[Resolvido]Copy.exe

[Guest --Jonathan --]

Tenho o virus copy.exe e não consigo acessar ao C:, já fiz tudo que mandarm em alguns topicos e mesmo assim o problema continua. Tenho aqui este log, espero uma ajuda. Obg :)

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1B819F3D-171F-7DB5-3303-04D21731957C} - (no file)

O2 - BHO: (no name) - {69B33F75-BA4F-4060-A99A-D4F5970C33E3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{09AC4AB6-09D8-4CD7-8635-E90D29706CE8}: NameServer = 212.55.154.174

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

[JackSSA]

Baixe o KillBox

Salve em uma pasta em C:\

Sugiro que imprima ou salve as instruções abaixo.

Abra o KillBox e marque Delete on Reboot e na caixa Full Path of File to Delete coloque esta linha: C:\WINDOWS\system32\winmfu32.dll

Clique no botão vermelho com um X, e ao perguntar Reboot Now? Clique em Não.

Abra o Hijackthis, clique em Do scan a system only, marque as entradas abaixo e clique no botão Fix Checked.

O2 - BHO: (no name) - {1B819F3D-171F-7DB5-3303-04D21731957C} - (no file)

O2 - BHO: (no name) - {69B33F75-BA4F-4060-A99A-D4F5970C33E3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O20 - Winlogon Notify: winmfu32 - winmfu32.dll (file missing)

Reinicie e poste um novo Log do Hijackthis.

[Guest Jonathanz]

Logfile of HijackThis v1.99.1

Scan saved at 18:21:16, on 18-03-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrador\Ambiente de trabalho\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

Fiz tudo que mandou, mas continua a dar erro :x

[JackSSA]

Execute este scan on-line e poste o resultado para ser análisado:

Kaspersky

[Guest Jonathanz]

Boas, tentei fazer o que voçe disse mas quando aquilo está no Update Kaspersky Anti-Virus Databases [100%] dá me um erro a dizer: "Update process FAILED. No further antivirus actions can be performed!

Attention, you must be online to activate Kaspersky Online Scanner, since the lastest Anti-Virus bases version must be downloaded prior to scan. Otherwise we cannot guarantee detection of latest virus. [21]"

Obg por me estar a tentar ajudar.

[[]]

[JackSSA]

Tente este:

http://www.pandasoftware.com/activescan/ac...can/ascan_2.asp

[Guest --Jonathan --]

;***********************************************************************************************************************************************************************************

ANALYSIS: 2007-03-20 20:27:19

PROTECTIONS: 1

MALWARE: 19

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Kaspersky Anti-Virus 6.0 6.0.0.303 No No

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@doubleclick[1].txt

00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@fastclick[2].txt

00145460 Cookie/2o7 TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@2o7[2].txt

00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@tribalfusion[1].txt

00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@mediaplex[1].txt

00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@statcounter[2].txt

00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@ad.yieldmanager[1].txt

00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@burstnet[2].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@weborama[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@adtech[2].txt

00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@fl01.ct2.comclick[1].txt

00170540 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@de.uol.com[1].txt

00170553 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@ig.com[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@overture[2].txt

00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@terra.com[1].txt

00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Administrador\Cookies\administrador@uol.com[1].txt

00232552 application/winantivirus2006 Unknow No 0 Yes No c:\documents and settings\all users\application data\winantivirus pro 2006

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ywrbkyte.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\bdskxjpr.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\bgtuimdl.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\btgdwwxg.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\chjqwkef.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\cpgswllt.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\cutknilr.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dfedgepc.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dpvphmyi.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\dqpeqrhn.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ednbytaf.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\flrwxuxw.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\gicoebor.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hhiepvmm.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hlhymsbn.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hoxrhwla.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\hqobhrah.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\huhslpqu.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\icgeimsk.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ilvtynvv.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\jtsxgryj.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\jxpqdtng.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\kjsftwcd.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\lnfduamx.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\lpcoujen.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\mhdiclto.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\niitqxax.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nmifvfor.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nrmbmfar.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\nyghdcej.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ocwfrnka.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\okxgobvr.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ompexbuc.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\ownekefm.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pdkxgake.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pfwehish.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\prjvysdl.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\pwgikfyi.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qhcsrlnn.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qkupyppq.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qtrvglry.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\qxpiqtkw.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rfhelkog.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rjqydxst.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rrrqqaap.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rsmlpwmb.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\rttldixj.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\toeiehto.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\varebafp.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\verrwwcg.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\veurxvst.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\vxxscsem.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\waeugaqf.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\xcthntml.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\xolpygoj.exe

00341237 Application/VSToolbar Unknow No 0 Yes No C:\WINDOWS\system32\yjdysltx.exe

00506966 Application/PocketKillBox Unknow No 0 Yes No D:\killbox.exe

00506966 Application/PocketKillBox Unknow No 0 Yes No C:\RECYCLER\S-1-5-21-823518204-1123561945-1177238915-500\Dc1.exe

;===================================================================================================================================================================================

SUSPECTS

Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

[JackSSA]

Baixe esta ferramenta VundoFix.exe

Sugiro que salve ou imprima estas instruções:

Dê um duplo-clique no VundoFix e depois clique no botão Scan for Vundo.

Ao final do scan, clique no botão Remove Vundo. Quando aparecer o aviso perguntando se quer remover os arquivos, clique em Sim (Yes). O desktop poderá sumir, mas é normal.

Quando acabar a remoção, aparecerá um aviso para desligar o computador. Clique em OK.

IMPORTANTE: É possível que o VundoFix encontre um arquivo que não consiga remover. Se isso acontecer a ferramenta rodará ao reiniciar.

Quando o VundoFix aparecer, clique no botão Scan for Vundo.

Pode acontecer de ter de rodar o Vundofix mais algumas vezes. Isso é devido às novas variantes do Vundo serem muito persistentes.

Depois gere um novo log com o HijackThis e poste + o vundofix.txt.

[Guest --Jonathan --]

Logfile of HijackThis v1.99.1

Scan saved at 13:00:22, on 21-03-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Programas\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

D:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [LanguageShortcut] C:\Programas\CyberLink\PowerDVD\Language\Language.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [kav] "C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programas\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [startCCC] C:\Programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Antivírus para Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (file missing)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascinstie.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{09AC4AB6-09D8-4CD7-8635-E90D29706CE8}: NameServer = 212.55.154.174

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programas\Ficheiros comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.DLL

O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programas\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programas\CyberLink\Shared files\RichVideo.exe

[JackSSA]

Onde está o conteúdo do Log vundofix.txt? Por gentileza, poste-o!!!

[Guest --Jonathan --]

Deculpa, esqueci me totalmnt xP

VundoFix V6.3.17

Checking Java version...

Sun Java not detected

Scan started at 12:36:31 21-03-2007

Listing files found while scanning....

C:\WINDOWS\system32\bdskxjpr.exe

C:\WINDOWS\system32\bgtuimdl.exe

C:\WINDOWS\system32\btgdwwxg.exe

C:\WINDOWS\system32\chjqwkef.exe

C:\WINDOWS\system32\cpgswllt.exe

C:\WINDOWS\system32\cutknilr.exe

C:\WINDOWS\system32\dfedgepc.exe

C:\WINDOWS\system32\dpvphmyi.exe

C:\WINDOWS\system32\dqpeqrhn.exe

C:\WINDOWS\system32\ednbytaf.exe

C:\WINDOWS\system32\flrwxuxw.exe

C:\WINDOWS\system32\gicoebor.exe

C:\WINDOWS\system32\hhiepvmm.exe

C:\WINDOWS\system32\hlhymsbn.exe

C:\WINDOWS\system32\hoxrhwla.exe

C:\WINDOWS\system32\hqobhrah.exe

C:\WINDOWS\system32\huhslpqu.exe

C:\WINDOWS\system32\icgeimsk.exe

C:\WINDOWS\system32\ilvtynvv.exe

C:\WINDOWS\system32\jtsxgryj.exe

C:\WINDOWS\system32\jxpqdtng.exe

C:\WINDOWS\system32\kjsftwcd.exe

C:\WINDOWS\system32\lnfduamx.exe

C:\WINDOWS\system32\lpcoujen.exe

C:\WINDOWS\system32\mhdiclto.exe

C:\WINDOWS\system32\niitqxax.exe

C:\WINDOWS\system32\nmifvfor.exe

C:\WINDOWS\system32\nrmbmfar.exe

C:\WINDOWS\system32\nyghdcej.exe

C:\WINDOWS\system32\ocwfrnka.exe

C:\WINDOWS\system32\okxgobvr.exe

C:\WINDOWS\system32\ompexbuc.exe

C:\WINDOWS\system32\ownekefm.exe

C:\WINDOWS\system32\pdkxgake.exe

C:\WINDOWS\system32\pfwehish.exe

C:\WINDOWS\system32\prjvysdl.exe

C:\WINDOWS\system32\pwgikfyi.exe

C:\WINDOWS\system32\qhcsrlnn.exe

C:\WINDOWS\system32\qkupyppq.exe

C:\WINDOWS\system32\qtrvglry.exe

C:\WINDOWS\system32\qxpiqtkw.exe

C:\WINDOWS\system32\rfhelkog.exe

C:\WINDOWS\system32\rjqydxst.exe

C:\WINDOWS\system32\rrrqqaap.exe

C:\WINDOWS\system32\rsmlpwmb.exe

C:\WINDOWS\system32\rttldixj.exe

C:\WINDOWS\system32\toeiehto.exe

C:\WINDOWS\system32\varebafp.exe

C:\WINDOWS\system32\verrwwcg.exe

C:\WINDOWS\system32\veurxvst.exe

C:\WINDOWS\system32\vxxscsem.exe

C:\WINDOWS\system32\waeugaqf.exe

C:\WINDOWS\system32\xcthntml.exe

C:\WINDOWS\system32\xolpygoj.exe

C:\WINDOWS\system32\yjdysltx.exe

C:\WINDOWS\system32\ywrbkyte.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\bdskxjpr.exe

C:\WINDOWS\system32\bdskxjpr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\bgtuimdl.exe

C:\WINDOWS\system32\bgtuimdl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\btgdwwxg.exe

C:\WINDOWS\system32\btgdwwxg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\chjqwkef.exe

C:\WINDOWS\system32\chjqwkef.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cpgswllt.exe

C:\WINDOWS\system32\cpgswllt.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\cutknilr.exe

C:\WINDOWS\system32\cutknilr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dfedgepc.exe

C:\WINDOWS\system32\dfedgepc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dpvphmyi.exe

C:\WINDOWS\system32\dpvphmyi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dqpeqrhn.exe

C:\WINDOWS\system32\dqpeqrhn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ednbytaf.exe

C:\WINDOWS\system32\ednbytaf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\flrwxuxw.exe

C:\WINDOWS\system32\flrwxuxw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gicoebor.exe

C:\WINDOWS\system32\gicoebor.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hhiepvmm.exe

C:\WINDOWS\system32\hhiepvmm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hlhymsbn.exe

C:\WINDOWS\system32\hlhymsbn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hoxrhwla.exe

C:\WINDOWS\system32\hoxrhwla.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hqobhrah.exe

C:\WINDOWS\system32\hqobhrah.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\huhslpqu.exe

C:\WINDOWS\system32\huhslpqu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\icgeimsk.exe

C:\WINDOWS\system32\icgeimsk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilvtynvv.exe

C:\WINDOWS\system32\ilvtynvv.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jtsxgryj.exe

C:\WINDOWS\system32\jtsxgryj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jxpqdtng.exe

C:\WINDOWS\system32\jxpqdtng.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjsftwcd.exe

C:\WINDOWS\system32\kjsftwcd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnfduamx.exe

C:\WINDOWS\system32\lnfduamx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lpcoujen.exe

C:\WINDOWS\system32\lpcoujen.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mhdiclto.exe

C:\WINDOWS\system32\mhdiclto.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\niitqxax.exe

C:\WINDOWS\system32\niitqxax.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nmifvfor.exe

C:\WINDOWS\system32\nmifvfor.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nrmbmfar.exe

C:\WINDOWS\system32\nrmbmfar.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\nyghdcej.exe

C:\WINDOWS\system32\nyghdcej.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ocwfrnka.exe

C:\WINDOWS\system32\ocwfrnka.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\okxgobvr.exe

C:\WINDOWS\system32\okxgobvr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ompexbuc.exe

C:\WINDOWS\system32\ompexbuc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ownekefm.exe

C:\WINDOWS\system32\ownekefm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pdkxgake.exe

C:\WINDOWS\system32\pdkxgake.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pfwehish.exe

C:\WINDOWS\system32\pfwehish.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\prjvysdl.exe

C:\WINDOWS\system32\prjvysdl.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\pwgikfyi.exe

C:\WINDOWS\system32\pwgikfyi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qhcsrlnn.exe

C:\WINDOWS\system32\qhcsrlnn.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qkupyppq.exe

C:\WINDOWS\system32\qkupyppq.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtrvglry.exe

C:\WINDOWS\system32\qtrvglry.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qxpiqtkw.exe

C:\WINDOWS\system32\qxpiqtkw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rfhelkog.exe

C:\WINDOWS\system32\rfhelkog.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rjqydxst.exe

C:\WINDOWS\system32\rjqydxst.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rrrqqaap.exe

C:\WINDOWS\system32\rrrqqaap.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rsmlpwmb.exe

C:\WINDOWS\system32\rsmlpwmb.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rttldixj.exe

C:\WINDOWS\system32\rttldixj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\toeiehto.exe

C:\WINDOWS\system32\toeiehto.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\varebafp.exe

C:\WINDOWS\system32\varebafp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\verrwwcg.exe

C:\WINDOWS\system32\verrwwcg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\veurxvst.exe

C:\WINDOWS\system32\veurxvst.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vxxscsem.exe

C:\WINDOWS\system32\vxxscsem.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\waeugaqf.exe

C:\WINDOWS\system32\waeugaqf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xcthntml.exe

C:\WINDOWS\system32\xcthntml.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\xolpygoj.exe

C:\WINDOWS\system32\xolpygoj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yjdysltx.exe

C:\WINDOWS\system32\yjdysltx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ywrbkyte.exe

C:\WINDOWS\system32\ywrbkyte.exe Has been deleted!

Performing Repairs to the registry.

Done!

VundoFix V6.3.17

Checking Java version...

Sun Java not detected

Scan started at 12:47:23 21-03-2007

Listing files found while scanning....

No infected files were found.

Beginning removal...

VundoFix V6.3.17

Checking Java version...

Sun Java not detected

Scan started at 19:54:38 21-03-2007

Listing files found while scanning....

[JackSSA]

Ok, bom trabalho, seus Logs estão limpos. Ainda há algum problema com seu PC?

Clique em Iniciar -> Configurações -> Painel de Controle -> Abra o item Sistema.

Clique na guia Restauração do Sistema -> Marque Desativar restauração do sistemas em todas as unidades -> Em seguida clique em Aplicar. Após aplicado, desmarque a caixa Desativar restauração do sistemas em todas as unidades e clique novamente em Aplicar depois Ok.

Delete a pasta !KillBox localizada em C:\ e em seguida limpe a Lixeira.

[Guest --Jonathan --]

Sim, ainda não consigo abrir o meu disco C: . Apenas consigo abrir o D: pois tnh o meu disco partilhado.

[JackSSA]

Ok, vamos a algumas tentativas.

Baixe o ATF Cleaner by Atribune e salve na sua área de trabalho.

Sugiro que imprima ou salve as instruções abaixo.

Reinicie em Modo de Segurança (Pressione intermitentemente F8 durante a inicialização, no menu que aparecer escolha através da seta de navegação, Modo Seguro).

Clique em Iniciar > Executar e digite a linha abaixo, em seguida, clique em Ok ou pressione Enter.

cmd /c del /que /f /A /S C:\copy.exe

Dê dois cliques no ATF-Cleaner.exe para executar a Ferramenta

Marque “Select All”

Clique em Empty Selected. Aparecerá uma janela "Done Cleaning" clique OK e exit.

Reinicie e veja se resolve o problema.

[Guest --Jonathan --]

Problema continua :(( . já nm tenho esperenças d que conseguirei remover o vírus.

OBg

[RenatoMejias]

Desenvolvi uma ferramenta para remoção de um tipo de vírus em pendrive, acontece o mesmo erro quando você tenta executa-la, então vamos fazer um teste.

Baixe esse programa, selecione a opção Verificar Pendrive e marque para procurar na unidade que está dando problema e clique no botão Verificar.

Informe do resultado, se você clicar no botão e nenhuma mensagem for exibida, poste novamente falando que não deu certo. Se aparecer alguma mensagem que algum arquivo foi deletado, anote o nome dele e poste aqui o seu nome.

[JackSSA]

Thanks Renato!

[Guest --Jonathan --]

Fiz tudo que mandou, após a verificação apareceu me um aviso a dizer "Autorun.inf deletado" após carregar no OK e apareceu me um aviso/erro a dizer "File not found". O ficheiro Thumbs apareceu me no ambiente de trabalho estámbem, o que faço com esse ficheiro posso elimina lo?

[RenatoMejias]

O Thumbs.dll é um arquivo normal do sistema, não precisa apagar, ele apareceu porque no meio da minha rotina de verificação eu mando ele mostrar os arquivos protegidos pelo sistema. E o problema do copy.exe, foi resolvido?

[Guest --Jonathan --]

Não resolveu, e para alem desse erro agora ao ligar o computador aparece me um aviso "Falta NTLDR Prima Ctrl+Alt+Del P/ Reinic" e não posso fzr mais nada :x nm chega abrir o windows. Carrego enter, esc, e n dá nada, so dá mesmo para reiniciar.

[RenatoMejias]

Veja se é isso que se aplica a você:

http://support.microsoft.com/kb/314057/pt

Quanto ao seu problema do copy.exe, tente o seguinte, vá no regedit, e mande localizar pelo item copy.exe, se você encontrar alguma entrada assim:

[unidade]:\copy.exe, delete ela, depois execute o PenClean novamente seguindo os mesmos procedimentos.

[Guest --Jonathan --]

Penso que não se adequa, pois eu sempre tive o WindowsXP no computador e aliás não conseguiria resolver a situação pois n tnh a tal disquete de arranque.

[JackSSA]

De boot com o CD de instalação do Windows XP. Na primeira tela do assistente de instalação, pressione R para acessar o console de recuperação.

Pressione 1 para acessar a sua instalação, em seguida digite a senha de Administrador e pressione Enter, ou apenas Enter caso não tenha definido nenhuma senha.

Digite os seguintes comandos abaixo:

ATTRIB -R -S -H C:\NTLDR

ATTRIB -R -S -H C:\NTDETECT.COM

COPY X:\i386\NTLDR C:

COPY X:\i386\NTDETECT.COM C:

Exit

OBS: ( onde C: é a partição da inicialização do sistema e X: é a letra correspondente ao drive do seu CD-Rom)

Em seguida reinicie e veja se resolve.

[Guest --Jonathan --]

Eu fiz o download do WindowsXPSP2 pois n tinha o cd original. E quando ponho o CD na drive não aparece nada e continua a dar o mesmo erro(Falta NTLDR ...), ou seja continuo a não conseguir aceder ao windows, penso que tnh d criar um cdboot, mas n sei fazer isso, aguardo uma explicaçao se possivel, obrigada x).

[RenatoMejias]

Eu fiz o download do WindowsXPSP2 pois n tinha o cd original. E quando ponho o CD na drive não aparece nada e continua a dar o mesmo erro(Falta NTLDR ...), ou seja continuo a não conseguir aceder ao windows, penso que tnh d criar um cdboot, mas n sei fazer isso, aguardo uma explicaçao se possivel, obrigada x).

Você já tinha o SP2 instalado, veja no cabeçalho do seu log:

Logfile of HijackThis v1.99.1

Scan saved at 18:21:16, on 18-03-2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

E além disso, siga os procedimentos passados pelo JackSSA.

De boot com o CD de instalação do Windows XP. Na primeira tela do assistente de instalação, pressione R para acessar o console de recuperação.

Pressione 1 para acessar a sua instalação, em seguida digite a senha de Administrador e pressione Enter, ou apenas Enter caso não tenha definido nenhuma senha.

Digite os seguintes comandos abaixo:

ATTRIB -R -S -H C:\NTLDR

ATTRIB -R -S -H C:\NTDETECT.COM

COPY X:\i386\NTLDR C:

COPY X:\i386\NTDETECT.COM C:

Exit

OBS: ( onde C: é a partição da inicialização do sistema e X: é a letra correspondente ao drive do seu CD-Rom)

Em seguida reinicie e veja se resolve.

[Guest --Jonathan --]

Eu tou a dizer que fiz o download do windows xpsp2 após aparecer me esse erro, e fiz o download do windows xp para fazer boot com o cd, o problema é que n sei fazer isso, já gravei para 1 cd e quando aparece esse erro ponho o disco na drive mas não acontece nada :x. Só preciso de uma ajuda para fazer boot, pois não sei como isso funciona.