Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

matmaibat

[Resolvido] &nbspAnálise de Log

Recommended Posts

Olá Amigo,

Segue os Logs:

 

 

PC Tools Spyware Doctor:

PC Tools Spyware Doctor

Date
Status
12/03/2011 00:55:05:302	
Serviço Iniciado
Aplicações de Serviço do Spyware Doctor iniciadas
12/03/2011 00:55:05:303	
Mecanismo Antimalware
Configuração do mecanismo antimalware carregada com sucesso.
12/03/2011 00:55:12:934	
Verificação Iniciada
Tipo de Verificação - Intelli-Scan
12/03/2011 00:55:26:521	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:55:26:521	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:55:26:522	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:55:26:522	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:55:26:523	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:55:26:523	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:55:27:568	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:55:27:570	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:55:27:570	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:55:27:571	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:55:27:573	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:55:27:574	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:55:27:575	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:55:27:575	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:55:43:495	
Verificação Concluída
Tipo de Verificação - Intelli-Scan
Itens Processados - 264068
Ameaças Detectadas - 2
Infecções Detectadas - 14
Infecções Ignoradas - 0
12/03/2011 00:55:44:832	
Status do IntelliGuard
Todos os IntelliGuards foram Ativados
12/03/2011 00:55:51:789	
Resultados do Immunizer
A seção do ActiveX foi imunizada. Itens 5113 processados.
12/03/2011 00:57:02:508	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:57:02:513	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:57:02:518	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:57:02:523	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:57:02:525	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:57:02:526	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:57:02:602	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:57:02:603	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:57:02:604	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:57:02:605	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:57:02:605	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:57:02:606	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:57:02:721	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:57:02:726	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:57:02:731	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:57:02:735	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:57:02:738	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:57:02:741	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:57:02:744	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:57:02:747	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:57:02:855	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:57:02:856	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:57:02:856	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:57:02:857	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:57:02:859	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:57:02:860	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:57:02:861	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:57:02:861	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:57:04:901	
Resumo de Infecções em Quarentena/Removidas
Quarentena - 14
Falha na Quarentena - 0
Removido - 14
Falha na Remoção - 0
12/03/2011 00:57:28:841	
Verificação Iniciada
Tipo de Verificação - Verificação Completa
12/03/2011 00:58:13:377	
Verificação Concluída
Tipo de Verificação - Verificação Completa
Itens Processados - 83010
Ameaças Detectadas - 0
Infecções Detectadas - 0
Infecções Ignoradas - 0
12/03/2011 00:59:23:206	
Verificação Iniciada
Tipo de Verificação - Intelli-Scan
12/03/2011 00:59:48:521	
Verificação Concluída
Tipo de Verificação - Intelli-Scan
Itens Processados - 264049
Ameaças Detectadas - 0
Infecções Detectadas - 0
Infecções Ignoradas - 0

 

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:01:22, on 12/03/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marco Antonio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2905346
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus BR - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - Startup: Typle.lnk = C:\Program Files (x86)\Typle2.0v\Typle.exe
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12684 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Amigo,

Segue os Logs:

 

 

PC Tools Spyware Doctor:

PC Tools Spyware Doctor

Date
Status
12/03/2011 00:55:05:302	
Serviço Iniciado
Aplicações de Serviço do Spyware Doctor iniciadas
12/03/2011 00:55:05:303	
Mecanismo Antimalware
Configuração do mecanismo antimalware carregada com sucesso.
12/03/2011 00:55:12:934	
Verificação Iniciada
Tipo de Verificação - Intelli-Scan
12/03/2011 00:55:26:521	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:55:26:521	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:55:26:522	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:55:26:522	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:55:26:523	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:55:26:523	
Detectada uma infecção neste computador
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:55:27:568	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:55:27:570	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:55:27:570	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:55:27:571	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:55:27:573	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:55:27:574	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:55:27:575	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:55:27:575	
Detectada uma infecção neste computador
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:55:43:495	
Verificação Concluída
Tipo de Verificação - Intelli-Scan
Itens Processados - 264068
Ameaças Detectadas - 2
Infecções Detectadas - 14
Infecções Ignoradas - 0
12/03/2011 00:55:44:832	
Status do IntelliGuard
Todos os IntelliGuards foram Ativados
12/03/2011 00:55:51:789	
Resultados do Immunizer
A seção do ActiveX foi imunizada. Itens 5113 processados.
12/03/2011 00:57:02:508	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:57:02:513	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:57:02:518	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:57:02:523	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:57:02:525	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:57:02:526	
Infecção em quarentena
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:57:02:602	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
12/03/2011 00:57:02:603	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
12/03/2011 00:57:02:604	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
12/03/2011 00:57:02:605	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
12/03/2011 00:57:02:605	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
12/03/2011 00:57:02:606	
Infecção excluída
Nome da Ameaça - Trojan-Downloader.Murlo
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
12/03/2011 00:57:02:721	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:57:02:726	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:57:02:731	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:57:02:735	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:57:02:738	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:57:02:741	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:57:02:744	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:57:02:747	
Infecção em quarentena
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:57:02:855	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents
12/03/2011 00:57:02:856	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid
12/03/2011 00:57:02:856	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents\Clsid, (Default)
12/03/2011 00:57:02:857	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.IEEvents, (Default)
12/03/2011 00:57:02:859	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers
12/03/2011 00:57:02:860	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Chave de Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid
12/03/2011 00:57:02:861	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers\Clsid, (Default)
12/03/2011 00:57:02:861	
Infecção excluída
Nome da Ameaça - Adware.MediaMotor
Tipo - Valor do Registro
Nível de Risco - Alto
Infecção - HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\IEMonitor.cBrowsers, (Default)
12/03/2011 00:57:04:901	
Resumo de Infecções em Quarentena/Removidas
Quarentena - 14
Falha na Quarentena - 0
Removido - 14
Falha na Remoção - 0
12/03/2011 00:57:28:841	
Verificação Iniciada
Tipo de Verificação - Verificação Completa
12/03/2011 00:58:13:377	
Verificação Concluída
Tipo de Verificação - Verificação Completa
Itens Processados - 83010
Ameaças Detectadas - 0
Infecções Detectadas - 0
Infecções Ignoradas - 0
12/03/2011 00:59:23:206	
Verificação Iniciada
Tipo de Verificação - Intelli-Scan
12/03/2011 00:59:48:521	
Verificação Concluída
Tipo de Verificação - Intelli-Scan
Itens Processados - 264049
Ameaças Detectadas - 0
Infecções Detectadas - 0
Infecções Ignoradas - 0

 

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:01:22, on 12/03/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marco Antonio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2905346
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O1 - Hosts: 255.255.255.255 easyanticheat.se # misleading site
O1 - Hosts: 255.255.255.255 www.easyanticheat.se # misleading site
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus BR - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sony Ericsson PC Companion] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - Startup: Typle.lnk = C:\Program Files (x86)\Typle2.0v\Typle.exe
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12684 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:) Mais itens foram removidos pelo Spyware Doctor.

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2905346

 

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

__________________________

 

:seta: Siga também esta dica:

 

Tutorial do Dr. Web CureIt

 

Na sua próxima resposta poste este log do Dr. Web CureIt juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Amigo, estou com problema no scan.

depois de um certo tempo ele não consegue ler uma parte da memoria e cancela o scan.

obrigado.

:seta: Tente fazer o escaneamento com o Dr. Web no modo seguro do Windows e veja se é possível.

 

Se mesmo no modo seguro não for possível, siga esta outra dica:

 

Tutorial do antivírus BitDefender Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Windows\BDOSCAN8\bdoscan.log

 

Na sua próxima resposta poste este log do BitDefender Online juntamente com um novo log do Hijackthis e nos diga, por gentileza, como está o seu PC após seguir este procedimento.

 

Ficamos no aguardo de sua resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola amigo, está sem condições de usar o dr.web ele so funciona em modo de segurança, demora mais de 10h pra acabar o scan e se eu deixar de noite qd ele acha um virus ele trava pois pede pra eu decidir o que fazer com ele.

mais segue o relatorio do bitdefender:

 

QuickScan Beta:

QuickScan Beta 32-bit v0.9.9.77
-------------------------------
Scan date:  Fri Mar 18 16:30:51 2011
Machine ID: D22AAB5B



Found 1 infected file!
----------------------

C:\Program Files (x86)\Warcraft III\DreamLoader.dll --> Trojan.Generic.5112739
 --> Process war3.exe (4716)



Processes
---------
(unsigned)  DAODx.exe                                3304    C:\Windows\DAODx.exe
(unsigned)  Warcraft III                             4716    C:\Program Files (x86)\Warcraft III\war3.exe

(verified)  AntiVir Desktop                          3192    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified)  AntiVir Desktop                          2008    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(verified)  AntiVir Desktop                          2060    C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(verified)  AntiVir Desktop                          3252    C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(verified)  AntiVir Desktop                          1656    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(verified)  Bing Bar                                 2268    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(verified)  Google Chrome                            4708    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified)  Google Chrome                            4928    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified)  Google Chrome                            5020    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified)  Google Chrome                            5832    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(verified)  mysqld.exe                               1228    C:\Program Files (x86)\MySQL\MySQL Server 6.0\bin\mysqld.exe
(verified)  PC Tools Auxiliary Service               2128    C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
(verified)  PC Tools GUI Application                 5536    C:\Program Files (x86)\Spyware Doctor\pctsGui.exe
(verified)  PC Tools Security Service                2180    C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
(verified)  PC Tools Tray Application                2280    C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
(verified)  PnkBstrA.exe                             1812    C:\Windows\SysWOW64\PnkBstrA.exe
(verified)  PnkBstrB.exe                             1496    C:\Windows\SysWOW64\PnkBstrB.exe
(verified)  Registry Monitor                         3688    C:\Windows\PixArt\PAC7302\Monitor.exe
(verified)  Sistema Operacional Microsoft® Windows®  2136    C:\Windows\SysWOW64\rundll32.exe
(verified)  TeamViewer                               2424    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
(verified)  USB 3.0 Monitor                          1000    C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(verified)  Windows Live Communications Platform      128    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(verified)  Windows Live Messenger                   6064    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Network activity
----------------
Process wlcomm.exe (128) connected on port 1863 (MSN) --> 64.4.61.171
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.104
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 443 (HTTP over SSL) --> 72.14.204.104
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.104
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 72.14.204.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.245.162.35
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.245.162.35
Process chrome.exe (4928) connected on port 80 (HTTP) --> 66.220.149.29
Process chrome.exe (4928) connected on port 80 (HTTP) --> 66.220.149.29
Process chrome.exe (4928) connected on port 80 (HTTP) --> 74.125.115.100
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.188.136.148
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.188.136.148
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.188.136.148
Process chrome.exe (4928) connected on port 80 (HTTP) --> 204.188.136.148
Process chrome.exe (4928) connected on port 80 (HTTP) --> 69.171.224.39
Process chrome.exe (4928) connected on port 80 (HTTP) --> 69.171.224.39
Process chrome.exe (4928) connected on port 80 (HTTP) --> 66.235.142.57

Process mysqld.exe (1228) listens on ports: 3306 (MySQL)
Process war3.exe (4716) listens on ports: 6112 (Battle.net)


Autoruns and critical files
---------------------------
(unsigned)  Application                              C:\Program Files (x86)\Google\Chrome\Application
(unsigned)  QuickTime                                C:\Program Files (x86)\QuickTime\QTTask.exe

(verified)  AntiVir Desktop                          C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified)  Google Update                            C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified)  PC Tools Tray Application                C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
(verified)  Sistema Operacional Microsoft® Windows®  c:\windows\system32\userinit.exe
(verified)  USB 3.0 Monitor                          C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(verified)  Windows Live Messenger                   C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(verified)  Windows® Internet Explorer               c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
(unsigned)  Java(TM) Platform SE 6 U22               C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned)  Media Go Detector                        C:\Program Files (x86)\Sony\Media Go\npmediago.dll
(unsigned)  Mega Manager IE Click Catcher            c:\program files (x86)\megaupload\mega manager\megaiemn.dll

(verified)  AcroIEHelperShim Library                 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified)  bdoscandel.exe                           C:\Windows\bdoscandel.exe
(verified)  bdscanonline                             C:\Windows\Downloaded Program Files\oscan82.ocx
(verified)  BitDefender QuickScan                    C:\Users\Marco Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.78_0\npqscan.dll
(verified)  Conduit Toolbar                          c:\program files (x86)\messenger_plus_br\prxtbmess.dll
(verified)  Flash® Player Installer/Uninstaller      C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified)  GanymedeNet.Detector                     C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll
(verified)  Google Toolbar for Internet Explorer     c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
(verified)  Google Update                            C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified)  GoogleToolbarNotifier                    c:\program files (x86)\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.dll
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\dwusplay.exe
(verified)  InstallShield Update Service             C:\Windows\Downloaded Program Files\isusweb.dll
(verified)  ipsupd.dll                               C:\Windows\Downloaded Program Files\ipsupd.dll
(verified)  Java(TM) Platform SE 6 U22               c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified)  Java(TM) Platform SE 6 U22               c:\program files (x86)\java\jre6\bin\ssv.dll
(verified)  McAfee SiteAdvisor                       c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
(verified)  Microsoft® CoReXT                        c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified)  Microsoft® CoReXT                        C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
(verified)  Microsoft® Windows® Operating System     C:\Windows\system32\NLAapi.dll
(verified)  Microsoft® Windows® Operating System     C:\Windows\System32\winrnr.dll
(verified)  Pando Web Plugin                         C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
(verified)  Silverlight Plug-In                      c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
(verified)  Sistema Operacional Microsoft® Windows®  C:\Windows\System32\mswsock.dll
(verified)  Sistema Operacional Microsoft® Windows®  C:\Windows\system32\napinsp.dll
(verified)  Sistema Operacional Microsoft® Windows®  C:\Windows\system32\pnrpnsp.dll
(verified)  Skype Toolbars                           c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
(verified)  Symantec Security Check                  C:\Windows\Downloaded Program Files\rufsi.dll
(verified)  Windows Live Messenger Companion         c:\program files (x86)\windows live\companion\companioncore.dll
(verified)  Windows Live™ Photo Gallery              C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified)  Windows® Internet Explorer               C:\Windows\SysWOW64\ieframe.dll


Missing files
-------------
File not found: "c:\program files (x86)\microsoft\bingbar\bingext.dll"
 --> HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\InprocServer32\"(default)"
 --> HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\InprocServer32\"(default)"


Scan
----
(unsigned)  MD5: afff0fff53ae04747c340868ab1cfa27  C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll
(unsigned)  MD5: ee0477f95aaf614c5cb14f324ca48c3d  C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll
(unsigned)  MD5: e567556d03a0b22b21eef77879de5dd4  C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll
(unsigned)  MD5: 3bcdffbf6f488524abb81c9af96ee18f  C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll
(unsigned)  MD5: 36c8a0c6b94dfcac251c47a15b36911e  C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
(unsigned)  MD5: 424eaa2bee337c4152850e3753aa4fdf  C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll
(unsigned)  MD5: 21f8d04c3f8d0895d195903d337e68df  C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll
(unsigned)  MD5: 550bfbf0aa0e45374c2c122663adb1e8  C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll
(unsigned)  MD5: bd8e5b4b16db2a53709ea74df7b22282  C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll
(unsigned)  MD5: 864e4cec9f60c25a8a93ad3784da2e64  C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll
(unsigned)  MD5: 1bee87a4dcfea2bd0bfd5dd6a9998bc1  C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll
(unsigned)  MD5: 9d56d808efff44645801c4fa9699cc9e  C:\Program Files (x86)\Avira\AntiVir Desktop\avarkt.dll
(unsigned)  MD5: dc4075c135ef78f6bc8674bb4c87e0b5  C:\Program Files (x86)\Avira\AntiVir Desktop\avgio.dll
(unsigned)  MD5: c33cae84f54bba013761f158f5afd344  C:\Program Files (x86)\Avira\AntiVir Desktop\avreg.dll
(unsigned)  MD5: 509e3090ec3d291c2626384eead5ffb6  C:\Program Files (x86)\Avira\AntiVir Desktop\avscplr.dll
(unsigned)  MD5: 63511764a4466d22f8abf522b7f297d3  C:\Program Files (x86)\Avira\AntiVir Desktop\ccavscanex.dll
(unsigned)  MD5: 24839c20b147e454203c64dd18801e23  C:\Program Files (x86)\Avira\AntiVir Desktop\ccavscanexrc.dll
(unsigned)  MD5: 7488bce9f9c852f0931d29b0d76292bd  C:\Program Files (x86)\Avira\AntiVir Desktop\ccgen.dll
(unsigned)  MD5: e65e277c50bd5967b5e92c7744dba7bc  C:\Program Files (x86)\Avira\AntiVir Desktop\ccguard.dll
(unsigned)  MD5: 54ceee9d7aa46f3311d247bf57bbee36  C:\Program Files (x86)\Avira\AntiVir Desktop\cclic.dll
(unsigned)  MD5: 400ab97179f05ba68b755d8971f262f2  C:\Program Files (x86)\Avira\AntiVir Desktop\ccmsg.dll
(unsigned)  MD5: 7d541c5e5cdfb46d68ac60012c5d7acd  C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdate.dll
(unsigned)  MD5: 47766f6b79a25af04ed3f6f2b02aa4cb  C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
(unsigned)  MD5: 690d275ff0a963902086d3af38d0f5dd  C:\Program Files (x86)\Avira\AntiVir Desktop\extdlgfw.dll
(unsigned)  MD5: 06da96b54ef94dee0bfa8912e0da7427  C:\Program Files (x86)\Avira\AntiVir Desktop\luke.dll
(unsigned)  MD5: 7464c6694036b42ba237eb723a34d0f4  C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
(unsigned)  MD5: ba23a50231538321fdfab8dadcfaffb2  C:\Program Files (x86)\Garena\dlls\WC3J.dll
(unsigned)  MD5: ad1ab19a95fc2b0d0db580fe86da713b  C:\Program Files (x86)\Garena\War3Hook.dll
(unsigned)  MD5: 3ed8e561044723c6039a8a20a3ae60cc  C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned)  MD5: 37b6a2d134c725e1f8acbc77f39f0ef4  c:\program files (x86)\megaupload\mega manager\megaiemn.dll
(unsigned)  MD5: 0aee5668eb59912f32ff245bfa72465f  C:\Program Files (x86)\QuickTime\QTTask.exe
(unsigned)  MD5: a52cf2bd90c36c10155c1a0f93b52e7e  C:\Program Files (x86)\Sony\Media Go\npmediago.dll
(unsigned)  MD5: e25fa0f42cabf854f1c3126ec902f01e  C:\Program Files (x86)\Warcraft III\Dream_Dota.dll
(unsigned)  MD5: 6b6265b173753aaab695da848283af39  C:\Program Files (x86)\Warcraft III\Dream_Loader.dll
(unsigned)  MD5: 43d13110e03253736fe22df4a0546b66  C:\Program Files (x86)\Warcraft III\DreamLoader.dll
(unsigned)  MD5: 047344f31d198bdd42dd2d37279ca9cb  C:\Program Files (x86)\Warcraft III\game.dll
(unsigned)  MD5: 1aa06c81a0621e277e755b965b5e4b5f  C:\Program Files (x86)\Warcraft III\ijl15.dll
(unsigned)  MD5: bb1defb5c29144511d344bcb88349269  C:\Program Files (x86)\Warcraft III\Mss32.dll
(unsigned)  MD5: 619a6224216b515fd0b9bc9a0ed829f5  C:\Program Files (x86)\Warcraft III\redist\miles\Mp3dec.asi
(unsigned)  MD5: 70d5832a3035fd160c39d92bb2b2a859  C:\Program Files (x86)\Warcraft III\redist\miles\Mssdolby.m3d
(unsigned)  MD5: 4cee323703a165fa508d61b4a793a4e7  C:\Program Files (x86)\Warcraft III\redist\miles\Msseax2.m3d
(unsigned)  MD5: a4904cb4f66b4e363787eb38fef3d7cb  C:\Program Files (x86)\Warcraft III\redist\miles\Mssfast.m3d
(unsigned)  MD5: a021dc07920c74ec096e98b01540517a  C:\Program Files (x86)\Warcraft III\redist\miles\Reverb3.flt
(unsigned)  MD5: 67fb8e4d0c1251dbb2c5b73d19b7e70b  C:\Program Files (x86)\Warcraft III\Storm.dll
(unsigned)  MD5: ebc2e03f095a4a4a12bd47d3679b7fe1  C:\Program Files (x86)\Warcraft III\war3.exe
(unsigned)  MD5: 44f9af438aec0a2615b32b551686586d  C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll
(unsigned)  MD5: 7861b395e3c4f623f432c9d8c47fb083  C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusLive.dll
(unsigned)  MD5: f13c8e46f1fbb62074ef44d9f98bdcba  C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusRes.dll
(unsigned)  MD5: f53d581348c6cb5dfe9d90c0466e7230  C:\Users\Marco Antonio\Desktop\DATA\DLL\RuneNotifier.dll
(unsigned)  MD5: 53ea061ecc67223a430f153c3682ad54  c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
(unsigned)  MD5: 6954474ce8d7c32918cf3448160f8dfc  C:\Windows\DAODx.exe
(unsigned)  MD5: ea54fcfe07006a7ea0b289b07f26e074  C:\Windows\system32\GameMon.des

The following file(s) must be uploaded for server-side scanning:
 C:\Program Files (x86)\Warcraft III\war3.exe

Upload started - 1 file(s)
 war3.exe (487424)
Upload speed - 34 KB/s
Upload finished - 1 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 15 sec
Total traffic - 0.51 MB sent, 0.37 KB recvd
Scanned 946 files and modules - 111 seconds

==============================================================================

 

 

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:26, on 18/03/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\DAODx.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marco Antonio\Desktop\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus BR - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12592 bytes

 

 

Avira AntiVir Personal:


Avira AntiVir Personal
Report file date: sexta-feira, 18 de março de 2011  14:04

Scanning for 2499944 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - FREE Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 x64
Windows version : (plain)  [6.1.7600]
Boot mode       : Normally booted
Username        : SISTEMA
Computer name   : MATHEUS-PC

Version information:
BUILD.DAT       : 10.0.0.635     31822 Bytes  07/03/2011 12:15:00
AVSCAN.EXE      : 10.0.3.5      435368 Bytes  10/01/2011 17:23:31
AVSCAN.DLL      : 10.0.3.0       46440 Bytes  01/04/2010 15:57:04
LUKE.DLL        : 10.0.3.2      104296 Bytes  10/01/2011 17:23:40
LUKERES.DLL     : 10.0.0.1       12648 Bytes  11/02/2010 02:40:49
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06/11/2009 12:05:36
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14/12/2010 17:23:50
VBASE002.VDF    : 7.11.3.0     1950720 Bytes  09/02/2011 00:09:26
VBASE003.VDF    : 7.11.3.1        2048 Bytes  09/02/2011 00:09:27
VBASE004.VDF    : 7.11.3.2        2048 Bytes  09/02/2011 00:09:27
VBASE005.VDF    : 7.11.3.3        2048 Bytes  09/02/2011 00:09:28
VBASE006.VDF    : 7.11.3.4        2048 Bytes  09/02/2011 00:09:28
VBASE007.VDF    : 7.11.3.5        2048 Bytes  09/02/2011 00:09:29
VBASE008.VDF    : 7.11.3.6        2048 Bytes  09/02/2011 00:09:29
VBASE009.VDF    : 7.11.3.7        2048 Bytes  09/02/2011 00:09:30
VBASE010.VDF    : 7.11.3.8        2048 Bytes  09/02/2011 00:09:30
VBASE011.VDF    : 7.11.3.9        2048 Bytes  09/02/2011 00:09:31
VBASE012.VDF    : 7.11.3.10       2048 Bytes  09/02/2011 00:09:31
VBASE013.VDF    : 7.11.3.59     157184 Bytes  14/02/2011 00:09:43
VBASE014.VDF    : 7.11.3.97     120320 Bytes  16/02/2011 00:09:47
VBASE015.VDF    : 7.11.3.148    128000 Bytes  19/02/2011 00:09:49
VBASE016.VDF    : 7.11.3.183    140288 Bytes  22/02/2011 00:09:53
VBASE017.VDF    : 7.11.3.216    124416 Bytes  24/02/2011 00:09:56
VBASE018.VDF    : 7.11.3.251    159232 Bytes  28/02/2011 00:10:03
VBASE019.VDF    : 7.11.4.33     148992 Bytes  02/03/2011 00:10:05
VBASE020.VDF    : 7.11.4.73     150016 Bytes  06/03/2011 00:10:07
VBASE021.VDF    : 7.11.4.108    122880 Bytes  08/03/2011 00:10:11
VBASE022.VDF    : 7.11.4.150    133120 Bytes  10/03/2011 02:02:42
VBASE023.VDF    : 7.11.4.183    122368 Bytes  14/03/2011 02:04:01
VBASE024.VDF    : 7.11.4.228    123392 Bytes  16/03/2011 20:52:52
VBASE025.VDF    : 7.11.4.229      2048 Bytes  16/03/2011 20:52:52
VBASE026.VDF    : 7.11.4.230      2048 Bytes  16/03/2011 20:52:52
VBASE027.VDF    : 7.11.4.231      2048 Bytes  16/03/2011 20:52:53
VBASE028.VDF    : 7.11.4.232      2048 Bytes  16/03/2011 20:52:53
VBASE029.VDF    : 7.11.4.233      2048 Bytes  16/03/2011 20:52:53
VBASE030.VDF    : 7.11.4.234      2048 Bytes  16/03/2011 20:52:53
VBASE031.VDF    : 7.11.4.248     43008 Bytes  17/03/2011 20:52:55
Engineversion   : 8.2.4.188 
AEVDF.DLL       : 8.1.2.1       106868 Bytes  10/01/2011 17:23:26
AESCRIPT.DLL    : 8.1.3.57     1261947 Bytes  17/03/2011 20:53:08
AESCN.DLL       : 8.1.7.2       127349 Bytes  10/01/2011 17:23:26
AESBX.DLL       : 8.1.3.2       254324 Bytes  10/01/2011 17:23:26
AERDL.DLL       : 8.1.9.8       639346 Bytes  15/03/2011 02:04:27
AEPACK.DLL      : 8.2.4.12      520567 Bytes  15/03/2011 02:04:23
AEOFFICE.DLL    : 8.1.1.17      205177 Bytes  10/03/2011 00:10:49
AEHEUR.DLL      : 8.1.2.87     3371383 Bytes  17/03/2011 20:53:06
AEHELP.DLL      : 8.1.16.1      246134 Bytes  10/03/2011 00:10:27
AEGEN.DLL       : 8.1.5.3       397684 Bytes  17/03/2011 20:52:59
AEEMU.DLL       : 8.1.3.0       393589 Bytes  10/01/2011 17:23:18
AECORE.DLL      : 8.1.19.2      196983 Bytes  10/03/2011 00:10:21
AEBB.DLL        : 8.1.1.0        53618 Bytes  10/01/2011 17:23:18
AVWINLL.DLL     : 10.0.0.0       19304 Bytes  10/01/2011 17:23:32
AVPREF.DLL      : 10.0.0.0       44904 Bytes  10/01/2011 17:23:30
AVREP.DLL       : 10.0.0.8       62209 Bytes  17/06/2010 17:27:13
AVREG.DLL       : 10.0.3.2       53096 Bytes  10/01/2011 17:23:31
AVSCPLR.DLL     : 10.0.3.2       84328 Bytes  10/01/2011 17:23:31
AVARKT.DLL      : 10.0.22.6     231784 Bytes  10/01/2011 17:23:27
AVEVTLOG.DLL    : 10.0.0.8      203112 Bytes  10/01/2011 17:23:28
SQLITE3.DLL     : 3.6.19.0      355688 Bytes  17/06/2010 17:27:22
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  10/01/2011 17:23:31
NETNT.DLL       : 10.0.0.0       11624 Bytes  17/06/2010 17:27:21
RCIMAGE.DLL     : 10.0.0.26    2550120 Bytes  28/01/2010 16:10:20
RCTEXT.DLL      : 10.0.58.0      97128 Bytes  10/01/2011 17:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: sexta-feira, 18 de março de 2011  14:04

Starting search for hidden objects.
HKEY_USERS\S-1-5-21-57599344-4116369096-1785428274-1000\Software\Microsoft\MSNMessenger\SQM\canary
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\wmploc.dll,-128
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\themeui.dll,-2682
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\unregmp2.exe,-4
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\ehome\ehres.dll,-100
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\devicecenter.dll,-1000
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\explorer.exe,-7021
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\oobefldr.dll,-110
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\oobefldr.dll,-112
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\program files\windows sidebar\sidebar.exe,-1005
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\fxsresm.dll,-114
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\progra~2\wic4a1~1\photog~1\moviem~2.dll,-1131
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\progra~2\wic4a1~1\photog~1\wl09bb~1.dll,-3098
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\xpsrchvw.exe,-102
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\networkexplorer.dll,-1
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10060
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10101
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10058
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10061
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10059
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10209
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10055
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10057
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10103
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10056
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10054
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@gameux.dll,-10102
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\notepad.exe,-469
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@sendmail.dll,-21
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@zipfldr.dll,-10148
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@sendmail.dll,-4
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\windows\system32\fxsresm.dll,-120
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\program files (x86)\common files\system\wab32res.dll,-10100
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@ieframe.dll,-12512
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\program files (x86)\windows live\companion\companionlang.dll,-600
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1004
   [NOTE]      The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\D3\96383CDB\@c:\program files (x86)\windows live\writer\windowslivewritershortcuts.dll,-1003
   [NOTE]      The registry entry is invisible.
C:\Program Files\Common Files\Microsoft Shared\Windows Live
C:\Program Files\Common Files\Microsoft Shared\Windows Live
   [NOTE]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\offlinedetectionpending
   [NOTE]      The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows Search\Tracing\EventThrottleState\000003f5
   [NOTE]      The registry entry is invisible.
c:\program files (x86)\spyware doctor\uminject64.exe
c:\program files (x86)\spyware doctor\uminject64.exe
   [NOTE]      The process is not visible.
c:\program files (x86)\spyware doctor\uminject64.exe

The scan of running processes will be started
Scan process 'war3.exe' - '103' Module(s) have been scanned
Scan process 'Garena.exe' - '170' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avscan.exe' - '31' Module(s) have been scanned
Scan process 'avcenter.exe' - '95' Module(s) have been scanned
Scan process 'wlcomm.exe' - '109' Module(s) have been scanned
Scan process 'skypePM.exe' - '66' Module(s) have been scanned
Scan process 'Skype.exe' - '167' Module(s) have been scanned
Scan process 'avgnt.exe' - '71' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '210' Module(s) have been scanned
Scan process 'Monitor.exe' - '31' Module(s) have been scanned
Scan process 'DAODx.exe' - '23' Module(s) have been scanned
Scan process 'TeamViewer_Service.exe' - '80' Module(s) have been scanned
Scan process 'pctsTray.exe' - '74' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '51' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '144' Module(s) have been scanned
Scan process 'rundll32.exe' - '35' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '38' Module(s) have been scanned
Scan process 'PnkBstrB.exe' - '35' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '32' Module(s) have been scanned
Scan process 'mysqld.exe' - '35' Module(s) have been scanned
Scan process 'avguard.exe' - '72' Module(s) have been scanned
Scan process 'sched.exe' - '50' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
   [iNFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
   [iNFO]      No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '153' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files (x86)\Warcraft III\DreamLoader.dll
   [DETECTION] Is the TR/Black.Gen2 Trojan
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\13d3a3c3-4992ac4f
[0] Archive type: ZIP
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
--> adobeflash.class
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\47acfba0-3239c90f
[0] Archive type: ZIP
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
--> adobeflash.class
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\13de6a2a-405bc364
[0] Archive type: ZIP
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
--> adobeflash.class
 [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus

Beginning disinfection:
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\13de6a2a-405bc364
   [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
   [NOTE]      The file was moved to the quarantine directory under the name '48f539ee.qua'.
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\47acfba0-3239c90f
   [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
   [NOTE]      The file was moved to the quarantine directory under the name '50611645.qua'.
C:\Users\Marco Antonio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\13d3a3c3-4992ac4f
   [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.E Java virus
   [NOTE]      The file was moved to the quarantine directory under the name '023d4ca1.qua'.
C:\Program Files (x86)\Warcraft III\DreamLoader.dll
   [DETECTION] Is the TR/Black.Gen2 Trojan
   [WARNING]   The file was ignored!


End of the scan: sexta-feira, 18 de março de 2011  14:57
Used time: 33:41 Minute(s)

The scan has been canceled!

 13977 Scanned directories
622978 Files were scanned
     4 Viruses and/or unwanted programs were found
     0 Files were classified as suspicious
     0 files were deleted
     0 Viruses and unwanted programs were repaired
     3 Files were moved to quarantine
     0 Files were renamed
     0 Files cannot be scanned
622974 Files not concerned
  3550 Archives were scanned
     1 Warnings
     3 Notes
555945 Objects were scanned with rootkit scan
    42 Hidden objects were found

Compartilhar este post


Link para o post
Compartilhar em outros sites
segue o relatorio do bitdefender:

 

Found 1 infected file!

----------------------

 

C:\Program Files (x86)\Warcraft III\DreamLoader.dll --> Trojan.Generic.5112739

--> Process war3.exe (4716)

:!: Este arquivo é o mesmo detectado pelo Avira e que havia sido ignorado durante o escaneamento. Seria importante exclui-lo.

____________________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

 

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

____________________________

 

log do Avira AntiVir Personal:

End of the scan: sexta-feira, 18 de março de 2011 14:57

Used time: 33:41 Minute(s)

 

The scan has been canceled!

O escaneamento do Avira foi cancelado antes de terminar, seria muito importante deixá-lo ir até o fim. Depois de completá-lo poste este novo log do Avira juntamente com um novo log do Hijackthis e nos diga como está seu PC depois disto.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom quanto ao avira eu fiz um segundo logo depois e ele só detectou o dream dota como sempre

 

Segue o log:

 

HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:42:19, on 20/03/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Program Files (x86)\Spyware Doctor\pctsTray.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Garena\Garena.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marco Antonio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus BR - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iSTray] "C:\Program Files (x86)\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12182 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Obs: Se o seu computador ficar lento depois da instalação do Spyware Doctor, clique com o botão do mouse sobre o ícone do Spyware Doctor na barra de tarefas (ao lado do relógio do Windows) e escolha a opção Sair. Aparecerá uma mensagem perguntando se você tem certeza de que deseja fechar o Spyware Doctor, clique em Ok.

 

Aí quando você quizer utilizar novamente o Spyware Doctor é só você ir no menu: Iniciar --> Todos os programas --> Spyware Doctor --> Spyware Doctor.

 

E depois de utilizá-lo basta você realizar o procedimento descrito acima para desativá-lo novamente. Ou caso não queira mais usá-lo, você pode também desinstalá-lo.

_______________________

 

:seta: Como está seu PC atualmente?

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Vá em Iniciar --> Executar --> Digite (ou copie e cole) Combofix /uninstall --> Clique OK.

 

92674490.jpg

 

<@> Abrir-se-á a seguinte janela: ( Abrir arquivo - Aviso de Segurança )

<@> Clique em Executar --> Aguarde!

<@> Surgirá, finalmente,a mensagem: "ComboFix está desinstalado" --> Clique OK.

<@> Caso encontre, apague: C:\ComboFix <-- A pasta! + C:\ComboFix.txt <-- Relatório!

<@> Ou, vá em Iniciar --> Executar --> Digite ou cole:

 

"%userprofile%\desktop\combofix" /uninstall

 

<@> Clique OK.

_______________________

 

:seta: Abra o Ad-Remover > clique em Uninstall > Clique em Não > clique em Close.

__________________________

 

:seta: Pode remover o Dr. Web CureIt e o Norman também.

__________________________

 

:seta: Instale estes programas e use-os agora e semanalmente para fazer uma limpeza do seu PC e para deixá-lo mais eficiente e otimizado:

 

Ccleaner

 

Auslogics Disk Defrag

 

SpywareBlaster

_________________________

 

:seta: Para evitar que os virus voltem, desative e ative novamente a restauração do sistema.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico reaberto a pedido do autor do mesmo

_______________________

 

:) Olá matmaibat!

 

:seta: Poste um novo log do Hijackthis para ser analizado, por gentileza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá amigo,

Eu estava notando meu computador lento, principalmente quado eu iniciava o mesmo, demorava bastante tempo e depois de carregar tudo ai ele ficava rapido.

Comecei a tirar um bando de coisas, desinstalar alguns programas instalados ai em cima, como os que vocÊ me sugerio a desinstalar.

Agora está mais rapido, desinstalei jogos e etc.

Acredito que não seja mais virus como eu estava pensando anteriormente mais vou postar o log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:36, on 21/04/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8080.16413)
Boot mode: Normal

Running processes:
C:\Windows\DAODx.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Megaupload\Mega Manager\MegaManager.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marco Antonio\Documents\Segurança , Malware e Programas\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=d22aab5b00000000000020cf3048ed38&tlver=1.4.19.19&affID=17160
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=d22aab5b00000000000020cf3048ed38&tlver=1.4.19.19&affID=17160
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Messenger Plus BR - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Messenger Plus BR Toolbar - {1d80d668-2160-46a2-b3a7-e166795b0b28} - C:\Program Files (x86)\Messenger_Plus_BR\prxtbMess.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files (x86)\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{175245D4-FA35-4BAF-8A9C-A9B0F3967531}: NameServer = 156.154.70.25,156.154.71.25
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13236 bytes

 

quando ao : Auslogics Disk Defrag gostaria de saber se ele é melhor do que ja vem com o Windows seven? obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
quando ao : Auslogics Disk Defrag gostaria de saber se ele é melhor do que ja vem com o Windows seven?

:) Os dois são bons, aí vai mais de acordo com a preferência de cada pessoa. Mas se você quiser, pode alternar: uma vez você usa o Auslogics, outra vez usa o do Windows, e assim por diante.

_______________________

 

:seta: Abra o HijackThis, clique em Do a system scan only, marque as entradas abaixo e clique em Fix checked:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=d22aab5b00000000000020cf3048ed38& tlver=1.4.19.19&affID=17160

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=d22aab5b000000000 00020cf3048ed38&tlver=1.4.19.19&affID=17160

_____________________

 

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________

 

:seta: Há várias toolbars (barras de ferramentas) instaladas em seu PC que podem deixar a navegação mais lenta e com problemas. Sugiro que desinstale todas as toolbars que você não precise no seu dia-a-dia.

________________________

 

:seta: Se você quiser fazer um escaneamento mais detalhado para termos mais certeza de que seu PC está limpo, siga esta dica abaixo:

 

Tutorial do Kaspersky Virus Removal Tool

 

Na sua próxima resposta poste este log do Kaspersky Virus Removal Tool juntamente com um novo log do Hijackthis e nos diga como está o seu Pc depois disto.

 

Ficamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa amigo,

 

Já fiz o do hijackthis, estou em duvida em o que deixar iniciado ou não com o windowns.

 

Segue a lista

 

Não	HKCU:Run	msnmsgr	"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
Não	HKCU:Run	Skype	"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
Não	HKCU:Run	Sony Ericsson PC Companion	"C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
Sim	HKLM:Run	NUSB3MON	"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
Sim	HKLM:Run	avgnt	"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Sim	HKLM:Run	QuickTime Task	"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Sim	HKLM:Run	Adobe Reader Speed Launcher	"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Sim	HKLM:Run	RtHDVCpl	C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Sim	HKLM:Run	PAC7302_Monitor	C:\Windows\PixArt\PAC7302\Monitor.exe
Sim	HKLM:Run	BCSSync	"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
Sim	HKLM:Run	COMODO Internet Security	"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
Não	HKLM:Run	Adobe ARM	"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Não	HKLM:Run	VirtualCloneDrive	"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s

 

Estou em duvida nesses:

QuickTime Task

Adobe Reader Speed Launcher

BCSSync "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

 

estou fazendo o downloads do Kaspersky Virus Removal Tool

Compartilhar este post


Link para o post
Compartilhar em outros sites
estou em duvida em o que deixar iniciado ou não com o windows

:seta: Este abaixo você pode desabilitar tranquilamente:

QuickTime Task

____________________

 

estou fazendo o downloads do Kaspersky Virus Removal Tool

Ok, estamos no aguardo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Verificação automática: concluído 32 minutos atrás   (eventos: 2, objetos: 1048956, hora: 02:45:38)	
23/04/2011 18:39:03	Tarefa iniciada		Ação padrão selecionada	
23/04/2011 21:24:41	Tarefa concluída		Ação padrão selecionada	

 

Acredito que seja isto.

obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Está otimo, muito bom.

Sabe me informar sobre este outros dois?

Adobe Reader Speed Launcher
BCSSync	"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServi

 

fiz o download do auslogics boostSpeed.

 

É bom manter ele?

obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sabe me informar sobre este outros dois?

Adobe Reader Speed Launcher
BCSSync	"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServi

Estes aí você pode deixá-los, um faz parte do Adobe Reader e o outro faz parte do Microsoft Office.

____________________

 

fiz o download do auslogics boostSpeed.

 

É bom manter ele?

obrigado.

Ainda não conhecia este programa, mas olhei os comentários das pessoas que usam ele no Baixaki e o pessoal disse que ele é muito bom. Então pode continuar a usá-lo, se quiser.

____________________

 

:seta: Pode desinstalar o Kaspersky Virus Removal Tool.

____________________

 

Está otimo, muito bom.

:thumbsup: Foi um prazer ajudar, conte sempre conosco!

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.