[Resolvido!]

[mtllgtrr 0]

Reinicieio computador inicializando todos processos >>> Baixei hijack this >>> extrai em C:// >>> executei-o >>> Scan e salvar log(axo)

 

segue meu log:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:39:52, on 8/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\alggx.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\logon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ipwins\ipwins.exe

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-0960-1046-0812-040927020037}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\lsssas.exe

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\regfixxsx.exe

C:\OtSTriad\OtSTriad\OtSTriad.exe

C:\Arquivos de programas\TClock\TClock.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\OtSTriad\mysql\bin\mysqld-nt.exe

C:\OtSTriad\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\OtSTriad\bin\apache.exe

C:\WINDOWS\update\updmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\ARQUIV~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\HijackThis.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [algxxs] C:\WINDOWS\alggx.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ipWins] C:\Arquivos de programas\ipwins\ipwins.exe

O4 - HKCU\..\Run: [TClock.exe] C:\Arquivos de programas\TClock\tclock_install.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\micro\CONFIG~1\Temp\Rar$EX00.266\FreeRAM XP Pro 1.40.exe" -win

O4 - Startup: OtSTriad Monitor.lnk = C:\OtSTriad\OtSTriad\OtSTriad.exe

O4 - Global Startup: lsssas.exe

O4 - Global Startup: regfixxsx.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OtSTriad MySQL 5.0.18 - Unknown owner - C:\OtSTriad\mysql\bin\mysqld-nt.exe

O23 - Service: OtSTriad Apache 2.0.55 (OtSTriadApache2.0.55) - Unknown owner - C:\OtSTriad\bin\apache.exe" -k runservice (file missing)

O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

-------------

Obrigado, o trabalho d vcs eh nota 10 xD

[Sam Spade 2]

Olá mtllgtrr! O log mostra algumas infecções e uma delas é por um trojan banker. Este trojan captura senhas e as envia para um hacker. É recomendável que troque as mesmas. Baixe:

 

BankerFix

BFU

 

Salve ou imprima estas instruções:

 

1 - Desabilite o seu anti vírus e os seus anti spywares (com proteção em tempo real).

 

É necessário que esteja conectado para baixar o script que será usado no BFU.

 

Dê um duplo clique no ícone do BFU.

Na parte superior (Scriptfile to execute:) clique no botão Web (segundo botão com o ícone verde e azul).

 

Na caixa Download BFU script... coloque:

 

http://metallica.geekstogo.com/alcanshorty.bfu

 

Clique em OK e depois no botão Execute.

 

Quando o processo acabar aparecerá o aviso: Completed script execution.

Clique em OK e depois em Exit.

 

2 - Importante: O BankerFix irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

 

Desative o seu anti vírus temporariamente, para não haver conflitos.

 

Dê um duplo-clique no bankerfix.exe, dê o Enter e espere ele terminar. Ao terminar, leia a mensagem na tela e aperte Enter novamente.

 

3 - Habilite o anti vírus e anti spywares. Gere um log com o HijackThis e poste, junto com o relatorio.txt. Está em C:\LinhaDefensiva\relatorio.txt

 

Depois de fazer sua resposta você pode apagar a pasta LinhaDefensiva que está em C:\

[mtllgtrr 0]

Segui o procedimento passo a passo, Sam Spade.

Segue o relatorio.txt e o Log do HijackThis>

 

_____________________________

Logfile of HijackThis v1.99.1

Scan saved at 14:33:53, on 8/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-0960-1046-0812-040927020037}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\TClock\TClock.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\OtSTriad\mysql\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\update\updmgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\ARQUIV~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [TClock.exe] C:\Arquivos de programas\TClock\tclock_install.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\micro\CONFIG~1\Temp\Rar$EX00.266\FreeRAM XP Pro 1.40.exe" -win

O4 - Startup: OtSTriad Monitor.lnk = C:\OtSTriad\OtSTriad\OtSTriad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{66414D7E-B780-4E14-A0ED-4A3014637108}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OtSTriad MySQL 5.0.18 - Unknown owner - C:\OtSTriad\mysql\bin\mysqld-nt.exe

O23 - Service: OtSTriad Apache 2.0.55 (OtSTriadApache2.0.55) - Unknown owner - C:\OtSTriad\bin\apache.exe" -k runservice (file missing)

O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

_____________________________________

 

INICIANDO BANKER FIX

=======================================================

 

Arquivo infectado detectado: C:\WINDOWS\alggx.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\lsssas.exe

Arquivo infectado removido com sucesso!

 

Arquivo infectado detectado: C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\regfixxsx.exe

Arquivo infectado removido com sucesso!

 

 

INICIANDO FOX FIX

=======================================================

Iniciando Log do PV

-----------------------------------

 

Killing '*'

 

Arquivos a remover

-----------------------------------

 

 

Arquivos ruins restantes

-----------------------------------

 

 

Reg Importado

-----------------------------------

 

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[Sam Spade 2]

OK, baixe:

 

KillBox

F-Secure BlackLight > abra uma pasta própria em C:\ e salve nela.

 

Copie e salve no Bloco de notas este texto em azul. Salve com um nome fácil de localizar:

 

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-0960-1046-0812-040927020037}\Update.exe

C:\WINDOWS\update\updmgr.exe

 

Configure o Windows para mostrar todos os arquivos

 

Salve ou imprima estas instruções, pois vai segui-las desconectado e sem acesso a esta página:

 

1 - No Painel de Controle > Adicionar/Remover programas > desinstale: TClock

 

Mesmo que não encontre ou não consiga desinstalar, continue seguindo as instruções.

 

2 - Vá em Iniciar > Executar > digite: services.msc e clique em OK.

 

Procure o serviço Windows Update Manager ou UpdateManager, clique em cima com o direito e depois em Propriedades.

 

Pare o serviço e coloque o Tipo de Inicialização como desativado.

 

3 - Abra o HijackThis e clique no botão Open the Misc Tools section e depois em Delete an NT service.

 

Coloque isto: UpdateManager

 

Clique em OK. Não reinicie o PC.

 

4 - Copie o texto que salvou no bloco de notas. Rode o KillBox e marque Delete on Reboot, no menu File clique em Paste from Clipboard.

Depois clique no botão All Files.

 

Clique no botão com o X. Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

5 - Faça um scan com o HijackThis, marque as entradas abaixo, que ainda encontrar e clique em Fix checked:

 

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

 

O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe

 

O4 - HKCU\..\Run: [TClock.exe] C:\Arquivos de programas\TClock\tclock_install.exe

 

6 - Pelo Windows Explorer > Arquivos de programas > localize e delete a pasta TClock e o seu conteúdo.

 

7 - Reinicie o PC em modo normal. Entre na pasta do BlackLight, dê um duplo-clique no seu ícone e faça um scan (mais nada, apenas o scan).

 

Será gerado um log que é um arquivo com este nome: fsb-seqüencia de números.log.

 

8 - Faça um scan com o HijackThis e salve o log.

 

Poste:

 

log do BlackLight

log do HijackThis

[mtllgtrr 0]

Antes de seguir, seria injusto não falar brigado xD

 

----------------------------------------------------------

08/10/06 14:02:08 [info]: BlackLight Engine 1.0.42 initialized

08/10/06 14:02:08 [info]: OS: 5.1 build 2600 (Service Pack 2)

08/10/06 14:02:09 [Note]: 7019 4

08/10/06 14:02:09 [Note]: 7005 0

08/10/06 14:04:14 [Note]: 7006 0

08/10/06 14:04:14 [Note]: 7011 1968

08/10/06 14:04:14 [Note]: 7026 0

08/10/06 14:04:14 [Note]: 7026 0

08/10/06 14:04:24 [Note]: FSRAW library version 1.7.1019

08/10/06 14:07:28 [Note]: 7007 0

 

----------------------------------------------------------------------

Não sei se esse log acima esta correto, mas se ajudar, quando terminou o scan ele informou que não havia encontrado nenhum hide

file

 

___________________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 14:10:35, on 10/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-095F-1046-0812-040927020037}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\OtSTriad\mysql\bin\mysqld-nt.exe

C:\OtSTriad\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\OtSTriad\bin\apache.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\ZoneLabs\isafe.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\micro\CONFIG~1\Temp\Rar$EX00.266\FreeRAM XP Pro 1.40.exe" -win

O4 - Startup: OtSTriad Monitor.lnk = C:\OtSTriad\OtSTriad\OtSTriad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{66414D7E-B780-4E14-A0ED-4A3014637108}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OtSTriad MySQL 5.0.18 - Unknown owner - C:\OtSTriad\mysql\bin\mysqld-nt.exe

O23 - Service: OtSTriad Apache 2.0.55 (OtSTriadApache2.0.55) - Unknown owner - C:\OtSTriad\bin\apache.exe" -k runservice (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Sam Spade 2]

Ok, o log do BlackLight está limpo. Vamos refazer uma parte das instruções pois algumas entradas não saíram.

 

Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-095F-1046-0812-040927020037}\Update.exe

 

Clique no botão com o X. Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

Faça um scan com o HijackThis, marque a entrada abaixo e clique em Fix checked:

 

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

 

Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

[mtllgtrr 0]

Agora sim, sabia que tinha algo estranho..

É pprovavel que tenha algo indesejável nesse novo log pois o ZA expirou quando eu não estava no pc e o firewall do windows estava desativado... mas vamos lá:

 

____________________________________

Logfile of HijackThis v1.99.1

Scan saved at 00:09:30, on 11/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\OtSTriad\mysql\bin\mysqld-nt.exe

C:\OtSTriad\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\OtSTriad\bin\apache.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-0960-1046-0812-040927020037}\Update.exe

C:\WINDOWS\system32\ctfmon.exe

C:\OtSTriad\OtSTriad\OtSTriad.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\micro\CONFIG~1\Temp\Rar$EX00.266\FreeRAM XP Pro 1.40.exe" -win

O4 - Startup: OtSTriad Monitor.lnk = C:\OtSTriad\OtSTriad\OtSTriad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O17 - HKLM\System\CCS\Services\Tcpip\..\{66414D7E-B780-4E14-A0ED-4A3014637108}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OtSTriad MySQL 5.0.18 - Unknown owner - C:\OtSTriad\mysql\bin\mysqld-nt.exe

O23 - Service: OtSTriad Apache 2.0.55 (OtSTriadApache2.0.55) - Unknown owner - C:\OtSTriad\bin\apache.exe" -k runservice (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Sam Spade 2]

O que existe é o processo {8C41AEA3-0960-1046-0812-040927020037}\Update.exe que não se deixa deletar.

 

Selecione e copie no Bloco de notas o que está dentro do Quote, colocando o cursor do mouse antes do R de REGEDIT 4 e arrastando até o fim, em ToolBar888] <<< aqui

 

REGEDIT4

 

[-HKEY_CLASSES_ROOT\MyToolBar.MyToolBarObj]

 

[-HKEY_CLASSES_ROOT\MyToolBar.MyToolBarObj.1]

 

[-HKEY_CLASSES_ROOT\CLSID\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]

 

[-HKEY_CLASSES_ROOT\clsid\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}\programmable]

 

[-HKEY_CLASSES_ROOT\Interface\{C6F2214E-0B54-45A9-B90D-7DD4BA45ED0B}]

 

[-HKEY_CLASSES_ROOT\TypeLib\{569304BA-83ED-4CFF-AC26-BE3E482F7208}]

 

[-HKEY_CURRENT_USER\SOFTWARE\MyToolBar]

 

[-HKEY_CURRENT_USER\SOFTWARE\microsoft\internet explorer\toolbar\webbrowser {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]

 

[-HKEY_CURRENT_USER\SOFTWARE\microsoft\windows\currentversion\policies\explorer\run {8C41AEA3-0960-1046-0812-040927020037}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\internet explorer\toolbar {CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{CBCC61FA-0221-4ccc-B409-CEE865CACA3A}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ToolBar888]

O REGEDIT4 fica colado aonde se inicia o texto no bloco de notas. Não altere em nada a disposição do que colou.

 

Salve no desktop com o nome fixTB888.reg e colocando como tipo de arquivo: todos os arquivos.

 

Mantenha o Windows configurado para mostrar todos os arquivos.

 

Salve ou imprima estas instruções:

 

1 - Rode o KillBox, marque Delete on Reboot e coloque em Full Path of File to Delete:

 

C:\Arquivos de programas\Arquivos comuns\{8C41AEA3-0960-1046-0812-040927020037}\Update.exe

 

Clique no botão com o X. Responda Sim à pergunta.

 

Ao reiniciar o PC, aperte F8 intermitentemente. No menu escolha: modo seguro.

 

2 - Pelo Windows Explorer > Arquivos de programas > localize e se encontrar, exclua (SHIFT+DELETE) as pastas e todo o seu conteúdo:

 

ToolBar888

MyToolBar

 

3 - Faça uma busca por estes arquivos e se encontrar, delete-os:

 

windr32.exe

n.exe

aupdate32.exe

menu5.exe

 

Observe com cuidado os nomes corretos dos arquivos para não haver enganos.

 

4 - Localize no desktop o fixTB888.reg. Dê um duplo-clique em cima e confirme.

 

5 - Reinicie em modo normal, faça um scan com o HijackThis e salve/poste o log.

[mtllgtrr 0]

Certo,

Não encontrei nenhum dos arquivos qe me pediu:

ToolBar888

MyToolBar

nem:

windr32.exe

n.exe

aupdate32.exe

menu5.exe

_____________________________________________

Logfile of HijackThis v1.99.1

Scan saved at 18:08:57, on 11/8/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\OtSTriad\mysql\bin\mysqld-nt.exe

C:\OtSTriad\bin\apache.exe

C:\OtSTriad\bin\apache.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe

C:\Arquivos de programas\Ahead\InCD\InCD.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\OtSTriad\OtSTriad\OtSTriad.exe

C:\WINDOWS\system32\wuauclt.exe

C:\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uol.com.br/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [type32] "C:\Arquivos de programas\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [intelliPoint] "C:\Arquivos de programas\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [inCD] C:\Arquivos de programas\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Arquivos de programas\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [FreeRAM XP] "C:\DOCUME~1\micro\CONFIG~1\Temp\Rar$EX00.266\FreeRAM XP Pro 1.40.exe" -win

O4 - Startup: OtSTriad Monitor.lnk = C:\OtSTriad\OtSTriad\OtSTriad.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARQUIV~1\MSNMES~1\MSGRAP~1.DLL

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Arquivos de programas\Ahead\InCD\InCDsrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: OtSTriad MySQL 5.0.18 - Unknown owner - C:\OtSTriad\mysql\bin\mysqld-nt.exe

O23 - Service: OtSTriad Apache 2.0.55 (OtSTriadApache2.0.55) - Unknown owner - C:\OtSTriad\bin\apache.exe" -k runservice (file missing)

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

____________________________________________

dê um toque se puder excluir o fix.reg do meu desktop, vlw

 

E se estou certo, {8C41AEA3-0960-1046-0812-040927020037}\Update.exe sumiu :D, você devia dar aula disso :)

[Sam Spade 2]

Ok, o log está limpo. Os arquivos e pastas eram prováveis de ter no PC, mas como não achou, realmente eles não existiam.

 

Pode deletar o fix.reg.

 

Para finalizar, vá no Painel de Controle > Sistema > Restauração do Sistema > marque Desativar a restauração do sistema > Aplicar > OK.

Depois desmarque novamente.

 

Abraço.

[mtllgtrr 0]

Aproveitanod que o tópico já ta no topo...Muito obrigado Sam Spade, continue assim, seu trabalho ta muito bom.. :D

[Sam Spade 2]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto é necessário enviar uma Mensagem Privada para um Moderador com um link para o tópico.