[Resolvido] &nbspProblema com Anti-Virus

wings · Agosto 18, 2011

Aguardando o relatório do USBFix.

juniorzin · Agosto 18, 2011

o pen drive que tava no relatorio ja foi embora era de uma amiga minha que veio fazer trabalho , mais vo passa o usb no meu cartão pra ve

############################## | UsbFix 7.057 | [supressão]

Usuário: Administrador (Administrador) # DAS-86CB343315C [ ]

Atualizado em 17/08/2011 por El Desaparecido

Começou em 21:08:02 | 17/08/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

CPU: Pentium® Dual-Core CPU E5400 @ 2.70GHz

CPU 2: Pentium® Dual-Core CPU E5400 @ 2.70GHz

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 7.0.5730.13

Windows Firewall: Habilitado

Antivirus: Microsoft Security Essentials 3.0.8402.0 [(!) Disabled | Updated]

RAM -> 2047 Mb

C:\ (%systemdrive%) -> Disco fixo # 298 Gb (142 Mb livre - 48%) [] # NTFS

D:\ -> CD-ROM

E:\ -> Disco fixo # 75 Gb (15 Mb livre - 21%) [] # NTFS

F:\ -> CD-ROM

G:\ -> Disco removível # 2 Gb (196 Mb livre - 10%) [Musicas] # FAT32

################## | Ficheiros # pastas infeciosos |

Supprimido ! C:\Documents and Settings\Administrador\Dados de aplicativos\inst.exe

Supprimido ! C:\Recycler\S-1-5-21-1547161642-1177238915-839522115-500

Supprimido ! E:\Recycler\S-1-5-21-1547161642-1177238915-839522115-500

Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx

Supprimido ! G:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665

Supprimido ! G:\autorun.inf

################## | Registro |

################## | Mountpoints2 |

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{0b8cd3b7-886a-11df-b4a9-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{230dc2b8-03dd-11e0-b653-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b2c11a0-9e68-11df-b4ef-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{80015971-498b-11e0-b74a-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{9b7faded-6768-11df-b42a-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{a4fd0943-5ea7-11df-b3f9-806d6172696f}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{af53aff0-4fe4-11e0-b75b-002511bdcb0a}

Supprimido ! HKCU\.\.\.\.\Explorer\MountPoints2\{e4195b2c-7fe6-11e0-b368-002511bdcb0a}

################## | Listing |

[27/07/2010 - 19:16:45 | D ] C:\50330b822e96dbe00a

[17/08/2011 - 20:57:28 | N | 12391] C:\Ad-Report-CLEAN[1].txt

[17/08/2011 - 21:01:55 | N | 4608] C:\Ad-Report-CLEAN[2].txt

[16/12/2010 - 16:15:10 | D ] C:\AI

[17/08/2011 - 20:56:33 | D ] C:\Arquivos de programas

[13/05/2010 - 16:03:42 | N | 0] C:\AUTOEXEC.BAT

[16/12/2010 - 16:15:11 | D ] C:\BGM

[13/06/2011 - 17:56:56 | N | 321] C:\boot.ini

[28/10/2001 - 14:06:10 | N | 4952] C:\Bootfont.bin

[16/07/2011 - 10:19:04 | D ] C:\CFLog

[17/08/2011 - 17:08:18 | D ] C:\Config.Msi

[13/05/2010 - 16:03:42 | N | 0] C:\CONFIG.SYS

[16/12/2010 - 16:15:11 | D ] C:\data

[07/11/2010 - 20:32:10 | D ] C:\Documents and Settings

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1028.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1031.txt

[07/11/2007 - 08:00:40 | N | 10134] C:\eula.1033.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1036.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1040.txt

[07/11/2007 - 08:00:40 | N | 118] C:\eula.1041.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.1042.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.2052.txt

[07/11/2007 - 08:00:40 | N | 17734] C:\eula.3082.txt

[26/07/2011 - 17:50:22 | D ] C:\Filmes

[07/11/2007 - 08:00:40 | N | 1110] C:\globdata.ini

[07/11/2007 - 08:03:18 | N | 562688] C:\install.exe

[07/11/2007 - 08:00:40 | N | 843] C:\install.ini

[07/11/2007 - 08:03:18 | N | 76304] C:\install.res.1028.dll

[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.1031.dll

[07/11/2007 - 08:03:18 | N | 91152] C:\install.res.1033.dll

[07/11/2007 - 08:03:18 | N | 97296] C:\install.res.1036.dll

[07/11/2007 - 08:03:18 | N | 95248] C:\install.res.1040.dll

[07/11/2007 - 08:03:18 | N | 81424] C:\install.res.1041.dll

[07/11/2007 - 08:03:18 | N | 79888] C:\install.res.1042.dll

[07/11/2007 - 08:03:18 | N | 75792] C:\install.res.2052.dll

[07/11/2007 - 08:03:18 | N | 96272] C:\install.res.3082.dll

[13/05/2010 - 17:45:40 | D ] C:\Intel

[13/05/2010 - 16:03:42 | N | 0] C:\IO.SYS

[09/08/2011 - 20:32:50 | D ] C:\Jogos

[09/08/2011 - 20:27:44 | D ] C:\Meus vídeos

[13/05/2010 - 16:03:42 | N | 0] C:\MSDOS.SYS

[28/05/2010 - 13:35:15 | RHD ] C:\MSOCache

[18/05/2010 - 16:41:17 | D ] C:\MyWorks

[03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM

[20/08/2010 - 19:08:17 | N | 251696] C:\ntldr

[16/01/2011 - 13:56:33 | D ] C:\Ntreev USA

[17/08/2011 - 20:58:22 | ASH | 2145386496] C:\pagefile.sys

[27/01/2011 - 08:11:56 | D ] C:\PenClean

[16/01/2011 - 14:02:01 | D ] C:\Program Files

[03/07/2011 - 09:49:27 | D ] C:\Ragnarok Online

[17/08/2011 - 21:09:57 | SHD ] C:\RECYCLER

[24/09/2010 - 17:28:11 | D ] C:\Riot Games

[04/05/2011 - 14:16:02 | D ] C:\SWSetup1

[21/07/2011 - 22:21:13 | SHD ] C:\System Volume Information

[17/08/2011 - 21:09:57 | D ] C:\UsbFix

[17/08/2011 - 21:09:58 | A | 1409] C:\UsbFix.txt

[07/11/2007 - 08:00:40 | N | 5686] C:\vcredist.bmp

[07/11/2007 - 08:09:22 | N | 1442522] C:\VC_RED.cab

[07/11/2007 - 08:12:28 | N | 232960] C:\VC_RED.MSI

[17/08/2011 - 20:46:47 | D ] C:\WINDOWS

[17/08/2011 - 20:45:28 | D ] C:\_OTS

[24/07/2011 - 14:44:23 | D ] E:\Arquivos de programas

[26/05/2011 - 14:49:07 | D ] E:\Bruno

[13/08/2011 - 16:07:55 | D ] E:\Ieda

[17/08/2011 - 21:09:57 | SHD ] E:\RECYCLER

[26/05/2011 - 16:10:11 | SHD ] E:\System Volume Information

[10/12/2010 - 09:25:40 | D ] G:\Private

[27/01/2010 - 10:10:00 | N | 67334] G:\DevIcon.fil

[27/01/2010 - 10:10:00 | N | 1579] G:\DevLogo.fil

[10/12/2010 - 07:34:30 | RSHD ] G:\RECYCLER

[10/12/2010 - 16:32:20 | D ] G:\cities

[14/08/2011 - 16:17:32 | N | 239] G:\qf

[10/12/2010 - 16:36:42 | D ] G:\Images

[11/12/2010 - 17:29:06 | D ] G:\Videos

[11/12/2010 - 17:29:06 | D ] G:\system

[13/12/2010 - 00:23:20 | D ] G:\data

[13/12/2010 - 00:23:20 | D ] G:\My Videos

[17/03/2011 - 14:22:40 | D ] G:\Nokia

[03/01/2010 - 04:34:04 | D ] G:\Ebook

[11/04/2011 - 13:59:34 | D ] G:\Attachments

[05/07/2011 - 17:16:00 | D ] G:\Sounds

[05/07/2011 - 17:16:04 | D ] G:\Others

[05/07/2011 - 17:16:04 | D ] G:\Documents

[19/11/2010 - 12:05:28 | D ] G:\Musicas

[07/07/2011 - 22:13:30 | N | 629132] G:\Guitar Hero 6.jar

[02/08/2011 - 20:13:34 | D ] G:\download

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

E:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

G:\Autorun.inf -> Vacina criada por UsbFix (TeamXscript)

################## | Upload |

Favor enviar o arquivo: C:\UsbFix_Upload_Me_DAS-86CB343315C.zip

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

################## | E.O.F |

wings · Agosto 18, 2011

Espero estar encerrando. :)

1.

Favor enviar o arquivo: C:\UsbFix_Upload_Me_DAS-86CB343315C.zip para o link abaixo:

http://www.teamxscript.org/Upload.php

Obrigado pela sua contribuição.

2.

*Remova o cartão

*Baixe o MKV e salve-o no desktop

*Execute-o e clique [supprimer la vaccination]

*Reinicie o PC

3.

*Novo log do hijack e informe se o problema foi resolvido.

juniorzin · Agosto 18, 2011

Sera que acabo? *-*

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:24:39, on 17/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrador\Meus documentos\Downloads\SoftonicDownloader_para_hijackthis.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://ww4.freeurlset.com:8083/connect.dat

O1 - Hosts: ÿþ127.0.0.1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {D1763781-8374-40BD-836A-F2E1F2600B2F}836A-F2E1F2600B2F} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Arquivos de programas\Arquivos comuns\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PlusService] C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Arquivos de programas\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Pando Media Booster] C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{43116D85-F7AE-4142-A8E1-38C709F5A91C}: NameServer = 200.204.0.10 200.204.0.138

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\SwitchBoard\SwitchBoard.exe

--

End of file - 8783 bytes

wings · Agosto 18, 2011

Ainda não...

Há um proxy.

*Baixe o OTL e salve-o no desktop

*Execute-o e selecione as opções:

[X] Verificar All Users

Exame Extra do Registro: [X] Usar SafeList

[X] Ignorar Arquivos Microsoft

[X] Usar WhiteList para Nomes de Companhias

[X] Verificar Purity

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole o código:

%SYSTEMDRIVE%\Users\*\*.*

*Clique [Verificar]

*Cole o relatório OTL.txt localizado no desktop

Caso o relatório fique demasiadamente grande...

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

juniorzin · Agosto 18, 2011

http://cjoint.com/?AHscNwB2is4

ele crio um extra.txt

que ele também?

wings · Agosto 18, 2011

1.

*Selecione e copie (Ctrl+c) o código abaixo:

:OTL

SRV - File not found [Auto | Stopped] -- -- (roieq)

SRV - File not found [Auto | Stopped] -- -- (cftsblu)

IE - HKU\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://ww4.freeurlset.com:8083/connect.dat

*Execute o OTL

*Clique no espaço abaixo de "Exames Personalizados/Correções" e cole (Ctrl+v) o código

*Clique [Consertar]

*Cole o relatório apresentado

2.

*Novo log do hijack

juniorzin · Agosto 18, 2011

========== OTL ==========

Service roieq stopped successfully!

Service roieq deleted successfully!

Service cftsblu stopped successfully!

Service cftsblu deleted successfully!

Registry value HKEY_USERS\S-1-5-21-1547161642-1177238915-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\AutoConfigURL deleted successfully.

OTL by OldTimer - Version 3.2.26.5 log created on 08172011_220312

ja coloco o log do hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:04:58, on 17/8/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\Yuna Software\Messenger Plus!\PlusService.exe

C:\Arquivos de programas\Microsoft Security Client\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe

C:\Arquivos de programas\Messenger\msmsgs.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Windows Media Player\wmplayer.exe

C:\Documents and Settings\Administrador\Desktop\HiJackThis[1].exe