[Arquivado] Vundo.HK

Henricf · Outubro 10, 2008

Boa noite,

Meu micro está abrindo um monte de pop-up e aparece uma mensagem do firewall do windows dizendo que tem o trojan Vundo.hk

Segue o log do HijackThis.

Obrigada,

Henriette

_____________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:47:34, on 10/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Users\Henri\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\ooVoo\ooVoo.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\PROGRA~1\AVG\AVG8\aAvgApi.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Hijack\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [FingerPrintNotifer] "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"

O4 - HKLM\..\Run: [usbMonitor] "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"

O4 - HKLM\..\Run: [PwdBank] "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start

O4 - HKLM\..\Run: [HDMICtrlMan] C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [googletalk] C:\Users\Henri\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized

O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Henri\AppData\Local\Temp\yaYqoMfd.dll,c

O4 - HKCU\..\Run: [__c006E3BA] rundll32.exe "C:\Users\Henri\AppData\Roaming\__c006E3BA.dat",B

O4 - HKCU\..\Run: [9c259004] rundll32.exe "C:\Users\Henri\AppData\Local\Temp\iuebript.dll",b

O4 - HKCU\..\Run: [LSA Shellu] C:\Users\Henri\lsass.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resou...NPUpldpt-br.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: Authentec memory manager service (Authentec memory manager) - AuthenTec Inc. - C:\Windows\system32\TAMSvr.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - c:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 8843 bytes

Silas Martins · Outubro 10, 2008

Siga as instruções abaixo:

Faça o download do VundoFix no link : http://www.atribune.org/ccount/click.php?id=4

Clique duas vezes em VundoFix.exee ele ira iniciar.

Ao abrir o VundoFix clique em scan for Vundo. Espere acabar o scan. Terminado o scan clique em Remove Vundo

Irá aparecer um alerta khe indagando se deseja remover os arquivos. Clique em YES. Suaárea de trabalho irá sumir, mas não se preocupe isto é padrão. Reinicie o pc para que se complete o scan, clique em [OK

Retorne com o log do VundoFix que se encontra em C:\vundofix.txt juntamente com um novo log do hijackthis

Aguardo Retorno

Henricf · Outubro 13, 2008

Eu executei o programa e no final do scan ele falou que NO FILES WERE FOUND.

E agora o micro está impossivel. Toda hora abre pop-up e fica aparecendo direto mensagem do windows firewall sobre esse vundo e do AVG tb.

E o vundoFix não gerou log.

Henriette

Silas Martins · Outubro 14, 2008

Baixe o ComboFix em:

ComboFix

1) Desabilite o seu anti-vírus temporariamente;

2) Dê um duplo-clique no combofix.exe e tecle "1" para prosseguir. O processo vai durar, em média, 10 minutos;

3) O ComboFix reiniciará o PC automaticamente, a fim de que o processo de remoção seja finalizado (somente se houver infecção);

4) Quando a varredura acabar, será gerado um log, que estará em C:\ComboFix.txt;

5) Não clique na janela do ComboFix, nem feche clicando no X, enquanto a ferramenta estiver sendo executada, pois isto implicará na desconfiguração de seu desktop (ele ficará todo branco);

6) Para parar ou sair do ComboFix, tecle "N";

7) Reabilite o seu anti-vírus;

8) Preciso que você cole o conteúdo do ComboFix.txtjuntamente com o novo log do hijackthis em sua próxima resposta.

OBS.: Caso apareça uma mensagem avisando que ESTE NÃO É UM APLICATIVO WIN 32 VÁLIDO baixe o ComboFix novamente, mas salve-o em seu Desktop como KomboFix. Em último caso, tente utilizar o ComboFix em MODO SEGURO.

Atenção:

Não clique em nada enquanto o Combofix estiver rodando, Do contrário seu desktop ficará em branco.

Para parar o processo ou sair do ComboFix, tecle "2" e Enter.

Aguardo o retorno

Henricf · Outubro 15, 2008

Obrigada pela ajuda. :grin:

Log do ComboFix

ComboFix 08-10-14.07 - Henri 2008-10-15 17:15:05.1 - NTFSx86

Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.1120 [GMT 10:00]

Executando de: C:\Users\Henri\Downloads\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Temp\1cb

C:\Temp\1cb\syscheck.log

C:\Users\Henri\AppData\Local\Temp\efqyvjsq.dll

C:\Windows\system32\atmtd.dll._

C:\Windows\system32\m3

C:\Windows\system32\MSINET.oca

C:\Windows\system32\pac.txt

C:\Windows\system32\t1

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-15 to 2008-10-15 ))))))))))))))))))))))))))))

.

2008-10-13 21:21 . 2008-10-13 21:21 <DIR> d-------- C:\VundoFix Backups

2008-10-10 20:01 . 2008-10-10 20:01 <DIR> d-------- C:\Henri

2008-10-10 18:37 . 2008-10-10 18:47 <DIR> d-------- C:\Hijack

2008-10-10 17:27 . 2008-10-13 21:20 <DIR> d--h----- C:\$AVG8.VAULT$

2008-10-10 17:19 . 2008-10-10 17:19 <DIR> d-------- C:\Users\Henri\AppData\Roaming\aAvgApi

2008-10-10 17:11 . 2008-10-15 17:04 <DIR> d-------- C:\Windows\System32\drivers\Avg

2008-10-10 17:11 . 2008-10-10 17:11 <DIR> d-------- C:\Users\All Users\avg8

2008-10-10 17:11 . 2008-10-10 17:11 <DIR> d-------- C:\ProgramData\avg8

2008-10-10 17:11 . 2008-10-10 17:11 <DIR> d-------- C:\Program Files\AVG

2008-10-10 17:11 . 2008-10-10 17:11 97,928 --a------ C:\Windows\System32\drivers\avgldx86.sys

2008-10-10 17:11 . 2008-10-10 17:11 10,520 --a------ C:\Windows\System32\avgrsstx.dll

2008-10-09 21:06 . 2008-10-09 21:06 <DIR> d-------- C:\Users\Henri\AppData\Roaming\toshiba

2008-10-05 22:10 . 2008-10-05 22:14 <DIR> d-------- C:\Users\Henri\AppData\Roaming\ooVoo Details

2008-10-05 22:10 . 2008-10-06 07:27 <DIR> d-------- C:\Program Files\oovooToolbar

2008-10-05 22:10 . 2008-10-05 22:10 <DIR> d-------- C:\Program Files\ooVoo

2008-10-03 16:20 . 2008-10-09 07:36 68 --a------ C:\Users\Henri\z.bat

2008-10-02 21:17 . 2008-10-02 21:17 71 --a------ C:\Users\Henri\1385.bat

2008-10-02 07:43 . 2008-10-02 07:43 71 --a------ C:\Users\Henri\3023.bat

2008-10-01 19:29 . 2008-10-10 17:45 <DIR> d-------- C:\Windows\System32\EV02

2008-10-01 19:29 . 2008-10-01 19:29 <DIR> d-------- C:\Temp\xp34

2008-10-01 19:28 . 2008-10-01 19:28 71 --a------ C:\Users\Henri\3637.bat

2008-09-30 07:33 . 2008-09-30 07:33 71 --a------ C:\Users\Henri\4961.bat

2008-09-28 22:03 . 2008-09-28 22:03 71 --a------ C:\Users\Henri\6871.bat

2008-09-28 21:39 . 2008-09-28 21:39 71 --a------ C:\Users\Henri\5528.bat

2008-09-28 12:45 . 2008-09-28 12:45 71 --a------ C:\Users\Henri\9670.bat

2008-09-28 07:22 . 2008-09-28 07:22 71 --a------ C:\Users\Henri\2787.bat

2008-09-27 21:06 . 2008-09-27 21:06 71 --a------ C:\Users\Henri\8895.bat

2008-09-26 16:11 . 2008-09-26 16:11 71 --a------ C:\Users\Henri\8988.bat

2008-09-26 07:14 . 2008-09-26 07:14 71 --a------ C:\Users\Henri\6046.bat

2008-09-25 20:38 . 2008-09-25 20:38 71 --a------ C:\Users\Henri\4193.bat

2008-09-24 18:23 . 2008-09-24 18:23 71 --a------ C:\Users\Henri\5500.bat

2008-09-22 20:51 . 2008-09-22 20:51 71 --a------ C:\Users\Henri\1095.bat

2008-09-21 20:58 . 2008-09-21 20:58 71 --a------ C:\Users\Henri\3172.bat

2008-09-21 11:18 . 2008-09-21 11:18 71 --a------ C:\Users\Henri\4194.bat

2008-09-20 09:27 . 2008-09-20 09:27 71 --a------ C:\Users\Henri\3875.bat

2008-09-19 21:04 . 2008-09-19 21:04 71 --a------ C:\Users\Henri\9616.bat

2008-09-19 07:53 . 2008-09-19 07:53 71 --a------ C:\Users\Henri\9272.bat

2008-09-18 20:19 . 2008-09-18 20:19 71 --a------ C:\Users\Henri\5272.bat

2008-09-18 07:52 . 2008-09-18 07:52 71 --a------ C:\Users\Henri\7529.bat

2008-09-17 20:13 . 2008-09-17 20:13 71 --a------ C:\Users\Henri\3879.bat

2008-09-17 07:36 . 2008-09-17 07:36 71 --a------ C:\Users\Henri\4462.bat

2008-09-16 21:24 . 2008-09-16 21:24 71 --a------ C:\Users\Henri\4575.bat

2008-09-16 20:25 . 2008-07-31 11:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-09-16 20:25 . 2008-07-31 13:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll

2008-09-16 20:21 . 2008-09-16 20:21 71 --a------ C:\Users\Henri\8108.bat

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-14 12:40 --------- d-----w C:\Users\Henri\AppData\Roaming\Skype

2008-10-14 12:33 --------- d-----w C:\Users\Henri\AppData\Roaming\skypePM

2008-10-08 21:36 46,080 ----a-w C:\Users\Henri\index.exe

2008-10-05 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-09-16 13:14 --------- d-----w C:\ProgramData\Microsoft Help

2008-09-10 22:09 71 ----a-w C:\Users\Henri\5137.bat

2008-09-10 21:55 71 ----a-w C:\Users\Henri\9023.bat

2008-09-10 10:37 71 ----a-w C:\Users\Henri\9277.bat

2008-09-09 21:49 71 ----a-w C:\Users\Henri\6959.bat

2008-09-08 22:14 71 ----a-w C:\Users\Henri\6457.bat

2008-09-08 10:15 71 ----a-w C:\Users\Henri\6599.bat

2008-09-07 23:37 71 ----a-w C:\Users\Henri\2113.bat

2008-09-06 23:14 --------- d-----w C:\Program Files\Microsoft SQL Server

2008-09-06 23:11 71 ----a-w C:\Users\Henri\5754.bat

2008-09-06 08:45 --------- d-----w C:\Program Files\Common Files\Adobe

2008-09-06 08:12 71 ----a-w C:\Users\Henri\6705.bat

2008-09-05 22:16 71 ----a-w C:\Users\Henri\2898.bat

2008-09-05 12:10 71 ----a-w C:\Users\Henri\8554.bat

2008-09-05 09:15 71 ----a-w C:\Users\Henri\2352.bat

2008-09-04 22:10 71 ----a-w C:\Users\Henri\7156.bat

2008-09-04 11:03 71 ----a-w C:\Users\Henri\9888.bat

2008-09-03 22:08 71 ----a-w C:\Users\Henri\7992.bat

2008-09-02 10:35 --------- d-----w C:\Program Files\Longman

2008-09-02 10:28 71 ----a-w C:\Users\Henri\2831.bat

2008-09-02 09:19 71 ----a-w C:\Users\Henri\7745.bat

2008-09-01 22:09 71 ----a-w C:\Users\Henri\3699.bat

2008-09-01 12:39 --------- d--h--r C:\Users\Henri\AppData\Roaming\SecuROM

2008-08-31 22:14 71 ----a-w C:\Users\Henri\7989.bat

2008-08-31 10:38 --------- d-----w C:\Program Files\TEXTware

2008-08-31 10:38 --------- d-----w C:\Program Files\IDM

2008-08-31 09:03 71 ----a-w C:\Users\Henri\4378.bat

2008-08-31 02:24 --------- d-----w C:\Program Files\MicroPower Software

2008-08-30 23:12 71 ----a-w C:\Users\Henri\3822.bat

2008-08-30 21:16 --------- d-----w C:\Program Files\Windows Mail

2008-08-30 21:12 71 ----a-w C:\Users\Henri\1229.bat

2008-08-30 11:00 71 ----a-w C:\Users\Henri\9493.bat

2008-08-30 03:36 56 ---ha-w C:\Users\All Users\ezsidmv.dat

2008-08-30 03:36 56 ---ha-w C:\ProgramData\ezsidmv.dat

2008-08-30 03:34 --------- d-----w C:\Program Files\Google

2008-08-30 03:30 --------- d-----w C:\ProgramData\Skype

2008-08-30 03:30 --------- d-----w C:\Program Files\Skype

2008-08-30 03:30 --------- d-----w C:\Program Files\Common Files\Skype

2008-08-29 16:37 71 ----a-w C:\Users\Henri\1464.bat

2008-08-29 08:22 71 ----a-w C:\Users\Henri\7244.bat

2008-08-29 02:40 71 ----a-w C:\Users\Henri\8759.bat

2008-08-28 09:09 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-08-28 09:09 --------- d-----w C:\Program Files\Windows Live

2008-08-28 06:51 --------- d-----w C:\ProgramData\WLInstaller

2008-08-27 13:37 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

2008-08-27 11:29 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-08-27 11:09 --------- d-----w C:\ProgramData\Toshiba

2008-08-27 11:09 --------- d-----w C:\Program Files\TOSHIBA

2008-08-27 11:09 --------- d-----w C:\Program Files\Common Files\Toshiba Shared

2008-08-27 11:07 --------- d-----w C:\Users\Henri\AppData\Roaming\ATI

2008-08-27 11:07 --------- d-----w C:\ProgramData\ATI

2008-08-27 11:05 --------- d-----w C:\Users\Henri\AppData\Roaming\InstallShield

2008-08-27 11:04 --------- d-----w C:\ProgramData\TrueSuite Access Manager

2008-08-27 11:01 --------- d-----w C:\Program Files\Camera Assistant Software for Toshiba

2008-08-27 11:00 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf

2008-08-27 11:00 --------- d-----w C:\Program Files\Synaptics

2008-08-27 10:59 --------- d-----w C:\Program Files\TrueSuite Access Manager

2008-08-27 10:58 --------- d-----w C:\Program Files\Windows Media Components

2008-08-27 10:58 --------- d-----w C:\Program Files\InterVideo

2008-08-27 10:58 --------- d-----w C:\Program Files\Common Files\Ulead Systems

2008-08-27 10:57 --------- d-----w C:\ProgramData\Ulead Systems

2008-08-27 10:55 --------- d-----w C:\Program Files\Ulead Systems

2008-08-27 10:55 --------- d-----w C:\Program Files\CONEXANT

2008-08-27 10:55 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-08-27 10:51 --------- d-----w C:\Program Files\ATI Technologies

2008-08-27 10:50 --------- d-----w C:\Program Files\ATI

2008-08-27 10:49 0 --sha-r C:\Windows\system32\drivers\1179_TOSHIBA_Satellite M300_S3A6586D005_PSMD4A-023008.MRK

2008-08-27 10:46 --------- d-----w C:\Program Files\Intel

2008-08-27 10:45 17,408 ----a-w C:\Windows\System32\rpcnetp.dll

2008-08-27 10:43 17,408 ----a-w C:\Windows\System32\rpcnetp.exe

2008-08-02 03:26 36,864 ----a-w C:\Windows\System32\cdd.dll

2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll

2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll

2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll

2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe

2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll

2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll

2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll

2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll

2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll

2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll

2008-07-18 12:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll

2008-07-18 10:44 31,232 ----a-w C:\Windows\System32\wuapp.exe

2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll

2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOvrly1]

@="{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}"

[HKEY_CLASSES_ROOT\CLSID\{A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6}]

2007-04-21 04:40 118784 --a------ C:\Program Files\TrueSuite Access Manager\IconOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

"googletalk"="C:\Users\Henri\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-02 3735552]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-30 171448]

"oovoo.exe"="C:\Program Files\ooVoo\oovoo.exe" [2008-09-14 14174000]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 C:\Windows\System32\oobefldr.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-11 90112]

"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-29 75136]

"FingerPrintNotifer"="C:\Program Files\TrueSuite Access Manager\FpNotifier.exe" [2008-01-25 671744]

"UsbMonitor"="C:\Program Files\TrueSuite Access Manager\usbnotify.exe" [2007-06-06 94208]

"PwdBank"="C:\Program Files\TrueSuite Access Manager\PwdBank.exe" [2008-02-02 3150848]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]

"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-18 431456]

"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2007-11-01 54608]

"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]

"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-23 712704]

"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-26 413696]

"HDMICtrlMan"="C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-01-26 716800]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-13 1234712]

"NDSTray.exe"="NDSTray.exe" [bU]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-01-26 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{609EB0D4-88DB-427D-86FE-A82507F9646A}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{04AED489-DA32-42BF-BAE4-74F3FDB490EA}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{ADEA91F6-07E1-4729-B3D5-FCDCD04CF255}"= C:\Program Files\Skype\Phone\Skype.exe:Skype

"TCP Query User{2103091E-3E05-4E85-95DE-EAF32D9D5AD7}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo

"UDP Query User{CCEA1575-163E-49BC-8F7D-E03624FE2EB0}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo

"{08DAA1E6-9E8A-4A1D-8C2A-6F6290A760F0}"= UDP:443:porta TCP ooVoo 443

"{14E747B3-272A-4786-8FB0-2D24E7ABE7E5}"= TCP:443:porta UDP ooVoo 443

"{D01DF5FA-C675-44BC-9AFF-9A5A6BACC150}"= UDP:37674:porta TCP ooVoo 37674

"{E26BF96D-AB5A-4BEF-A829-B263207E187E}"= TCP:37674:porta UDP ooVoo 37674

"{39608A4F-C43D-41C6-8F99-D5DA338BDF29}"= TCP:37675:porta UDP ooVoo 37675

"TCP Query User{4A28E5C3-F0CF-47AB-A3F3-3DB3DDF60C9B}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo

"UDP Query User{F86C8924-D9A6-4263-8409-DF422985398B}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo

"{223F7E87-016A-402D-972C-CB5417901B26}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

R0 AlfaFF;AlfaFF mini-filter driver;C:\Windows\system32\Drivers\AlfaFF.sys [2008-02-03 43440]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-10-10 97928]

R2 Authentec memory manager;Authentec memory manager service;C:\Windows\system32\TAMSvr.exe [2007-10-16 49152]

R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-10 231704]

R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-26 40960]

R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]

R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-01-30 3483648]

R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]

R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]

R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-29 298496]

S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]

S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]

S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d0efb7c-77eb-11dd-9327-001e6841fa22}]

\shell\Auto\command - D:\Start.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7289e26-7428-11dd-aaa6-001f3b3e4b87}]

\shell\Auto\command - E:\Start.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7289e51-7428-11dd-aaa6-001f3b3e4b87}]

\shell\Auto\command - E:\Start.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f815378d-937a-11dd-8d71-001e6841fa22}]

\shell\Auto\command - E:\Start.exe

\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.exe

.

- - - - ORFÃOS REMOVIDOS - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)

HKCU-Run-__c006E3BA - C:\Users\Henri\AppData\Roaming\__c006E3BA.dat

HKCU-Run-LSA Shellu - C:\Users\Henri\lsass.exe

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\Windows\system32\yayaXpOe.dll

.

------- Scan Suplementar -------

.

O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-15 17:19:40

Windows 6.0.6001 Service Pack 1 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

------------------------ Outros Processos em Execução ------------------------

.

C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\System32\Ati2evxx.exe

C:\Windows\System32\audiodg.exe

C:\Windows\System32\Ati2evxx.exe

C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

C:\Windows\System32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe

C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Windows\System32\drivers\XAudio.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Windows\System32\conime.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\wbem\WMIADAP.exe

.

**************************************************************************

.

Tempo para conclusão: 2008-10-15 17:24:09 - Máquina reiniciou

ComboFix-quarantined-files.txt 2008-10-15 07:23:54

Pré-execução: 236.988.923.904 bytes free

Pós execução: 237,135,028,224 bytes free

304 --- E O F --- 2008-10-11 06:54:59

Henricf · Outubro 15, 2008

Log do HijackThis

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:27:01, on 15/10/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TrueSuite Access Manager\FpNotifier.exe

C:\Program Files\TrueSuite Access Manager\usbnotify.exe

C:\Program Files\TrueSuite Access Manager\PwdBank.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\AVG\AVG8\avgtray.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Users\Henri\AppData\Roaming\Google\Google Talk\googletalk.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\TrueSuite Access Manager\CssSvr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Windows\Explorer.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Hijack\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\IDM\QUICKF~1\PlugIns\IEHelp.dll