[Resolvido!]Meu computador reinicia toda hora

drired · Dezembro 17, 2006

:natal_sad: Oi pessoal,

Estou com um problema no meu micro. Depois de alguns minutos funcionando

ele simplesmente reinicia ou ainda apresenta uma janela avisando que será

necessário que ele reinicie.

Achei que era algum tipo de conflito ou problema físico já que o computador

é novo, não tem 1 mês de uso ainda.

Depois de pesquisar pela internet, achei o fórum de vcs, segui as intruções

e aí está o log que o Hijack This criou.

Por favor me deem uma luz pois nunca mexi com windows xp antes e estou

apavorada...

Abraços,

Drika

Logfile of HijackThis v1.99.1

Scan saved at 13:14:25, on 16/12/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://br.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Arquivos de programas\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\WINDOWS\Downloaded Program Files\gbiehuni.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll

O4 - HKLM\..\Run: [sMSERIAL] sm56hlpr.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"

O4 - HKLM\..\Run: [ulead AutoDetector] C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [spywareTerminator] "C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: VIA RAID TOOL.lnk = C:\Arquivos de programas\VIA\RAID\raid_tool.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159989554421

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.unibanco.com.br/GbPlug...GbPluginUni.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Arquivos de programas\Intel\NCS\Sync\NetSvc.exe

jgarcia · Dezembro 20, 2006

Opa drired,

Baixe o F-Secure Blacklight em:

F-Secure Blacklight

Salve-o em sua área de trabalho e o execute. Aceite o acordo.

Se ele encontrar algum arquivo, ignore, pois quero apenas o log.

Ao final do scan será gerado o arquivo fsb-xxxxx.log (onde xxx são números). Preciso que você copie o log e poste em sua próxima resposta.

Abraços.

drired · Dezembro 26, 2006

Oi JGarcia,Tudo bem? Antes de mais nada, obrigada pela ajuda....Estou copiando então o log que o blacklight criou...12/26/06 15:08:04 [info]: BlackLight Engine 1.0.47 initialized12/26/06 15:08:04 [info]: OS: 5.1 build 2600 (Service Pack 2)12/26/06 15:08:04 [Note]: 7019 412/26/06 15:08:04 [Note]: 7005 012/26/06 15:08:08 [Note]: 7006 012/26/06 15:08:08 [Note]: 7011 196012/26/06 15:08:08 [Note]: 7026 012/26/06 15:08:09 [Note]: 7026 012/26/06 15:08:11 [Note]: FSRAW library version 1.7.102012/26/06 15:08:11 [Note]: 2000 101212/26/06 15:09:35 [Note]: 2000 101212/26/06 15:09:35 [Note]: 2000 101212/26/06 15:10:02 [Note]: 7007 0Era esse o log? Se tiver alguma outra informação que eu precise pegar, é só me avisar.Abraços,Dri

jgarcia · Dezembro 26, 2006

Opa drired,

Execute o Active Scan da Panda e retorne com o resultado.

Abraços.

drired · Dezembro 29, 2006

:natal_ohmy: Oi JGarcia,Tudo bem? você não imagina o trabalho que deu para passar o Panda com esta máquina desligando a cada 5 minutos... mas aí está o log...Será que tem como resolver esse problema? você recomendaria algum antivirus que evite esse tipo de caso?Desculpa estar dando trabalho, mas estou passada com essa coisa toda... dá vontade de formatar o micro e instalar o windows 95, que com este, no outro micro, nunca tive problemas.Abraços e um Bom Ano Novo,Dri:natal_ohmy: Oi JGarcia,Tudo bem? você não imagina o trabalho que deu para passar o Panda com esta máquina desligando a cada 5 minutos... mas aí está o log...Será que tem como resolver esse problema? você recomendaria algum antivirus que evite esse tipo de caso?Desculpa estar dando trabalho, mas estou passada com essa coisa toda... dá vontade de formatar o micro e instalar o windows 95, que com este, no outro micro, nunca tive problemas.Abraços e um Bom Ano Novo,DriIncident Status Location Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\User\Cookies\user@counter.hitslink[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@de.uol.com[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@fastclick[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@ig.com[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@media.fastclick[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@terra.com[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@uol.com[1].txt Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

Guilherme Rambo · Dezembro 29, 2006

Potentially unwanted tool:Application/Restart Not disinfected C:\WINDOWS\system32\Tools\Restart.exe

Será isso o seu problema?

drired · Dezembro 29, 2006

Oi Phone, Pelo jeito é!!!!você sabe qual a melhor maneira de me livrar dessa praga? Já bati a cabeça na parede umas mil vezes e não resolveu... (hehehehe)Mas, falando sério, quando rodei o Panda apareceu um atalho para limpar os spywares... esta seria a melhor maneira de limpar o micro ou tem alguma outra forma mais apropriada?Obrigada pela ajuda e um Bom Ano Novo,Dri

Guilherme Rambo · Dezembro 29, 2006

Naum, ali diz que ele naum removeu, intaum, entra no modo de segurança e exclui esse arquivo ali(faça por sua conta e risco), hehehe, naum repara, mas naum manjo mtu de segurança, soh acho q o problema ta bem obvio neh ^_^[]'s

jgarcia · Dezembro 30, 2006

Opa drired,

Vamos lá.

1ª Etapa

Baixe o Killbox em:

Killbox

1. Execute o Killbox, clique em Delete on Reboot.

2. Copie a lista abaixo em negrito para a área de transferência. Selecione com o auxílio do mouse --> vá até a aba Editar na barra do navegador --> clique em Copiar.

C:\WINDOWS\system32\Tools\Restart.exe

3. Retorne ao Killbox. Clique em File > Paste from clipboard. Clique em All Files.

4. Aperte em "X". Responda "não" à pergunta.

2ª Etapa

Reinicie em Modo Normal.

Verifique se o problema foi resolvido.

Aguardo retorno.

Um abraço.

drired · Dezembro 31, 2006

Oi JGarcia,Tudo bem? Segui suas instruções, parece que o Killbox acabou com a raça do tal do Restart.Mas acho que ainda tem alguma coisa porque passei o Panda mais uma vez e ele localizou um Rootkit e os mesmos 18 (?) Spywares.Além do mais, depois de passar o Killbox, enquanto passava de novo o Panda, a máquina desligou mais uma vez... acho que ainda não conseguimos localizar o aqruivo vodu que está provocando este problema.Tem mais uma coisa, ontem, procurando no Google, encontrei uma pagina da Microsoft que falava sobre uma configuração para a segurança da memória. (alguma coisa DEP)Segui as instruções do site da Microsoft e isso deu uma estabilidade um pouco maior ao micro... ele quase não está desligando mais.O problema é que eu tenho quase certeza que tem alguma coisa plantada na memória que ainda não foi localizada pelos antivírus, já que, por exemplo o AVG, sem qualquer motivo aparece como desativado e o Firewall do Windows tb.Agradecendo sua ajuda preciosa, novamente aguardo instruções...Abraços "reveillonicos",Dri :natal_smile: Incident Status Location Potentially unwanted tool:Application/Restart Not disinfected C:\!KillBox\Restart.exe Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\User\Cookies\user@counter.hitslink[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@de.uol.com[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\User\Cookies\user@fastclick[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@google.com[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\User\Cookies\user@hotlog[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@ig.com[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\User\Cookies\user@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\User\Cookies\user@questionmarket[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\User\Cookies\user@statse.webtrendslive[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@terra.com[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\User\Cookies\user@tradedoubler[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@uol.com[1].txt

jgarcia · Dezembro 31, 2006

Opa drired,

Baixe o SilentRunners.

Extraia o arquivo SilentRunners.vbs para o C. Dê duplo clique sobre o arquivo para executá-lo.

Após executá-lo aguarde até que seja gerado um documento denominado Startup Programs (USUÁRIO) data. Copie o conteúdo deste documento e cole em sua próxima resposta.

Abraços.

Obs.: Caso o seu AV detecte o arquivo como sendo um script malicioso não se preocupe e autorize a execução.

drired · Janeiro 2, 2007

Oi JGarcia,Como foi de Ano Novo? Segui suas instruções e fiquei impressionada com a quantidade de coisas que rodam nesse computador... aí vai o log:Abraços,Dri"Silent Runners.vbs", revision RED (R28) (Echo output), launched at: 00:18Operating System: Windows XP SP2Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"PowerBar" = "" [(file not found)]"MSMSGS" = ""C:\Arquivos de programas\Messenger\msmsgs.exe" /background" [MS]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"SMSERIAL" = "sm56hlpr.exe" ["Motorola Inc."]"VTTimer" = "VTTimer.exe" ["S3 Graphics, Inc."]"VTTrayp" = "VTtrayp.exe" ["S3 Graphics Co., Ltd."]"RemoteControl" = ""C:\Arquivos de programas\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"" ["Cyberlink Corp."]"PRONoMgr.exe" = "C:\Arquivos de programas\Intel\NCS\PROSet\PRONoMgr.exe" ["Intel® Corporation"]"igfxtray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]"igfxhkcmd" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]"igfxpers" = "C:\WINDOWS\system32\igfxpers.exe" ["Intel Corporation"]"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]"SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"Lexmark 1200 Series" = ""C:\Arquivos de programas\Lexmark 1200 Series\lxczbmgr.exe"" ["Lexmark International, Inc."]"Ulead AutoDetector" = "C:\Arquivos de programas\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" ["Ulead Systems, Inc."]"SpywareTerminator" = ""C:\Arquivos de programas\Spyware Terminator\SpywareTerminatorShield.exe"" [file not found]"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]"AVG7_CC" = "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]HKLM\Software\Microsoft\Active Setup\Installed Components\">{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default)" = "Microsoft Windows Media Player" \StubPath = "C:\WINDOWS\inf\unregmp2.exe /ShowWMP" [MS]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\(Default) = "Yahoo! Companion BHO" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll" ["Yahoo! Inc."]{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\ARQUIV~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]{C41A1C0E-EA6C-11D4-B1B8-444553540008}\(Default) = "G-Buster Browser Defense Unibanco" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\Downloaded Program Files\gbiehuni.dll" ["Banco Unibanco"]HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"PostBootReminder" = "{7849596a-48ea-486e-8937-a2a3009f31a9}" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"CDBurn" = "{fbeb8a05-beee-4442-804e-409d6c4515e9}" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\SHELL32.dll" [MS]"WebCheck" = "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\webcheck.dll" [MS]"SysTray" = "{35CEC8A3-2BE6-11D2-8773-92E220524153}" -> resolves to: {CLSID}\InprocServer32\(Default) = "C:\WINDOWS\system32\stobject.dll" [MS]HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\INFECTION WARNING! "igfxcui\DLLName" = "igfxdev.dll" ["Intel Corporation"]Startup items in "User" & "All Users" startup folders:-------------------------------------------------------C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar"Adobe Gamma Loader.exe" -> shortcut to: "C:\Arquivos de programas\Arquivos comuns\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]"VIA RAID TOOL" -> shortcut to: "C:\Arquivos de programas\VIA\RAID\raid_tool.exe" ["VIA Technologies"]Running Services (Display Name, Service Name, Path {Service DLL}):------------------------------------------------------------------Agendador de tarefas, Schedule, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\schedsvc.dll" [MS]}Ajuda e suporte, helpsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll" [MS]}Armazenamento protegido, ProtectedStorage, "C:\WINDOWS\system32\lsass.exe" [MS]Assistente de aquisi‡Æo de imagens do Windows (WIA), stisvc, "C:\WINDOWS\system32\svchost.exe -k imgsvc" {"C:\WINDOWS\system32\wiaservc.dll" [MS]}Atualiza‡äes Autom ticas, wuauserv, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wuauserv.dll" [MS]}Auxiliar NetBIOS TCP/IP, LmHosts, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\lmhsvc.dll" [MS]}AVG E-mail Scanner, AVGEMS, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]AVG7 Alert Manager Server, Avg7Alrt, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]AVG7 Update Service, Avg7UpdSvc, "C:\ARQUIV~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]Central de Seguran‡a, wscsvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wscsvc.dll" [MS]}Chamada de procedimento remoto (RPC), RpcSs, "C:\WINDOWS\system32\svchost -k rpcss" {"C:\WINDOWS\system32\rpcss.dll" [MS]}Cliente da Web, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [MS]}Cliente de rastreamento de link distribu¡do, TrkWks, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\trkwks.dll" [MS]}Cliente DHCP, Dhcp, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\dhcpcsvc.dll" [MS]}Cliente DNS, Dnscache, "C:\WINDOWS\system32\svchost.exe -k NetworkService" {"C:\WINDOWS\System32\dnsrslvr.dll" [MS]}Compatibilidade com 'Troca r pida de usu rio', FastUserSwitchingCompatibility, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}Conexäes de rede, Netman, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\netman.dll" [MS]}Configura‡Æo zero sem fio, WZCSVC, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wzcsvc.dll" [MS]}Detec‡Æo do hardware do shell, ShellHWDetection, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}Erro ao informar o servi‡o, ERSvc, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ersvc.dll" [MS]}Esta‡Æo de trabalho, lanmanworkstation, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\wkssvc.dll" [MS]}Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS), SharedAccess, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\ipnathlp.dll" [MS]}Gerenciador de conexÆo de acesso remoto, RasMan, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\rasmans.dll" [MS]}Gerenciador de contas de seguran‡a, SamSs, "C:\WINDOWS\system32\lsass.exe" [MS]Hor rio do Windows, W32Time, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\w32time.dll" [MS]}Inicializador de Processo de Servidor DCOM, DcomLaunch, "C:\WINDOWS\system32\svchost -k DcomLaunch" {"C:\WINDOWS\system32\rpcss.dll" [MS]}LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]Log de eventos, Eventlog, "C:\WINDOWS\system32\services.exe" [MS]Logon secund rio, seclogon, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\seclogon.dll" [MS]}Monitor de infravermelho, Irmon, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\irmon.dll" [MS]}Notifica‡Æo de eventos de sistema, SENS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\sens.dll" [MS]}Plug and Play, PlugPlay, "C:\WINDOWS\system32\services.exe" [MS]Reconhecimento de local da rede (NLA), Nla, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\mswsock.dll" [MS]}Servidor, lanmanserver, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\srvsvc.dll" [MS]}Servi‡o 'Gateway de camada de aplicativo', ALG, "C:\WINDOWS\System32\alg.exe" [MS]Servi‡o de descoberta SSDP, SSDPSRV, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\ssdpsrv.dll" [MS]}Servi‡o de restaura‡Æo do sistema, srservice, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\srsvc.dll" [MS]}Servi‡o de transferˆncia inteligente de plano de fundo, BITS, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\qmgr.dll" [MS]}Servi‡os de criptografia, CryptSvc, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\cryptsvc.dll" [MS]}Servi‡os de terminal, TermService, "C:\WINDOWS\System32\svchost -k DComLaunch" {"C:\WINDOWS\System32\termsrv.dll" [MS]}Servi‡os IPSEC, PolicyAgent, "C:\WINDOWS\system32\lsass.exe" [MS]Sistema de eventos COM+, EventSystem, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\es.dll" [MS]}Spooler de impressÆo, Spooler, "C:\WINDOWS\system32\spoolsv.exe" [MS]Telefonia, TapiSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\tapisrv.dll" [MS]}Temas, Themes, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\shsvcs.dll" [MS]}Testador de instrumenta‡Æo de gerenciam. do Windows, winmgmt, "C:\WINDOWS\system32\svchost.exe -k netsvcs" {"C:\WINDOWS\system32\wbem\WMIsvc.dll" [MS]}µudio do Windows, AudioSrv, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\audiosrv.dll" [MS]}

jgarcia · Janeiro 2, 2007

Opa drired,

Delete o conteúdo da seguinte pasta C:\!KillBox.

Baixe o CCleaner, mas não o execute ainda.

Baixe e instale este pacote de segurança.

Reinicie em Modo Normal.

Execute o CCleaner e clique em Executar Cleaner.

Execute o Active Scan novamente e veja se ainda detecta algo.

Abraços.

drired · Janeiro 3, 2007

Oi JGarcia,você não vai acreditar, mas depois de atualizar Windows, Internet Explorer e passar o CCleaner, o Panda encontrou um montão de vírus e spywares aqui no micro.Agora sim... pelo jeito o vodu vai ser solucionado...Abraços,DriLa vai o log:Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@terra.com[1].txt Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[hpo5300a.aio] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[hpo5400a.aio] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[lxaaalg6.out] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[lxacalg6.out] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[lxmaalg6.out] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[lxroalg6.out] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc465006.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc465012.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc46nx06.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc46nx12.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc46n_06.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[nc46n_12.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4206.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4212.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4406.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4412.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4606.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ncss4612.icm] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ss2500r.icm] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[ss2500t.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[te_protm.pm][te_multi.pm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[tkph340d.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[tkph340h.icm] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[u192v073.bin] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[xrx4915d.icm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\driver.cab[xrx4915h.icm] Virus:Univ Not disinfected C:\WINDOWS\Driver Cache\i386\sp2.cab[blutooth.chm][/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Driver Cache\i386\sp2.cab[netwlan5.img] Virus:Univ Not disinfected C:\WINDOWS\Help\article.chm[/adp_quickstart.htm] Virus:Univ Not disinfected C:\WINDOWS\Help\article.chm[/ahn_assemble.htm] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\atm.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\blurbs.chm[/$FIftiMain] Virus:Univ Not disinfected C:\WINDOWS\Help\blutooth.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\calc.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\clipbrd.chm[/$FIftiMain] Virus:Horse 5 Not disinfected C:\WINDOWS\Help\datetime.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\dialer.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\display.chm[/$FIftiMain] Virus:Horse 5 Not disinfected C:\WINDOWS\Help\dskquoui.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\dxdiag.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\evconcepts.chm Virus:Horse 5 Not disinfected C:\WINDOWS\Help\find.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\fxsclnt.chm[/#URLTBL] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\howto.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\hs.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\hschelp.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\hypertrm.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\ieakmmc.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\ieeula.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\iexplore.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\imgprev.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\infrared.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\isconcepts.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\mail.chm[/$FIftiMain] Virus:Cruel.A Not disinfected C:\WINDOWS\Help\mmc.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\mpconcepts.chm Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\msinfo32.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\msoe.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\mspaint.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\netcfg.chm[/$FIftiMain] Virus:Univ Not disinfected C:\WINDOWS\Help\network.chm[/hnw_sample_table.htm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\network.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\ntcmds.chm Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\odbcjet.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\osk.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\pinball.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\printing.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\pwrmn.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\regedit.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\smlogcfg.chm[/#URLTBL] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\sndvol32.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\speech.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\supp_ed.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Help\sysmon.chm[/#URLTBL] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\sysrestore.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\tcpip.chm[/$FIftiMain] Virus:Univ Not disinfected C:\WINDOWS\Help\telnet.chm[/$FIftiMain] Virus:Univ Disinfected C:\WINDOWS\Help\Tours\htmlTour\img100.jpg Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\utilmgr.chm[/$FIftiMain] Virus:Univ Not disinfected C:\WINDOWS\Help\whatsnew.chm[/whatsnew_digital.htm] Virus:Univ Not disinfected C:\WINDOWS\Help\wmplayer.chm[/htm/toswitchcameraangles.htm] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\wmplayer.chm[/$FIftiMain] Virus:BackFormat.2000.B Not disinfected C:\WINDOWS\Help\wschelp.chm[/$FIftiMain] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\14014d.msi[unk_0011] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\14014d.msi[unk_0022] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\15a75.msi[unk_0013] Virus:BackFormat.2000.B Renamed C:\WINDOWS\Installer\15a75.msi[unk_0015] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\182ca.msi[unk_0001] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\18452.msi[unk_0013] Virus:BackFormat.2000.B Renamed C:\WINDOWS\Installer\18452.msi[unk_0017] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\20598.msi[unk_0006] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\205a8.msi[unk_0012] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\22787d.msi[unk_0002] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\22787d.msi[unk_0027] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\3f1492.msi[unk_0019] Virus:BackFormat.2000.B Renamed C:\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\2070.mst[unk_0022] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\2070.mst[unk_0028] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Installer\{D1696920-9794-4BBC-8A30-7A88763DE5A2}\2070.mst[unk_0034] Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Prefetch\UPDATE.EXE-225D9D67.pf Virus:Univ Disinfected C:\WINDOWS\system32\ansi.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\append.exe Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\bopomofo.uce Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\CatRoot2\edb000A0.log Virus:Univ Disinfected C:\WINDOWS\system32\COLOR\epsn1p04.icm Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\COLOR\mt600zm7.icm Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\COLOR\xyz2xyz.icm Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\comm.drv Virus:Univ Disinfected C:\WINDOWS\system32\command.com Virus:Horse 5 Renamed C:\WINDOWS\system32\config\systemprofile\Modelos\lotus.wk4 Virus:Horse 5 Renamed C:\WINDOWS\system32\c_1255.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\c_28598.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\c_936.nls Virus:Horse 5 Renamed C:\WINDOWS\system32\c_950.nls Virus:Univ Disinfected C:\WINDOWS\system32\dllcache\ansi.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\append.exe Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\big5.nls Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\bopomofo.nls Virus:Univ Disinfected C:\WINDOWS\system32\dllcache\c_10002.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_10005.nls Virus:Horse 5 Renamed C:\WINDOWS\system32\dllcache\c_1255.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_20004.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_20424.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_28598.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_862.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\c_936.nls Virus:Horse 5 Renamed C:\WINDOWS\system32\dllcache\c_950.nls Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\himem.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ltts1033.lxa Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\mscdexnt.exe Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\ntdos.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\ntdos404.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\ntdos411.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\ntdos412.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\ntdos804.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ntio.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ntio404.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ntio411.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ntio412.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\ntio804.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\prcp.nls Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\dllcache\secupd.dat Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\sysedit.exe Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\win87em.dll Virus:Cruel.A Disinfected C:\WINDOWS\system32\dllcache\winhelp.exe Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\dllcache\xjis.nls Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\FNTCACHE.DAT Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\graphics.com Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\himem.sys Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\ideograf.uce Virus:Horse 5 Renamed C:\WINDOWS\system32\igxpxa32.cpa Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\igxpxk32.vp Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\mscdexnt.exe Virus:Cruel.A Disinfected C:\WINDOWS\system32\ntdos.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\ntdos404.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\ntdos411.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\ntdos412.sys Virus:Cruel.A Disinfected C:\WINDOWS\system32\ntdos804.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\ntio.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\ntio404.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\ntio411.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\ntio412.sys Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\ntio804.sys Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\oobe\images\mslogo.jpg Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\oobe\images\newbtm8.jpg Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\secupd.dat Virus:Univ Disinfected C:\WINDOWS\system32\setver.exe Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZALGN.OUT Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczcaln.out Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZCLN.OUT Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\3\lxczkaln.out Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\spool\drivers\w32x86\3\WAVS.EXE Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZALGN.OUT Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczcaln.out Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\LXCZCLN.OUT Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\lxczkaln.out Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\spool\drivers\w32x86\lexmark_1200_series8142\WAVS.EXE Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\sqlsodbc.chm[/$FIftiMain] Virus:Cruel.A Disinfected C:\WINDOWS\system32\sysedit.exe Virus:Horse 5 Renamed C:\WINDOWS\system32\wbdbase.enu Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\wbdbase.ita Virus:Cruel.A Disinfected C:\WINDOWS\system32\wbdbase.nld Virus:Horse 5 Renamed C:\WINDOWS\system32\wbdbase.sve Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\system32\webfldrs.msi[unk_0024] Virus:BackFormat.2000.B Renamed C:\WINDOWS\system32\win87em.dll Spyware:Spyware/Netshagg Not disinfected C:\WINDOWS\Web\Wallpaper\Windows XP.jpg Virus:Cruel.A Disinfected C:\WINDOWS\winhelp.exe

drired · Janeiro 3, 2007

Oi JGarcia,Sou eu de novo! (hehehe)Depois de entrar em pânico, passei novamente o active scan, parece que agora está tudo tranquilo.Abraços,DriAí vai o log:Incident Status Location Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\User\Cookies\user@atdmt[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@de.uol.com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\User\Cookies\user@doubleclick[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@google.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@terra.com[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\User\Cookies\user@uol.com[3].txt

jgarcia · Janeiro 3, 2007

Opa drired,

Em vista dos últimos acontecimentos sugiro que execute os seguintes scans:

1. Housecall da TrendMicro;

2. Scan Online da BitDefender.

Retorne com os resultados.

Abraços.

drired · Janeiro 4, 2007

Oi JGarcia,Depois de muita briga, consegui passar os dois av online....Acho que o problema foi resolvido, mas ainda tem feito algumas coisas estranhas... acho que vou levá-lo numa assistência técnica para checar se é algum problema físico...Abraços e obrigada pela ajuda,Dri :thumbsup: Ta aí o resultado:BitDefender Online Scanner - Real Time Virus Report Generated at: Thu, Jan 04, 2007 - 13:30:39 --------------------------------------------------------------------------------Scan Info Scanned Files 78462 Infected Files 0Virus Detected No virus found. ---------------------------------------------------------------------------------------------------------- Scanning and Cleaning CompleteHouseCall did not find any potential threats on your computer. Make sure you run HouseCall once a week to keep your PC clean and malware free.

jgarcia · Janeiro 4, 2007

Opa drired,

Realmente. Parece que os malwares deixaram sua máquina e foram atormentar por outras bandas, he he.

A sua idéia de levar a máquina a um técnico é muito boa, pois podem haver problemas de ordem física, com os quais não poderei lhe ajudar, visto ainda não existir a máquina de tele-transporte. :yay: :yay: :yay:

Abraços e boa sorte.

PS.: Quando precisar é só falar. :thumbsup:

jgarcia · Fevereiro 2, 2007

PROBLEMA RESOLVIDO!

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Arquivado

[Resolvido!]Meu computador reinicia toda hora

Recommended Posts

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Guilherme Rambo 4

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

Guilherme Rambo 4

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

drired 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

jgarcia 1

Compartilhar este post

Link para o post

Compartilhar em outros sites

Fixar div até atingir uma certa altura