumir, mas é normal.Quando acabar a remoção, aparecerá um aviso para desligar o computador. Clique em OK.IMPORTANTE: É possível que o VundoFix encontre um arquivo que não consiga remover. Se isso acontecer a ferramenta rodará ao reiniciar.Quando o VundoFix aparecer, clique no botão Scan for Vundo.Pode acontecer de ter de rodar o Vundofix mais algumas vezes. Isso é devido às novas variantes do Vundo serem muito persistentes.Depois gere um novo log com o HijackThis e poste + o vundofix.txt. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Logfile of HijackThis v1.99.1Scan saved at 13:00:22, on 21-03-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Programas\CyberLink\Shared files\RichVideo.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Programas\CyberLink\PowerDVD\PDVDServ.exeC:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exeC:\WINDOWS\system32\ctfmon.exeC:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeC:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exeD:\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = HiperligaçõesO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exeO4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exeO4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exeO8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dllO9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{09AC4AB6-09D8-4CD7-8635-E90D29706CE8}: NameServer = 212.55.154.174O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLLO20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dllO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exeO23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Onde está o conteúdo do Log vundofix.txt? Por gentileza, poste-o!!! Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Deculpa, esqueci me totalmnt xPVundoFix V6.3.17Checking Java version...Sun Java not detectedScan started at 12:36:31 21-03-2007Listing files found while scanning....C:\WINDOWS\system32\bdskxjpr.exeC:\WINDOWS\system32\bgtuimdl.exeC:\WINDOWS\system32\btgdwwxg.exeC:\WINDOWS\system32\chjqwkef.exeC:\WINDOWS\system32\cpgswllt.exeC:\WINDOWS\system32\cutknilr.exeC:\WINDOWS\system32\dfedgepc.exeC:\WINDOWS\system32\dpvphmyi.exeC:\WINDOWS\system32\dqpeqrhn.exeC:\WINDOWS\system32\ednbytaf.exeC:\WINDOWS\system32\flrwxuxw.exeC:\WINDOWS\system32\gicoebor.exeC:\WINDOWS\system32\hhiepvmm.exeC:\WINDOWS\system32\hlhymsbn.exeC:\WINDOWS\system32\hoxrhwla.exeC:\WINDOWS\system32\hqobhrah.exeC:\WINDOWS\system32\huhslpqu.exeC:\WINDOWS\system32\icgeimsk.exeC:\WINDOWS\system32\ilvtynvv.exeC:\WINDOWS\system32\jtsxgryj.exeC:\WINDOWS\system32\jxpqdtng.exeC:\WINDOWS\system32\kjsftwcd.exeC:\WINDOWS\system32\lnfduamx.exeC:\WINDOWS\system32\lpcoujen.exeC:\WINDOWS\system32\mhdiclto.exeC:\WINDOWS\system32\niitqxax.exeC:\WINDOWS\system32\nmifvfor.exeC:\WINDOWS\system32\nrmbmfar.exeC:\WINDOWS\system32\nyghdcej.exeC:\WINDOWS\system32\ocwfrnka.exeC:\WINDOWS\system32\okxgobvr.exeC:\WINDOWS\system32\ompexbuc.exeC:\WINDOWS\system32\ownekefm.exeC:\WINDOWS\system32\pdkxgake.exeC:\WINDOWS\system32\pfwehish.exeC:\WINDOWS\system32\prjvysdl.exeC:\WINDOWS\system32\pwgikfyi.exeC:\WINDOWS\system32\qhcsrlnn.exeC:\WINDOWS\system32\qkupyppq.exeC:\WINDOWS\system32\qtrvglry.exeC:\WINDOWS\system32\qxpiqtkw.exeC:\WINDOWS\system32\rfhelkog.exeC:\WINDOWS\system32\rjqydxst.exeC:\WINDOWS\system32\rrrqqaap.exeC:\WINDOWS\system32\rsmlpwmb.exeC:\WINDOWS\system32\rttldixj.exeC:\WINDOWS\system32\toeiehto.exeC:\WINDOWS\system32\varebafp.exeC:\WINDOWS\system32\verrwwcg.exeC:\WINDOWS\system32\veurxvst.exeC:\WINDOWS\system32\vxxscsem.exeC:\WINDOWS\system32\waeugaqf.exeC:\WINDOWS\system32\xcthntml.exeC:\WINDOWS\system32\xolpygoj.exeC:\WINDOWS\system32\yjdysltx.exeC:\WINDOWS\system32\ywrbkyte.exeBeginning removal... Attempting to delete C:\WINDOWS\system32\bdskxjpr.exeC:\WINDOWS\system32\bdskxjpr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bgtuimdl.exeC:\WINDOWS\system32\bgtuimdl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\btgdwwxg.exeC:\WINDOWS\system32\btgdwwxg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\chjqwkef.exeC:\WINDOWS\system32\chjqwkef.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cpgswllt.exeC:\WINDOWS\system32\cpgswllt.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cutknilr.exeC:\WINDOWS\system32\cutknilr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dfedgepc.exeC:\WINDOWS\system32\dfedgepc.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dpvphmyi.exeC:\WINDOWS\system32\dpvphmyi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dqpeqrhn.exeC:\WINDOWS\system32\dqpeqrhn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ednbytaf.exeC:\WINDOWS\system32\ednbytaf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\flrwxuxw.exeC:\WINDOWS\system32\flrwxuxw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\gicoebor.exeC:\WINDOWS\system32\gicoebor.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hhiepvmm.exeC:\WINDOWS\system32\hhiepvmm.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hlhymsbn.exeC:\WINDOWS\system32\hlhymsbn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hoxrhwla.exeC:\WINDOWS\system32\hoxrhwla.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hqobhrah.exeC:\WINDOWS\system32\hqobhrah.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\huhslpqu.exeC:\WINDOWS\system32\huhslpqu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\icgeimsk.exeC:\WINDOWS\system32\icgeimsk.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ilvtynvv.exeC:\WINDOWS\system32\ilvtynvv.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\jtsxgryj.exeC:\WINDOWS\system32\jtsxgryj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\jxpqdtng.exeC:\WINDOWS\system32\jxpqdtng.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\kjsftwcd.exeC:\WINDOWS\system32\kjsftwcd.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\lnfduamx.exeC:\WINDOWS\system32\lnfduamx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\lpcoujen.exeC:\WINDOWS\system32\lpcoujen.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\mhdiclto.exeC:\WINDOWS\system32\mhdiclto.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\niitqxax.exeC:\WINDOWS\system32\niitqxax.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nmifvfor.exeC:\WINDOWS\system32\nmifvfor.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nrmbmfar.exeC:\WINDOWS\system32\nrmbmfar.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\nyghdcej.exeC:\WINDOWS\system32\nyghdcej.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ocwfrnka.exeC:\WINDOWS\system32\ocwfrnka.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\okxgobvr.exeC:\WINDOWS\system32\okxgobvr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ompexbuc.exeC:\WINDOWS\system32\ompexbuc.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ownekefm.exeC:\WINDOWS\system32\ownekefm.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pdkxgake.exeC:\WINDOWS\system32\pdkxgake.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pfwehish.exeC:\WINDOWS\system32\pfwehish.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\prjvysdl.exeC:\WINDOWS\system32\prjvysdl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pwgikfyi.exeC:\WINDOWS\system32\pwgikfyi.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qhcsrlnn.exeC:\WINDOWS\system32\qhcsrlnn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qkupyppq.exeC:\WINDOWS\system32\qkupyppq.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qtrvglry.exeC:\WINDOWS\system32\qtrvglry.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\qxpiqtkw.exeC:\WINDOWS\system32\qxpiqtkw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rfhelkog.exeC:\WINDOWS\system32\rfhelkog.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rjqydxst.exeC:\WINDOWS\system32\rjqydxst.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rrrqqaap.exeC:\WINDOWS\system32\rrrqqaap.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rsmlpwmb.exeC:\WINDOWS\system32\rsmlpwmb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\rttldixj.exeC:\WINDOWS\system32\rttldixj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\toeiehto.exeC:\WINDOWS\system32\toeiehto.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\varebafp.exeC:\WINDOWS\system32\varebafp.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\verrwwcg.exeC:\WINDOWS\system32\verrwwcg.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\veurxvst.exeC:\WINDOWS\system32\veurxvst.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\vxxscsem.exeC:\WINDOWS\system32\vxxscsem.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\waeugaqf.exeC:\WINDOWS\system32\waeugaqf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xcthntml.exeC:\WINDOWS\system32\xcthntml.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\xolpygoj.exeC:\WINDOWS\system32\xolpygoj.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\yjdysltx.exeC:\WINDOWS\system32\yjdysltx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\ywrbkyte.exeC:\WINDOWS\system32\ywrbkyte.exe Has been deleted!Performing Repairs to the registry.Done!VundoFix V6.3.17Checking Java version...Sun Java not detectedScan started at 12:47:23 21-03-2007Listing files found while scanning....No infected files were found.Beginning removal...VundoFix V6.3.17Checking Java version...Sun Java not detectedScan started at 19:54:38 21-03-2007Listing files found while scanning.... Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Ok, bom trabalho, seus Logs estão limpos. Ainda há algum problema com seu PC?Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.Delete a pasta !KillBox localizada em C:\ e em seguida limpe a Lixeira. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 21, 2007 Denunciar Share Postado Março 21, 2007 Sim, ainda não consigo abrir o meu disco C: . Apenas consigo abrir o D: pois tnh o meu disco partilhado. Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 22, 2007 Denunciar Share Postado Março 22, 2007 Ok, vamos a algumas tentativas.Baixe o ATF Cleaner by Atribune e salve na sua área de trabalho.Sugiro que imprima ou salve as instruções abaixo.Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).Clique em Iniciar > Executar e digite a linha abaixo, em seguida, clique em Ok ou pressione Enter.cmd /c del /que /f /A /S C:\copy.exeDê dois cliques no ATF-Cleaner.exe para executar a FerramentaMarque “Select All”Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.Reinicie e veja se resolve o problema. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 22, 2007 Denunciar Share Postado Março 22, 2007 Problema continua :(( . já nm tenho esperenças d que conseguirei remover o vírus.OBg Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Março 22, 2007 Denunciar Share Postado Março 22, 2007 Desenvolvi uma ferramenta para remoção de um tipo de vírus em pendrive, acontece o mesmo erro quando você tenta executa-la, então vamos fazer um teste.Baixe esse programa, selecione a opção Verificar Pendrive e marque para procurar na unidade que está dando problema e clique no botão Verificar.Informe do resultado, se você clicar no botão e nenhuma mensagem for exibida, poste novamente falando que não deu certo. Se aparecer alguma mensagem que algum arquivo foi deletado, anote o nome dele e poste aqui o seu nome. Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 23, 2007 Denunciar Share Postado Março 23, 2007 Thanks Renato! Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 24, 2007 Denunciar Share Postado Março 24, 2007 Fiz tudo que mandou, após a verificação apareceu me um aviso a dizer "Autorun.inf deletado" após carregar no OK e apareceu me um aviso/erro a dizer "File not found". O ficheiro Thumbs apareceu me no ambiente de trabalho estámbem, o que faço com esse ficheiro posso elimina lo? Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Março 24, 2007 Denunciar Share Postado Março 24, 2007 O Thumbs.dll é um arquivo normal do sistema, não precisa apagar, ele apareceu porque no meio da minha rotina de verificação eu mando ele mostrar os arquivos protegidos pelo sistema. E o problema do copy.exe, foi resolvido? Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 24, 2007 Denunciar Share Postado Março 24, 2007 Não resolveu, e para alem desse erro agora ao ligar o computador aparece me um aviso "Falta NTLDR Prima Ctrl+Alt+Del P/ Reinic" e não posso fzr mais nada :x nm chega abrir o windows. Carrego enter, esc, e n dá nada, so dá mesmo para reiniciar. Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Março 25, 2007 Denunciar Share Postado Março 25, 2007 Veja se é isso que se aplica a você:http://support.microsoft.com/kb/314057/ptQuanto ao seu problema do copy.exe, tente o seguinte, vá no regedit, e mande localizar pelo item copy.exe, se você encontrar alguma entrada assim:[unidade]:\copy.exe, delete ela, depois execute o PenClean novamente seguindo os mesmos procedimentos. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 25, 2007 Denunciar Share Postado Março 25, 2007 Penso que não se adequa, pois eu sempre tive o WindowsXP no computador e aliás não conseguiria resolver a situação pois n tnh a tal disquete de arranque. Link para o comentário Compartilhar em outros sites More sharing options...
0 JackSSA Postado Março 26, 2007 Denunciar Share Postado Março 26, 2007 De boot com o CD de instalação do Windows XP. Na primeira tela do assistente de instalação, pressione R para acessar o console de recuperação.Pressione 1 para acessar a sua instalação, em seguida digite a senha de Administrador e pressione Enter, ou apenas Enter caso não tenha definido nenhuma senha.Digite os seguintes comandos abaixo:ATTRIB -R -S -H C:\NTLDR ATTRIB -R -S -H C:\NTDETECT.COM COPY X:\i386\NTLDR C: COPY X:\i386\NTDETECT.COM C: Exit OBS: ( onde C: é a partição da inicialização do sistema e X: é a letra correspondente ao drive do seu CD-Rom)Em seguida reinicie e veja se resolve. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 27, 2007 Denunciar Share Postado Março 27, 2007 Eu fiz o download do WindowsXPSP2 pois n tinha o cd original. E quando ponho o CD na drive não aparece nada e continua a dar o mesmo erro(Falta NTLDR ...), ou seja continuo a não conseguir aceder ao windows, penso que tnh d criar um cdboot, mas n sei fazer isso, aguardo uma explicaçao se possivel, obrigada x). Link para o comentário Compartilhar em outros sites More sharing options...
0 RenatoMejias Postado Março 28, 2007 Denunciar Share Postado Março 28, 2007 Eu fiz o download do WindowsXPSP2 pois n tinha o cd original. E quando ponho o CD na drive não aparece nada e continua a dar o mesmo erro(Falta NTLDR ...), ou seja continuo a não conseguir aceder ao windows, penso que tnh d criar um cdboot, mas n sei fazer isso, aguardo uma explicaçao se possivel, obrigada x).Você já tinha o SP2 instalado, veja no cabeçalho do seu log:Logfile of HijackThis v1.99.1Scan saved at 18:21:16, on 18-03-2007Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)E além disso, siga os procedimentos passados pelo JackSSA.De boot com o CD de instalação do Windows XP. Na primeira tela do assistente de instalação, pressione R para acessar o console de recuperação.Pressione 1 para acessar a sua instalação, em seguida digite a senha de Administrador e pressione Enter, ou apenas Enter caso não tenha definido nenhuma senha.Digite os seguintes comandos abaixo:ATTRIB -R -S -H C:\NTLDR ATTRIB -R -S -H C:\NTDETECT.COM COPY X:\i386\NTLDR C: COPY X:\i386\NTDETECT.COM C: Exit OBS: ( onde C: é a partição da inicialização do sistema e X: é a letra correspondente ao drive do seu CD-Rom)Em seguida reinicie e veja se resolve. Link para o comentário Compartilhar em outros sites More sharing options...
0 Guest --Jonathan -- Postado Março 29, 2007 Denunciar Share Postado Março 29, 2007 Eu tou a dizer que fiz o download do windows xpsp2 após aparecer me esse erro, e fiz o download do windows xp para fazer boot com o cd, o problema é que n sei fazer isso, já gravei para 1 cd e quando aparece esse erro ponho o disco na drive mas não acontece nada :x. Só preciso de uma ajuda para fazer boot, pois não sei como isso funciona. Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
Guest --Jonathan --
Tenho o virus copy.exe e não consigo acessar ao C:, já fiz tudo que mandarm em alguns topicos e mesmo assim o problema continua. Tenho aqui este log, espero uma ajuda. Obg :)
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1B819F3D-171F-7DB5-3303-04D21731957C} - (no file)
O2 - BHO: (no name) - {69B33F75-BA4F-4060-A99A-D4F5970C33E3} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{09AC4AB6-09D8-4CD7-8635-E90D29706CE8}: NameServer = 212.55.154.174
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe
Link para o comentário
Compartilhar em outros sites
31 respostass a esta questão
Posts Recomendados