[Resolvido!] (Vista) Nao consigo instalar antivirus/ redirecionam

[shimabuco 0]

Eu nao estou conseguindo instalar nenhum antivirus, e descobri tambem que os resultados nos sites de busca sao redirecionados quando clicados.

 

Obrigado pela ajuda.

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:09 PM, on 5/7/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Danilo\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Danilo\Program Files\DNA\btdna.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1c9ba4ff319c30) (gupdate1c9ba4ff319c30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 10648 bytes

[PedroN 1]

Faça o download do Random's System Information Tool (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

Salve na sua área de trabalho.

 

◘ Execute o RSIT.exe.

◘ Haverá uma janela informativa:

◘ List files/folders created or modified in the last: 1 month

◘ Clique em Continue.

 

Quando terminar, dois blocos de notas serão abertos:

log.txt -> abrirá maximizado

info.txt -> abrirá minimizado.

 

poste o arquivo log.txt na sua proxima resposta.

 

Uma cópia desses arquivos ficará salva na pasta C:\RSIT

 

Obs: Se o seu firewall alertar sobre o arquivo rsit.exe tentando se conectar, certifique-se de permitir (allow).

[shimabuco 0]

aki esta o log pedido

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Danilo at 2009-05-09 00:44:30

Microsoft® Windows Vista™ Home Premium Service Pack 1

System drive C: has 240 GB (82%) free of 294 GB

Total RAM: 3002 MB (44% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:31 AM, on 5/9/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Danilo\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\notepad.exe

C:\Users\Danilo\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Danilo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Danilo\Program Files\DNA\btdna.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1c9ba4ff319c30) (gupdate1c9ba4ff319c30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11073 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Google Software Updater.job

C:\Windows\tasks\GoogleUpdateTaskMachine.job

C:\Windows\tasks\HPCeeScheduleForDanilo.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]

RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-02-22 312928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-27 668656]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]

Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll [2008-08-28 86032]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-07-10 150040]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-07-10 170520]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-07-10 145944]

"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264]

"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-10-06 210216]

"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]

"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-08-01 202032]

"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-02-22 198160]

"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-02-06 177472]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]

"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-09-30 972080]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

"BitTorrent DNA"=C:\Users\Danilo\Program Files\DNA\btdna.exe [2009-03-15 321344]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

 

C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-07-06 208896]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableUIADesktopToggle"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2009-05-09 00:44:30 ----D---- C:\rsit

2009-05-05 23:08:30 ----D---- C:\Windows\temp

2009-05-05 23:08:27 ----A---- C:\ComboFix.txt

2009-05-05 22:57:47 ----A---- C:\Windows\zip.exe

2009-05-05 22:57:47 ----A---- C:\Windows\vFind.exe

2009-05-05 22:57:47 ----A---- C:\Windows\SWXCACLS.exe

2009-05-05 22:57:47 ----A---- C:\Windows\SWSC.exe

2009-05-05 22:57:47 ----A---- C:\Windows\SWREG.exe

2009-05-05 22:57:47 ----A---- C:\Windows\sed.exe

2009-05-05 22:57:47 ----A---- C:\Windows\NIRCMD.exe

2009-05-05 22:57:47 ----A---- C:\Windows\grep.exe

2009-05-05 22:57:26 ----D---- C:\Windows\ERDNT

2009-05-05 22:57:25 ----D---- C:\ComboFix

2009-05-05 22:57:16 ----D---- C:\Qoobox

2009-05-05 22:21:51 ----D---- C:\ProgramData\LightScribe

2009-05-05 21:44:46 ----D---- C:\ProgramData\Juno

2009-05-05 21:44:46 ----D---- C:\Program Files\Juno

2009-05-05 21:44:45 ----D---- C:\Program Files\JunoInstaller

2009-05-05 06:58:54 ----D---- C:\ProgramData\Kaspersky Lab

2009-05-05 06:55:24 ----D---- C:\ProgramData\Kaspersky Lab Setup Files

2009-05-05 00:29:14 ----D---- C:\!KillBox

2009-05-05 00:17:14 ----D---- C:\Program Files\Trend Micro

2009-05-05 00:16:49 ----D---- C:\Program Files\Hijackthis

2009-05-04 23:38:30 ----D---- C:\Users\Danilo\AppData\Roaming\CyberLink

2009-05-02 22:45:17 ----A---- C:\Windows\system32\avgrep.txt

2009-05-02 22:43:25 ----D---- C:\Windows\Minidump

2009-05-02 22:43:00 ----A---- C:\Windows\ntbtlog.txt

2009-05-02 22:41:29 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-05-02 22:41:29 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-05-01 23:40:47 ----D---- C:\RECYCLER

2009-05-01 23:40:27 ----D---- C:\Program Files\HDQuality

2009-04-30 21:46:15 ----A---- C:\Windows\system32\mshtmler.dll

2009-04-30 21:46:15 ----A---- C:\Windows\system32\mshtmled.dll

2009-04-30 21:46:15 ----A---- C:\Windows\system32\ieui.dll

2009-04-30 21:46:15 ----A---- C:\Windows\system32\icardie.dll

2009-04-30 21:46:15 ----A---- C:\Windows\system32\admparse.dll

2009-04-30 21:46:14 ----A---- C:\Windows\system32\msls31.dll

2009-04-30 21:46:14 ----A---- C:\Windows\system32\jsproxy.dll

2009-04-30 21:46:11 ----A---- C:\Windows\system32\corpol.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\msfeedsbs.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\licmgr10.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\inseng.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\imgutil.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\iernonce.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\iepeers.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\ieakeng.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\dxtrans.dll

2009-04-30 21:46:10 ----A---- C:\Windows\system32\dxtmsft.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\WinFXDocObj.exe

2009-04-30 21:46:09 ----A---- C:\Windows\system32\wextract.exe

2009-04-30 21:46:09 ----A---- C:\Windows\system32\webcheck.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\occache.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\mstime.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\msrating.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\msfeedssync.exe

2009-04-30 21:46:09 ----A---- C:\Windows\system32\iesetup.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\ieakui.dll

2009-04-30 21:46:09 ----A---- C:\Windows\system32\ieaksie.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\vbscript.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\url.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\pngfilt.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\msfeeds.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\jscript.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\ieapfltr.dll

2009-04-30 21:46:08 ----A---- C:\Windows\system32\advpack.dll

2009-04-30 21:46:07 ----A---- C:\Windows\system32\mshta.exe

2009-04-30 21:46:07 ----A---- C:\Windows\system32\iexpress.exe

2009-04-30 21:46:07 ----A---- C:\Windows\system32\iedkcs32.dll

2009-04-30 21:46:06 ----A---- C:\Windows\system32\wininet.dll

2009-04-30 21:46:06 ----A---- C:\Windows\system32\urlmon.dll

2009-04-30 21:46:06 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2009-04-30 21:46:06 ----A---- C:\Windows\system32\SetDepNx.exe

2009-04-30 21:46:06 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2009-04-30 21:46:06 ----A---- C:\Windows\system32\PDMSetup.exe

2009-04-30 21:46:06 ----A---- C:\Windows\system32\ieUnatt.exe

2009-04-30 21:46:06 ----A---- C:\Windows\system32\iesysprep.dll

2009-04-30 21:46:06 ----A---- C:\Windows\system32\iertutil.dll

2009-04-30 21:46:06 ----A---- C:\Windows\system32\ie4uinit.exe

2009-04-30 21:46:05 ----A---- C:\Windows\system32\ieframe.dll

2009-04-30 21:46:03 ----A---- C:\Windows\system32\mshtml.dll

2009-04-27 20:29:02 ----D---- C:\ProgramData\Google Updater

2009-04-22 18:03:00 ----D---- C:\Program Files\AVG

2009-04-22 18:02:59 ----D---- C:\ProgramData\avg8

2009-04-15 22:05:07 ----A---- C:\Windows\system32\winhttp.dll

2009-04-15 22:05:01 ----A---- C:\Windows\system32\xolehlp.dll

2009-04-15 22:05:01 ----A---- C:\Windows\system32\msdtcprx.dll

2009-04-15 22:04:43 ----A---- C:\Windows\system32\rpcss.dll

2009-04-15 22:04:42 ----A---- C:\Windows\system32\ntoskrnl.exe

2009-04-15 22:04:42 ----A---- C:\Windows\system32\ntkrnlpa.exe

2009-04-15 22:04:41 ----A---- C:\Windows\system32\printfilterpipelinesvc.exe

2009-04-15 22:04:40 ----A---- C:\Windows\system32\sdohlp.dll

2009-04-15 22:04:40 ----A---- C:\Windows\system32\printfilterpipelineprxy.dll

2009-04-15 22:04:40 ----A---- C:\Windows\system32\iasrecst.dll

2009-04-15 22:04:40 ----A---- C:\Windows\system32\iashost.exe

2009-04-15 22:04:40 ----A---- C:\Windows\system32\iasdatastore.dll

2009-04-15 22:04:40 ----A---- C:\Windows\system32\iasads.dll

2009-04-15 22:04:29 ----A---- C:\Windows\system32\lsasrv.dll

2009-04-15 22:04:29 ----A---- C:\Windows\system32\kernel32.dll

2009-04-15 22:04:28 ----A---- C:\Windows\system32\secur32.dll

2009-04-15 22:04:28 ----A---- C:\Windows\system32\apilogen.dll

2009-04-15 22:04:28 ----A---- C:\Windows\system32\amxread.dll

2009-04-15 12:50:40 ----D---- C:\ProgramData\muvee Technologies

2009-04-15 12:50:16 ----D---- C:\Users\Danilo\AppData\Roaming\muvee Technologies

2009-04-14 11:41:39 ----A---- C:\Windows\system32\javaws.exe

2009-04-14 11:41:39 ----A---- C:\Windows\system32\javaw.exe

2009-04-14 11:41:39 ----A---- C:\Windows\system32\java.exe

2009-04-12 14:52:13 ----D---- C:\Users\Danilo\AppData\Roaming\Corel

2009-04-12 14:50:28 ----D---- C:\Program Files\Common Files\Protexis

2009-04-12 14:50:27 ----D---- C:\ProgramData\Corel

2009-04-12 14:47:11 ----D---- C:\Program Files\Common Files\Corel

2009-04-12 14:46:42 ----D---- C:\Program Files\Corel

2009-04-11 15:40:20 ----A---- C:\Windows\system32\GEARAspi.dll

2009-04-11 15:39:54 ----D---- C:\Program Files\iPod

2009-04-11 15:39:52 ----D---- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-11 15:39:52 ----D---- C:\Program Files\iTunes

2009-04-10 22:46:44 ----D---- C:\Users\Danilo\AppData\Roaming\DivX

2009-04-10 22:41:40 ----D---- C:\Program Files\Common Files\PX Storage Engine

2009-04-10 22:41:16 ----D---- C:\Program Files\Common Files\DivX Shared

2009-04-10 22:41:15 ----D---- C:\Program Files\DivX

 

======List of files/folders modified in the last 1 months======

 

2009-05-09 00:44:31 ----D---- C:\Windows\Prefetch

2009-05-09 00:42:59 ----D---- C:\Users\Danilo\AppData\Roaming\DNA

2009-05-09 00:14:55 ----D---- C:\Windows\System32

2009-05-09 00:14:55 ----D---- C:\Windows\inf

2009-05-09 00:14:55 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-05-09 00:13:22 ----D---- C:\Windows\Tasks

2009-05-08 03:00:12 ----D---- C:\Windows\winsxs

2009-05-08 03:00:12 ----D---- C:\Program Files\Internet Explorer

2009-05-07 22:47:27 ----D---- C:\Windows\system32\catroot

2009-05-06 06:46:22 ----A---- C:\ProgramData\hpqp.ini

2009-05-05 23:12:59 ----RD---- C:\Program Files

2009-05-05 23:11:13 ----SHD---- C:\Windows\Installer

2009-05-05 23:11:12 ----HD---- C:\Config.Msi

2009-05-05 23:11:12 ----D---- C:\Windows\system32\drivers

2009-05-05 23:08:31 ----D---- C:\Windows\system32\en-US

2009-05-05 23:08:30 ----D---- C:\Windows

2009-05-05 23:07:11 ----A---- C:\Windows\system.ini

2009-05-05 23:05:57 ----D---- C:\Windows\AppPatch

2009-05-05 23:05:56 ----D---- C:\Program Files\Common Files

2009-05-05 22:46:52 ----SHD---- C:\System Volume Information

2009-05-05 22:21:51 ----HD---- C:\ProgramData

2009-05-05 21:50:41 ----SD---- C:\Users\Danilo\AppData\Roaming\Microsoft

2009-05-05 20:18:32 ----D---- C:\Windows\system32\catroot2

2009-05-05 06:45:18 ----D---- C:\Windows\system32\Tasks

2009-05-04 23:39:29 ----D---- C:\Users\Danilo\AppData\Roaming\BitTorrent

2009-05-04 23:38:17 ----D---- C:\ProgramData\CyberLink

2009-04-30 22:23:57 ----D---- C:\Windows\rescache

2009-04-30 22:06:06 ----D---- C:\Windows\system32\migration

2009-04-30 22:06:06 ----D---- C:\Windows\PolicyDefinitions

2009-04-30 21:53:26 ----D---- C:\ProgramData\Microsoft Help

2009-04-30 21:52:01 ----RSD---- C:\Windows\assembly

2009-04-30 21:50:46 ----RSD---- C:\Windows\Fonts

2009-04-30 21:50:42 ----D---- C:\Program Files\Common Files\microsoft shared

2009-04-27 20:30:25 ----D---- C:\Program Files\Google

2009-04-26 11:08:46 ----D---- C:\Windows\system32\WDI

2009-04-26 10:35:48 ----D---- C:\ProgramData\WildTangent

2009-04-22 19:30:25 ----D---- C:\ProgramData\Norton

2009-04-16 03:18:19 ----D---- C:\Windows\system32\wbem

2009-04-16 03:18:19 ----D---- C:\Windows\system32\manifeststore

2009-04-16 03:18:19 ----D---- C:\Program Files\Windows Mail

2009-04-14 11:41:38 ----D---- C:\Program Files\Java

2009-04-11 22:19:10 ----D---- C:\ProgramData\Adobe

2009-04-11 22:19:07 ----D---- C:\Program Files\Common Files\Adobe

2009-04-11 15:40:18 ----DC---- C:\Windows\system32\DRVSTORE

2009-04-11 15:39:53 ----D---- C:\Program Files\Common Files\Apple

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-17 8704]

R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]

R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]

R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-10-31 985600]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-10-31 208896]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-07-06 2378752]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-29 112128]

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-01-20 142848]

R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-09-19 61952]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]

R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-03-05 36864]

R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-10-31 661504]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]

S3 aujasnkj;aujasnkj; \??\C:\Users\Danilo\AppData\Local\Temp\aujasnkj.sys []

S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-20 131584]

S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-20 16384]

S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-20 36864]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]

S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]

S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-20 2225664]

S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]

S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-20 39936]

S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]

R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]

R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]

R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-10-06 365952]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-09-15 241734]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-17 386560]

R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]

R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]

R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]

S2 gupdate1c9ba4ff319c30;Google Update Service (gupdate1c9ba4ff319c30); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-10 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-27 183280]

S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]

S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

 

-----------------EOF-----------------

[PedroN 1]

• Baixe: < ComboFix.exe >

• Salve-o no Desktop!

• Desabilite as proteções residente de: antivírus,antispywares e firewall. ( Menos o do Windows! )

• Feche todas as janelas e execute a ferramenta!

• Na solicitação: "Negação de garantia de software" --> Clique em Sim!

• Não possuindo o "Console de Recuperação",aceite optar pela instalação do mesmo!

 

<!> Caso aconteça a notificação de: Aplicativo Win32 inválido,delete a ferramenta e faça,novamente,o download.

-- Salve-a no desktop,renomeada como: Kombo.exe

-- Ps: Nomeie durante o salvamento,e não após salvá-la!

-- Ps: Surgindo alguma mensagem de erro,rode o ComboFix.exe em Modo de Segurança.

-- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

-- Ps: Evite executar,voluntariamente,esta ferramenta!Siga,àcima,todas as recomendações propostas.

• Abrir-se-á a janela Auto Scan. --> Aguarde!

• Àfim de completar as remoções,o ComboFix poderá reiniciar o computador.

• Se houver necessidade,digite a opção para continuar! --> ( 1 ) --> Aperte Enter.

• Aguarde a conclusão!

• Durante o scan,evite manusear o mouse ou teclado! <-- Importante!

• Para parar ou sair do ComboFix,tecle "N" --> Enter.

----------------------

• Terminando,poste os relatórios: C:\ComboFix.txt + HijackThis,atualizado

[shimabuco 0]

os dois logs

 

ComboFix 09-05-08.03 - Danilo 05/09/2009 10:02.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3002.1554 [GMT -4:00]

Running from: c:\users\Danilo\Desktop\ComboFix.exe

* Created a new restore point

.

 

((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))

.

 

2009-05-09 04:44 . 2009-05-09 04:44 -------- d-----w C:\rsit

2009-05-06 02:28 . 2009-05-06 02:28 680 ----a-w c:\users\Danilo\AppData\Local\d3d9caps.dat

2009-05-06 02:21 . 2009-05-06 02:21 -------- d-----w c:\programdata\LightScribe

2009-05-06 02:21 . 2009-05-06 02:21 -------- d-----w c:\users\All Users\LightScribe

2009-05-06 01:44 . 2009-05-06 01:44 -------- d-----w c:\program files\Juno

2009-05-06 01:44 . 2009-05-06 01:44 -------- d-----w c:\programdata\Juno

2009-05-06 01:44 . 2009-05-06 01:44 -------- d-----w c:\users\All Users\Juno

2009-05-06 01:44 . 2009-05-06 01:44 -------- d-----w c:\program files\JunoInstaller

2009-05-05 11:00 . 2009-05-06 03:15 32 --sha-w c:\windows\system32\drivers\fidbox.dat

2009-05-05 11:00 . 2009-05-06 03:15 32 --sha-w c:\windows\system32\drivers\fidbox2.dat

2009-05-05 10:58 . 2009-05-06 03:11 -------- d-----w c:\programdata\Kaspersky Lab

2009-05-05 10:58 . 2009-05-06 03:11 -------- d-----w c:\users\All Users\Kaspersky Lab

2009-05-05 10:55 . 2009-05-06 02:06 -------- d-----w c:\programdata\Kaspersky Lab Setup Files

2009-05-05 10:55 . 2009-05-06 02:06 -------- d-----w c:\users\All Users\Kaspersky Lab Setup Files

2009-05-05 04:29 . 2009-05-05 04:29 -------- d-----w C:\!KillBox

2009-05-05 04:17 . 2009-05-05 04:17 -------- d-----w c:\program files\Trend Micro

2009-05-05 03:38 . 2009-05-05 03:38 -------- d-----w c:\users\Danilo\AppData\Roaming\CyberLink

2009-05-05 03:38 . 2009-05-05 03:38 -------- d-----w c:\users\Public\CyberLink

2009-05-03 02:41 . 2009-05-03 02:41 -------- d-----w c:\programdata\Spybot - Search & Destroy

2009-05-03 02:41 . 2009-05-03 02:41 -------- d-----w c:\users\All Users\Spybot - Search & Destroy

2009-05-03 02:41 . 2009-05-05 03:44 -------- d-----w c:\program files\Spybot - Search & Destroy

2009-05-02 03:40 . 2009-05-02 03:40 -------- d-----w c:\program files\HDQuality

2009-04-28 00:29 . 2009-05-09 04:13 -------- d-----w c:\programdata\Google Updater

2009-04-28 00:29 . 2009-05-09 04:13 -------- d-----w c:\users\All Users\Google Updater

2009-04-22 22:03 . 2009-04-22 22:03 -------- d-----w c:\program files\AVG

2009-04-22 22:02 . 2009-05-06 01:53 -------- d-----w c:\programdata\avg8

2009-04-22 22:02 . 2009-05-06 01:53 -------- d-----w c:\users\All Users\avg8

2009-04-16 02:05 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll

2009-04-16 02:05 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll

2009-04-16 02:05 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll

2009-04-15 16:50 . 2009-04-15 16:50 -------- d-----w c:\programdata\muvee Technologies

2009-04-15 16:50 . 2009-04-15 16:50 -------- d-----w c:\users\All Users\muvee Technologies

2009-04-15 16:50 . 2009-04-15 16:52 -------- d-----w c:\users\Danilo\AppData\Roaming\muvee Technologies

2009-04-12 18:52 . 2009-04-12 18:52 8 --sh--r c:\programdata\BD8C2427EB.sys

2009-04-12 18:52 . 2009-04-12 18:52 8 --sh--r c:\users\All Users\BD8C2427EB.sys

2009-04-12 18:52 . 2009-04-12 18:53 2828 --sha-w c:\programdata\KGyGaAvL.sys

2009-04-12 18:52 . 2009-04-12 18:53 2828 --sha-w c:\users\All Users\KGyGaAvL.sys

2009-04-12 18:52 . 2009-04-12 18:52 -------- d-----w c:\users\Danilo\AppData\Roaming\Corel

2009-04-12 18:50 . 2009-04-12 18:50 -------- d-----w c:\program files\Common Files\Protexis

2009-04-12 18:50 . 2009-04-12 18:52 -------- d-----w c:\programdata\Corel

2009-04-12 18:50 . 2009-04-12 18:52 -------- d-----w c:\users\All Users\Corel

2009-04-12 18:47 . 2009-04-12 18:47 -------- d-----w c:\program files\Common Files\Corel

2009-04-12 18:46 . 2009-04-12 18:46 -------- d-----w c:\program files\Corel

2009-04-11 19:40 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll

2009-04-11 19:40 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys

2009-04-11 19:39 . 2009-04-11 19:39 -------- d-----w c:\program files\iPod

2009-04-11 19:39 . 2009-04-11 19:40 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-11 19:39 . 2009-04-11 19:40 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-04-11 19:39 . 2009-04-11 19:40 -------- d-----w c:\program files\iTunes

2009-04-11 02:46 . 2009-04-11 02:46 -------- d-----w c:\users\Danilo\AppData\Roaming\DivX

2009-04-11 02:41 . 2009-04-11 02:41 -------- d-----w c:\program files\Common Files\PX Storage Engine

2009-04-11 02:41 . 2009-04-11 02:41 -------- d-----w c:\program files\Common Files\DivX Shared

2009-04-11 02:41 . 2009-04-11 02:42 -------- d-----w c:\program files\DivX

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-06 03:15 . 2009-05-05 11:00 32 --sha-w c:\windows\system32\drivers\fidbox2.idx

2009-05-06 03:15 . 2009-05-05 11:00 32 --sha-w c:\windows\system32\drivers\fidbox.idx

2009-05-06 02:35 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat

2009-05-06 02:35 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstrng.dat

2009-05-06 02:35 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat

2009-05-01 02:10 . 2009-02-19 23:53 80680 ----a-w c:\users\Danilo\AppData\Local\GDIPFONTCACHEV1.DAT

2009-04-28 00:30 . 2009-02-22 04:18 -------- d-----w c:\program files\Google

2009-04-16 07:18 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail

2009-04-14 15:41 . 2008-10-23 10:53 -------- d-----w c:\program files\Java

2009-04-12 02:19 . 2008-10-23 10:42 -------- d-----w c:\program files\Common Files\Adobe

2009-04-11 19:39 . 2009-02-21 22:57 -------- d-----w c:\program files\Common Files\Apple

2009-04-09 01:46 . 2009-04-09 01:46 -------- d-----w c:\program files\Mozilla Firefox 3.1 Beta 3

2009-04-03 00:03 . 2009-04-02 23:43 130958 ----a-w c:\windows\hpoins12.dat

2009-04-02 23:58 . 2009-04-02 23:54 -------- d-----w c:\program files\Common Files\HP

2009-04-02 23:57 . 2008-10-23 10:56 -------- d-----w c:\program files\HP

2009-04-02 23:53 . 2009-04-02 23:53 -------- d-----w c:\program files\Common Files\Hewlett-Packard

2009-03-23 10:52 . 2009-03-23 10:52 -------- d-----w c:\program files\JRE

2009-03-23 10:51 . 2009-03-23 10:51 -------- d-----w c:\program files\OpenOffice.org 3

2009-03-18 00:20 . 2009-03-18 00:20 -------- d-----w c:\program files\Unity

2009-03-17 03:38 . 2009-04-16 02:04 13824 ----a-w c:\windows\system32\apilogen.dll

2009-03-17 03:38 . 2009-04-16 02:04 24064 ----a-w c:\windows\system32\amxread.dll

2009-03-14 14:23 . 2009-03-14 14:23 -------- d-----w c:\program files\Xvid

2009-03-14 14:01 . 2009-03-14 14:00 -------- d-----w c:\program files\BitTorrent

2009-03-14 14:00 . 2009-03-14 14:00 -------- d-----w c:\program files\DNA

2009-03-09 09:19 . 2009-03-04 12:10 410984 ----a-w c:\windows\system32\deploytk.dll

2009-03-08 11:34 . 2009-05-01 01:46 914944 ----a-w c:\windows\system32\wininet.dll

2009-03-08 11:34 . 2009-05-01 01:46 43008 ----a-w c:\windows\system32\licmgr10.dll

2009-03-08 11:33 . 2009-05-01 01:46 18944 ----a-w c:\windows\system32\corpol.dll

2009-03-08 11:33 . 2009-05-01 01:46 109056 ----a-w c:\windows\system32\iesysprep.dll

2009-03-08 11:33 . 2009-05-01 01:46 109568 ----a-w c:\windows\system32\PDMSetup.exe

2009-03-08 11:33 . 2009-05-01 01:46 132608 ----a-w c:\windows\system32\ieUnatt.exe

2009-03-08 11:33 . 2009-05-01 01:46 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe

2009-03-08 11:33 . 2009-05-01 01:46 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe

2009-03-08 11:33 . 2009-05-01 01:46 103936 ----a-w c:\windows\system32\SetDepNx.exe

2009-03-08 11:33 . 2009-05-01 01:46 420352 ----a-w c:\windows\system32\vbscript.dll

2009-03-08 11:32 . 2009-05-01 01:46 72704 ----a-w c:\windows\system32\admparse.dll

2009-03-08 11:32 . 2009-05-01 01:46 71680 ----a-w c:\windows\system32\iesetup.dll

2009-03-08 11:32 . 2009-05-01 01:46 66560 ----a-w c:\windows\system32\wextract.exe

2009-03-08 11:32 . 2009-05-01 01:46 169472 ----a-w c:\windows\system32\iexpress.exe

2009-03-08 11:31 . 2009-05-01 01:46 34816 ----a-w c:\windows\system32\imgutil.dll

2009-03-08 11:31 . 2009-05-01 01:46 48128 ----a-w c:\windows\system32\mshtmler.dll

2009-03-08 11:31 . 2009-05-01 01:46 45568 ----a-w c:\windows\system32\mshta.exe

2009-03-08 11:22 . 2009-05-01 01:46 156160 ----a-w c:\windows\system32\msls31.dll

2009-03-06 21:12 . 2008-08-22 00:03 21256 ----a-w c:\windows\Help\OEM\scripts\HPScript.exe

2009-03-06 03:59 . 2009-03-06 03:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys

2009-03-06 03:59 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

2009-03-05 16:29 . 2009-03-17 22:10 16648 ----a-w c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe

2009-03-03 04:46 . 2009-04-16 02:04 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe

2009-03-03 04:46 . 2009-04-16 02:04 3547632 ----a-w c:\windows\system32\ntoskrnl.exe

2009-03-03 04:39 . 2009-04-16 02:04 183296 ----a-w c:\windows\system32\sdohlp.dll

2009-03-03 04:39 . 2009-04-16 02:04 551424 ----a-w c:\windows\system32\rpcss.dll

2009-03-03 04:39 . 2009-04-16 02:04 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll

2009-03-03 04:37 . 2009-04-16 02:04 98304 ----a-w c:\windows\system32\iasrecst.dll

2009-03-03 04:37 . 2009-04-16 02:04 54784 ----a-w c:\windows\system32\iasads.dll

2009-03-03 04:37 . 2009-04-16 02:04 44032 ----a-w c:\windows\system32\iasdatastore.dll

2009-03-03 03:04 . 2009-04-16 02:04 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe

2009-03-03 02:38 . 2009-04-16 02:04 17408 ----a-w c:\windows\system32\iashost.exe

2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll

2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll

2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll

2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll

2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll

2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll

2009-02-13 08:49 . 2009-04-16 02:04 72704 ----a-w c:\windows\system32\secur32.dll

2009-02-13 08:49 . 2009-04-16 02:04 1255936 ----a-w c:\windows\system32\lsasrv.dll

2009-02-09 03:10 . 2009-03-10 20:57 2033152 ----a-w c:\windows\system32\win32k.sys

2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini

2008-10-23 10:05 . 2008-10-23 09:55 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-06_03.07.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2009-05-06 10:47 44280 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2009-05-06 10:47 88830 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2008-07-18 17:13 . 2008-07-18 17:13 20992 c:\windows\System32\hpzisn12.dll

- 2006-11-08 20:35 . 2006-11-08 20:35 29696 c:\windows\System32\hpzipt12.dll

+ 2008-07-18 17:13 . 2008-07-18 17:13 29696 c:\windows\System32\hpzipt12.dll

+ 2008-07-18 17:13 . 2008-07-18 17:13 33792 c:\windows\System32\HPZipr12.dll

+ 2008-07-18 17:13 . 2008-07-18 17:13 53760 c:\windows\System32\HPZipm12.dll

+ 2008-07-18 17:13 . 2008-07-18 17:13 44032 c:\windows\System32\HPZinw12.dll

- 2006-11-08 20:35 . 2006-11-08 20:35 49152 c:\windows\System32\HPZidr12.dll

+ 2008-07-18 17:13 . 2008-07-18 17:13 49152 c:\windows\System32\HPZidr12.dll

+ 2008-03-05 01:44 . 2008-03-05 01:44 39936 c:\windows\System32\hpbpro.dll

+ 2008-03-05 01:45 . 2008-03-05 01:45 25600 c:\windows\System32\hpboid.dll

+ 2008-03-05 01:44 . 2008-03-05 01:44 24576 c:\windows\System32\hpbmiapi.dll

- 2009-02-19 23:53 . 2009-05-06 03:02 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-19 23:53 . 2009-05-09 04:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-19 23:53 . 2009-05-06 03:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-19 23:53 . 2009-05-09 04:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-19 23:53 . 2009-05-09 04:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-19 23:53 . 2009-05-06 03:02 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-05-06 21:38 . 2009-05-06 21:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-05-06 21:38 . 2009-05-06 21:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-05-06 21:38 . 2009-05-06 21:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-20 00:17 . 2009-03-16 03:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-02-20 00:17 . 2009-05-06 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-02-20 00:17 . 2009-03-16 03:20 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-20 00:17 . 2009-05-06 03:14 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-02-20 00:17 . 2009-05-06 03:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-02-20 00:17 . 2009-03-16 03:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-02-19 23:54 . 2009-05-06 10:47 6626 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3400127497-3344029594-1416240297-1000_UserData.bin

+ 2008-03-05 01:44 . 2008-03-05 01:44 7680 c:\windows\System32\hpbprops.dll

+ 2008-03-05 01:45 . 2008-03-05 01:45 7680 c:\windows\System32\hpboidps.dll

- 2009-05-06 03:02 . 2009-05-06 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-05-06 10:45 . 2009-05-06 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-05-06 03:02 . 2009-05-06 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-05-06 10:45 . 2009-05-06 10:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-05-08 02:47 . 2009-04-25 12:39 102400 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22867_none_842869855fff5a59\iecompat.dll

+ 2009-05-08 02:47 . 2009-04-25 03:31 102400 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18777_none_8393fcce46e9d680\iecompat.dll

+ 2009-02-20 12:27 . 2009-05-09 13:49 275998 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2006-11-02 10:33 . 2009-05-09 04:14 595684 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-05-06 02:42 595684 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2009-05-06 02:42 101350 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2009-05-09 04:14 101350 c:\windows\System32\perfc009.dat

+ 2007-04-24 14:33 . 2007-04-24 14:33 114688 c:\windows\System32\hplbdchn.dll

+ 2009-05-01 02:08 . 2009-05-08 03:03 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-05-01 02:08 . 2009-05-01 02:08 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-05-06 21:38 . 2009-05-06 21:38 245760 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-02-20 06:27 . 2009-05-06 04:33 116040 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2006-11-02 10:22 . 2009-05-02 03:44 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2006-11-02 10:22 . 2009-05-08 02:47 6553600 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-05-09 14:02 . 2009-05-09 14:02 6328320 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT

+ 2008-06-06 17:27 . 2009-05-08 02:47 43892816 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"BitTorrent DNA"="c:\users\Danilo\Program Files\DNA\btdna.exe" [2009-03-15 321344]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-10 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-10 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-10 145944]

"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]

"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]

"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]

"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]

"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-22 198160]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

 

c:\users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{6488101D-70EA-4629-8042-C5282E5D84F6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{83766235-776A-44E7-A9D3-8B63EA8C4A18}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{3053D97C-241E-4AC5-9170-CB3FF8399023}"= c:\program files\CyberLink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{67428679-CA1F-43DE-BAA6-3E4420044DCD}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play

"{FB3C3054-52FF-4A6F-AAF6-178C81F76469}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{FC4F4275-5084-428D-AF85-68C565FEBB43}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{80B59BC6-A793-4899-8641-48D148E71250}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

"{702022A8-E946-4DE1-867C-EB59F6FB9470}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)

"{FF818C31-66FD-4D29-8792-AC34E8BAA3AA}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)

"{1ADEBCCB-DD18-4C2B-A367-62E7D6367090}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)

"{4B194547-77CD-43B1-8271-C6CCE8F87A30}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)

"{7F48AB73-7CC6-4C5F-A4C8-84403750E97C}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes

"{9EFBB529-5136-4330-B630-6279D83E8589}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]

"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [7/9/2008 5:28 PM 20496]

R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/23/2008 6:56 AM 365952]

R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 6:53 PM 226656]

R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/23/2008 5:55 AM 193840]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/29/2008 10:52 AM 112128]

S2 gupdate1c9ba4ff319c30;Google Update Service (gupdate1c9ba4ff319c30);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 10:41 PM 133104]

 

--- Other Services/Drivers In Memory ---

 

*NewlyCreated* - AUJASNKJ

*Deregistered* - aujasnkj

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Contents of the 'Scheduled Tasks' folder

 

2009-05-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 00:28]

 

2009-05-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:41]

 

2009-04-15 c:\windows\Tasks\HPCeeScheduleForDanilo.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.nytimes.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

FF - ProfilePath - c:\users\Danilo\AppData\Roaming\Mozilla\Firefox\Profiles\hq7a95v0.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-09 10:05

Windows 6.0.6001 Service Pack 1 NTFS

 

scanning hidden processes ...

 

[0] 0x0020006E

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2009-05-09 10:07

ComboFix-quarantined-files.txt 2009-05-09 14:07

ComboFix2.txt 2009-05-06 03:08

 

Pre-Run: 251,412,582,400 bytes free

Post-Run: 251,436,310,528 bytes free

 

320 --- E O F --- 2009-05-08 07:00

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:31 AM, on 5/9/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Danilo\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\notepad.exe

C:\Users\Danilo\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Danilo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Danilo\Program Files\DNA\btdna.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1c9ba4ff319c30) (gupdate1c9ba4ff319c30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11073 bytes

[PedroN 1]

Siga os meus procedimentos na ordem.

 

1.

 

• Vá a este Link,e baixe: < Malwarebytes >

• Atualize o programa!

• Escolha o escaneamento Rápido!

• Desabilite programas de proteção,ao executar o malwarebytes.

• Procure enviar os ítens detectados para a quarentena,clicando em Remover itens.

• Para maiores detalhes: < Link >

-----------------------

• Poste, o relatório: mbam-log-2008-xx-xx (00-00-00).txt.

 

2.

 

• Baixe: < Kaspersky Virus Removal Tool >

• Salve-o em Arquivos de Programas,e instale-o aí mesmo!

• Reinicie o computador,em Modo de Segurança! <-- Importante!

• Dê início ao exame,clicando em "Scan".

• A verificação é um pouco demorada. Aguarde!

• Caso seja encontrada infecções,clique em "disinfect".

• Terminando,clique na aba Events.

• Desmarque a caixa de seleção "Show all events".

• Clique em "Save to file".

• Nomeie-o e salve-o no desktop! <-- Relatório para postagem!

• Poste-o junto com o log do Malwarebytes e hijackthis.

[shimabuco 0]

os 3 logs

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:44:31 AM, on 5/9/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\HP\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\Danilo\Program Files\DNA\btdna.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Toolbar\wltuser.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\System32\notepad.exe

C:\Users\Danilo\Desktop\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\Danilo.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Users\Danilo\Program Files\DNA\btdna.exe"

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate1c9ba4ff319c30) (gupdate1c9ba4ff319c30) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11073 bytes

 

 

Scan

----

Scanned: 2132

Detected: 0

Untreated: 0

Start time: 5/9/2009 12:10:30 PM

Duration: 00:00:45

Finish time: 5/9/2009 12:11:15 PM

 

 

Detected

--------

Status Object

------ ------

 

 

Events

------

Time Name Status Reason

---- ---- ------ ------

5/9/2009 12:10:36 PM Running module: smss.exe\smss.exe ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\System32\smss.exe ok scanned

5/9/2009 12:10:36 PM Running module: smss.exe\ntdll.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\ntdll.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\csrss.exe ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\csrss.exe ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\ntdll.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\ntdll.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\CSRSRV.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\CSRSRV.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\basesrv.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\basesrv.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\winsrv.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\winsrv.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\USER32.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\USER32.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\KERNEL32.dll ok scanned

5/9/2009 12:10:36 PM File: C:\Windows\system32\KERNEL32.dll ok scanned

5/9/2009 12:10:36 PM Running module: csrss.exe\GDI32.dll ok scanned

 

 

Statistics

----------

Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted

------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ ---------

 

 

Settings

--------

Parameter Value

--------- -----

Security Level Recommended

Action Prompt for action when the scan is complete

Run mode Manually

File types Scan all files

Scan only new and changed files No

Scan archives All

Scan embedded OLE objects All

Skip if object is larger than No

Skip if scan takes longer than No

Parse email formats No

Scan password-protected archives No

Enable iChecker technology No

Enable iSwift technology No

Show detected threats on "Detected" tab Yes

Rootkits search Yes

Deep rootkits search No

Use heuristic analyzer Yes

 

 

Quarantine

----------

Status Object Size Added

------ ------ ---- -----

 

 

Backup

------

Status Object Size

------ ------ ----

 

 

Malwarebytes' Anti-Malware 1.36

Database version: 2099

Windows 6.0.6001 Service Pack 1

 

5/9/2009 10:59:01 AM

mbam-log-2009-05-09 (10-59-01).txt

 

Scan type: Quick Scan

Objects scanned: 68805

Time elapsed: 2 minute(s), 25 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 3

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

C:\Users\Danilo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program Files\HDQuality (Trojan.DNSChanger) -> Quarantined and deleted successfully.

 

Files Infected:

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDQuality\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

C:\Program Files\HDQuality\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.

[PedroN 1]

Acesse este site: http://www.kaspersky.com/virusscanner

 

Clique em

 

Siga as instruções de configuração do verificador conforme imagem abaixo.

 

 

poste o log do scan aqui mesmo no tópico

[shimabuco 0]

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0 REPORT

Saturday, May 9, 2009

Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)

Kaspersky Online Scanner version: 7.0.26.13

Program database last update: Saturday, May 09, 2009 19:42:08

Records in database: 2151803

--------------------------------------------------------------------------------

 

Scan settings:

Scan using the following database: extended

Scan archives: yes

Scan mail databases: yes

 

Scan area - My Computer:

C:\

D:\

E:\

 

Scan statistics:

Files scanned: 152152

Threat name: 2

Infected objects: 2

Suspicious objects: 0

Duration of the scan: 03:43:37

 

 

File name / Threat name / Threats count

C:\Qoobox\Quarantine\C\Windows\System32\drivers\_gxvxcbouwxtblwwvxbtmxhnsstxxeepqewkyo_.sys.zip Infected: Trojan.Win32.Tdss.abxw 1

C:\Qoobox\Quarantine\C\Windows\System32\gxvxcecgxrpupvyptcnpbermtjpycpsqavucp.dll.vir Infected: Trojan-Clicker.Win32.Small.aea 1

 

The selected area was scanned.

[PedroN 1]

Vá em Iniciar > Excutar digite "combofix /u" sem aspas. Aguarde a desinstalação do combofix.

 

- Recomendo uma manutenção no computador para exclusão dos arquivos temporários, desnecessários e entradas inválidas no registro. Faça o download do CCleaner

 

◘ Clique em Salvar e quando terminado o download, faça a instalação;

◘ Abra o programa e clique em Executar Limpeza;

◘ Após isto, clique em Registro > Procurar erros > Corrigir erros selecionados.

 

• Atualize o Java.

• Versões antigas têm vulnerabilidades que,malwares,podem usar para infectar seu sistema.

<><><><><><><><><><><><><><><>

• Faça download da última versão do Java Runtime Environment (JRE) 6u13.

• Localize: "Java Runtime Environment (JRE) 6 Update 13"

• Clique no botão Download.

• Marque a opção que diz: "Accept License Agreement"

• A página será atualizada!

• Clique no link,para download do Windows Offline Installation --> Salve-o no desktop!

• Feche o IE ou Firefox + Programas que estejam sendo executados.

• Vá em Iniciar --> Painel de Controle.

• Em Adicionar ou Remover Programas;remova todas as antigas versões do Java.

<><><><><><><><><><><><><><><>

• Exemplos de antigas versões:

 

< > Java 2 Runtime Environment, SE v1.4.2

< > J2SE Runtime Environment 5.0

< > J2SE Runtime Environment 5.0 Update 6

 

• Selecione qualquer item com nome: Java Runtime Environment (JRE ou J2SE)

• Clique no botão Remover ou Alterar/Remover.

• Repita quantas vezes for necessária,para remover cada versão do Java.

• Concluindo,reinicie o computador!

• Instale a nova versão,com um duplo clique em jre-6u13-windows-i586-p.exe.

<><><><><><><><><><><><><><><>

• Estando tudo Ok,crie um ponto limpo na Restauração do Sistema.

• Clique com o direito do mouse,em cima de Meu Computador --> Propriedades --> Restauração do Sistema.

• Marque: Desativar Restauração do Sistema --> Aplicar --> Aguarde! --> Ok.

• Depois,desmarque novamente! --> Aplicar --> Aguarde! --> Ok.

• Para maiores detalhes,leia o Tutorial: < Link >

<><><><><><><><><><><><><><><>

• O log está limpo! :thumbsup:

• Tudo Ok?

[shimabuco 0]

Problema resolvido!

 

obrigado pela ajuda!

[PedroN 1]

PROBLEMA RESOLVIDO!

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.