[Arquivado] O PC reinicia sozinho(Erro grave no C:\)

[Fabricio Rufino 0]

Boa tarde,

 

Há duas semanas meu computador reinicia sozinho e logo quando inicia a tela do Windows recebo uma mensagem dizendo que o micro se recuperou de um erro grave.

 

Escaniei com Avira anti-vírus e obtive o seguinte relatório:

Avira AntiVir Personal

Report file date: domingo, 5 de abril de 2009 15:29

 

Scanning for 1339172 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 2) [5.1.2600]

Boot mode : Normally booted

Username : Fabricio Rufino

Computer name : FAB-0388

 

Version information:

BUILD.DAT : 9.0.0.387 17962 Bytes 24/3/2009 11:04:00

AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/2/2009 15:13:26

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/2/2009 13:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/2/2009 14:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/2/2009 13:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 15:30:36

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/2/2009 23:33:26

ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 1/4/2009 15:21:15

ANTIVIR3.VDF : 7.1.3.13 57344 Bytes 3/4/2009 15:21:16

Engineversion : 8.2.0.138

AEVDF.DLL : 8.1.1.0 106868 Bytes 27/1/2009 20:36:42

AESCRIPT.DLL : 8.1.1.73 373114 Bytes 5/4/2009 15:21:24

AESCN.DLL : 8.1.1.10 127348 Bytes 5/4/2009 15:21:23

AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 21:24:41

AEPACK.DLL : 8.1.3.12 397687 Bytes 5/4/2009 15:21:22

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/2/2009 23:01:56

AEHEUR.DLL : 8.1.0.114 1700214 Bytes 5/4/2009 15:21:21

AEHELP.DLL : 8.1.2.2 119158 Bytes 26/2/2009 23:01:56

AEGEN.DLL : 8.1.1.33 340340 Bytes 5/4/2009 15:21:17

AEEMU.DLL : 8.1.0.9 393588 Bytes 9/10/2008 17:32:40

AECORE.DLL : 8.1.6.7 176502 Bytes 5/4/2009 15:21:16

AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2008 17:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 11:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 5/12/2008 13:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/1/2009 17:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 13:32:09

AVARKT.DLL : 9.0.0.1 292609 Bytes 9/2/2009 10:52:24

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/1/2009 13:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/1/2009 18:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 11:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 13:32:10

RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 9/2/2009 14:45:45

RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/3/2009 18:55:12

 

Configuration settings for the scan:

Jobname.............................: ShlExt

Configuration file..................: D:\DOCUME~1\FABRIC~1\CONFIG~1\Temp\535cbe41.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: off

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: domingo, 5 de abril de 2009 15:29

 

Starting the file scan:

 

Begin scan in 'C:\WINDOWS'

C:\WINDOWS\NirCmd.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

 

Beginning disinfection:

C:\WINDOWS\NirCmd.exe

[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application

[NOTE] The file was moved to '4a4afc07.qua'!

 

 

End of the scan: domingo, 5 de abril de 2009 15:42

Used time: 12:48 Minute(s)

 

The scan has been done completely.

 

2751 Scanned directories

58394 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

1 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

58393 Files not concerned

427 Archives were scanned

0 Warnings

1 Notes

 

E utilizei o programa Hijackthis que gerou o seguinte log para, também, ser analizado:

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:44:02, on 5/4/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

D:\WINDOWS\Explorer.EXE

D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

D:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\HPZipm12.exe

D:\WINDOWS\system32\wuauclt.exe

D:\WINDOWS\system32\notepad.exe

C:\hijack\HiJackThis.exe

 

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Arquivos de programas\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Arquivos de programas\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [HP Software Update] "D:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HP Component Manager] "D:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avgnt] "D:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] D:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - D:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 3585 bytes

 

 

Espero à ajuda de vocês.

 

Espero retorno.

 

Grato

[Silas Martins 0]

Baixe o Norman Malware Cleaner aqui: http://superdownloads.uol.com.br/redir.cfm?softid=63672

Depois de instalado execute e adicione todas as áreas físicas e removíveis do seu pc ( ex: C: D: E: F: e outras) só então clique em StartScan.

Após isso poste o log do Hijackthis,juntamente com o log do Norman

[Mário Monteiro 179]

Topico aberto a pedido do autor

 

Nao deixe de postar um novo log

 

Aos analistas, depois que o membro postar este topico que estava sendo analisado pelo silas estará como se nao tivesse iniciado analises

[Fabricio Rufino 0]

Obrigado Mario Monteiro!

Ainda não tive tempo de gerar um novo log.

 

Espero a compreensão de vocês.

[Mário Monteiro 179]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.