[Resolvido!] Internet Explorer abrindo Pop-up sozinho

giovannirv · Julho 26, 2010

O IE está abrindo sozinho e mostrando Pop-ups indesejaveis.

Segue log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:39:40, on 26/07/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe

C:\Fraps\fraps.exe

D:\Steam\Steam.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Gio´vanni R.V\AppData\Local\TempImages\sl1000.exe

C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe

C:\Program Files (x86)\Nonoh.net\Nonoh\nonoh.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Last.fm\LastFM.exe

C:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4b48-b0d2-41fde8d1391d

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.forumswatcher.com/search.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Gio´vanni R.V\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll

O2 - BHO: eSnipBHO - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [soundTray] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe"

O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [Rapget] C:\Users\Gio´vanni R.V\Documents\GIOVANNI\Programas\Rap Get\Rap Get\rapget.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [LiveZilla] "D:\LiveZilla\LiveZilla.exe" -minimize

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [eSnips_Downloader] "C:\Program Files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup

O4 - HKCU\..\Run: [steam] "d:\steam\steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gio´vanni R.V\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [sl1000] C:\Users\GIOVAN~1.V\AppData\Local\TempImages\sl1000.exe

O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize

O4 - HKCU\..\Run: [Nonoh] "C:\Program Files (x86)\Nonoh.net\Nonoh\nonoh.exe" -nosplash -minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIÇO DE REDE')

O4 - Startup: CurseClientStartup.ccip

O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Startup: Sumário do OneNote.onetoc2

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Orbit.lnk = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Gio´vanni R.V\AppData\Roaming\FlashGetBHO\GetAllUrl.htm

O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Gio´vanni R.V\AppData\Roaming\FlashGetBHO\GetUrl.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe (file missing)

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\PartyGaming\PartyPoker\RunApp.exe (file missing)

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip\..\{355E5AA5-9B9D-44AE-938B-618D368490A2}: NameServer = 192.168.220.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{355E5AA5-9B9D-44AE-938B-618D368490A2}: NameServer = 192.168.220.1

O17 - HKLM\System\CS4\Services\Tcpip\..\{355E5AA5-9B9D-44AE-938B-618D368490A2}: NameServer = 192.168.220.1

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O22 - SharedTaskScheduler: scpLIB - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Scopus Tecnologia Ltda - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--

End of file - 14482 bytes

Power Max · Julho 27, 2010

:) Olá giovannirv!

:seta: Sugiro que você salve ou imprima essas instruções abaixo, pois em alguns momentos você poderá precisar usar o computador sem o acesso à internet:

Faça o download do ComboFix

Salve-o no Desktop (área de trabalho).

* Desabilite as proteções residente de: antivírus, antispywares e firewall ( menos o do Windows! )

* Feche todas as janelas e execute a ferramenta.

* Ps: A execução, por comando, também é possível:

* Vá em Iniciar --> Executar --> Digite ou cole:

"%userprofile%\desktop\Combofix.exe" /killall

* Clique em Ok.

* Na solicitação: "Negação de garantia de software" --> Clique em Sim.

* Não possuindo o "'>http://support.microsoft.com/kb/307654/pt-br"]Console de Recuperação",aceite optar pela instalação do mesmo.

* Terminando,clique Sim ou Yes. --> Aguarde.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

:!: Caso aconteça a notificação de: Aplicativo Win32 inválido ou alguma mensagem parecida com esta, delete a ferramenta ComboFix.exe e faça, novamente, seu download.

* Salve-a no Desktop,renomeada como: Kombo.exe

* Ps: Nomeie durante o salvamento,e não após salvá-la!

* Ps: Surgindo alguma mensagem de erro, rode o ComboFix.exe em "'>http://dicasetutoriaisparapc.blogspot.com/2009/11/ferramentas-para-reparar-o-modo-seguro.html"]Modo Seguro". <-- Link!

* Ps: Na presença de atividades rootkit,teremos a seguinte janela de notificação:

* Ps: Anote essas detecções, e dê o OK. Neste caso poste estas detecções que você terá anotado em sua próxima resposta juntamente com os logs pedidos.

* Ps: Para completar as remoções, talvez haja necessidade da ferramenta reiniciar o computador. <-- Aguarde!

* Ps: Para evitar problemas, siga todas as recomendações propostas.

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

* Abrir-se-á a janela Auto Scan. --> Aguarde!

* Para finalizar remoções, o ComboFix poderá reiniciar o computador.

* Se houver necessidade, digite a opção ( 1 ) --> Aperte Enter! --> Aguarde a conclusão!

* Durante o scan, evite manusear o mouse ou teclado! <-- Importante!

* Caso, por algum motivo de força maior, precise parar ou sair do ComboFix,tecle "N" ou "2" --> Aperte Enter.

<><><><><><><><><><><><>

O log do Combofix estará em C:\ComboFix.txt

___________________________________

:seta: Siga também as dicas destes tutoriais:

Tutorial do Lop S&D

Tutorial do Malwarebytes Anti-Malware

Tutorial do Norman Malware Cleaner

Tutorial do antivirus Nod32 Online

__________________________________

:seta: Faça o download desta ferramenta abaixo:

http://lop.com/new_uninstall.exe

Obs: Note que este desinstalador é detectado como trojan por diversos antivírus. Se isso acontecer, desabilite temporariamente o seu antivírus e volte a ativá-lo quando terminar o procedimento. O arquivo é perfeitamente seguro.

Dê um duplo clique neste desinstalador que você baixou acima > Clique em Ok > Clique em Ok novamente > aparecerão alguns números em uma tela, digite estes números no campo em branco e depois disto clique no botão UNINSTALL > clique em Ok > clique em Ok novamente >aí é só ir seguindo os passos que este desinstalador vai te passando.

__________________________________

:seta: Na sua próxima resposta poste o log do Nod32 Online que estará em C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt, juntamente com um novo log do Hijackthis, o log do Malwawebytes, o log do Normam Malware Cleaner, o log que estará em C:\ComboFix.txt e o log que estará em C:\LopR.txt e nos diga, por gentileza, como está o seu PC após seguir estes procedimentos.

Ficamos no aguardo de sua resposta.

giovannirv · Julho 27, 2010

O Combofix não funciona aqui.

Meu PC tem Windows Vista x64 SP2

Power Max · Julho 28, 2010

O Combofix não funciona aqui.

Meu PC tem Windows Vista x64 SP2

Sim, então use os outros programas que te indiquei e poste os logs deles juntamente com um novo log do Hijackthis e nos diga como está seu PC depois disto.

Ficamos na espera.

giovannirv · Julho 28, 2010

LOG do Lop S&D:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6002 ) Service Pack 2

x64-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : BIOS Date: 12/10/07 17:10:32 Ver: 08.00.12

USER : Gio´vanni R.V ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 091204-0] 4.8.1368 (Activated)

C:\ (Local Disk) - NTFS - Total:79 Go (Free:5 Go)

D:\ (Local Disk) - NTFS - Total:218 Go (Free:1 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 28/07/2010|10:51 )

[ UAC => 0 ]

--------------------\\ Lista de pastas em Local

[26/10/2009|16:33] C:\Users\GIOVAN~1.V\AppData\Local\Activision

[12/07/2010|23:22] C:\Users\GIOVAN~1.V\AppData\Local\Adobe

[18/10/2009|18:13] C:\Users\GIOVAN~1.V\AppData\Local\Ahead

[12/06/2010|10:19] C:\Users\GIOVAN~1.V\AppData\Local\Amazon

[19/11/2009|22:09] C:\Users\GIOVAN~1.V\AppData\Local\Apple

[24/06/2010|22:16] C:\Users\GIOVAN~1.V\AppData\Local\Apple Computer

[16/05/2010|10:56] C:\Users\GIOVAN~1.V\AppData\Local\Apps

[11/06/2010|14:44] C:\Users\GIOVAN~1.V\AppData\Local\Ares

[01/12/2009|14:38] C:\Users\GIOVAN~1.V\AppData\Local\Blizzard Entertainment

[11/07/2010|22:15] C:\Users\GIOVAN~1.V\AppData\Local\CAPCOM

[06/07/2010|23:20] C:\Users\GIOVAN~1.V\AppData\Local\CutePDF Writer

[09/07/2010|13:01] C:\Users\GIOVAN~1.V\AppData\Local\d3d8caps.dat

[26/07/2010|09:37] C:\Users\GIOVAN~1.V\AppData\Local\d3d9caps.dat

[22/07/2010|05:02] C:\Users\GIOVAN~1.V\AppData\Local\d3d9caps64.dat

[18/10/2009|10:31] C:\Users\GIOVAN~1.V\AppData\Local\Dados de aplicativos

[10/07/2010|23:29] C:\Users\GIOVAN~1.V\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_depcheck_NETFX_EXP_35.txt

[05/12/2009|20:29] C:\Users\GIOVAN~1.V\AppData\Local\dd_dotnetfx35error.txt

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_dotnetfx35error_lp.txt

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_dotnetfx35install.txt

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_dotnetfx35install_lp.txt

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_NET_Framework35_LangPack_MSI7A8C.txt

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\dd_NET_Framework35_x64_MSI798E.txt

[19/10/2009|19:26] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI0391.txt

[04/04/2010|11:46] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI1B90.txt

[19/10/2009|20:00] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI1D90.txt

[21/04/2010|21:56] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI1E6B.txt

[21/04/2010|21:56] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI1ED7.txt

[19/06/2010|16:43] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI30E9.txt

[19/06/2010|11:13] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI34F6.txt

[03/07/2010|18:16] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI3E4F.txt

[03/04/2010|14:53] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI5CE6.txt

[20/10/2009|17:18] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI6FE6.txt

[03/04/2010|15:22] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI7346.txt

[18/10/2009|12:33] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI7928.txt

[18/10/2009|12:33] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI79C1.txt

[18/10/2009|12:39] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistMSI7E4C.txt

[19/10/2009|19:26] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI0391.txt

[04/04/2010|11:46] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI1B90.txt

[19/10/2009|20:00] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI1D90.txt

[21/04/2010|21:56] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI1E6B.txt

[21/04/2010|21:56] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI1ED7.txt

[19/06/2010|16:43] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI30E9.txt

[19/06/2010|11:15] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI34F6.txt

[03/07/2010|18:16] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI3E4F.txt

[03/04/2010|14:53] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI5CE6.txt

[20/10/2009|17:18] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI6FE6.txt

[03/04/2010|15:22] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI7346.txt

[18/10/2009|12:33] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI7928.txt

[18/10/2009|12:33] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI79C1.txt

[18/10/2009|12:39] C:\Users\GIOVAN~1.V\AppData\Local\dd_vcredistUI7E4C.txt

[16/07/2010|17:30] C:\Users\GIOVAN~1.V\AppData\Local\Deployment

[13/07/2010|07:22] C:\Users\GIOVAN~1.V\AppData\Local\GDIPFONTCACHEV1.DAT

[19/04/2010|21:41] C:\Users\GIOVAN~1.V\AppData\Local\Google

[18/10/2009|10:31] C:\Users\GIOVAN~1.V\AppData\Local\Hist¢rico

[28/07/2010|07:41] C:\Users\GIOVAN~1.V\AppData\Local\IconCache.db

[21/11/2009|11:45] C:\Users\GIOVAN~1.V\AppData\Local\Last.fm

[09/02/2010|22:48] C:\Users\GIOVAN~1.V\AppData\Local\MagicSoftware

[27/07/2010|15:10] C:\Users\GIOVAN~1.V\AppData\Local\Microsoft

[18/10/2009|12:52] C:\Users\GIOVAN~1.V\AppData\Local\Microsoft Help

[18/10/2009|12:28] C:\Users\GIOVAN~1.V\AppData\Local\Mozilla

[07/07/2010|13:07] C:\Users\GIOVAN~1.V\AppData\Local\PunkBuster

[16/05/2010|18:06] C:\Users\GIOVAN~1.V\AppData\Local\PUTTY.RND

[23/01/2010|04:41] C:\Users\GIOVAN~1.V\AppData\Local\TechSmith

[28/07/2010|10:50] C:\Users\GIOVAN~1.V\AppData\Local\Temp

[11/03/2010|17:24] C:\Users\GIOVAN~1.V\AppData\Local\TempImages

[18/10/2009|10:31] C:\Users\GIOVAN~1.V\AppData\Local\Temporary Internet Files

[07/04/2010|21:15] C:\Users\GIOVAN~1.V\AppData\Local\Thinstall

[07/01/2010|11:14] C:\Users\GIOVAN~1.V\AppData\Local\Thunderbird

[01/11/2009|07:18] C:\Users\GIOVAN~1.V\AppData\Local\Unity

[11/12/2009|21:02] C:\Users\GIOVAN~1.V\AppData\Local\uxeventlog.txt

[18/10/2009|10:32] C:\Users\GIOVAN~1.V\AppData\Local\VirtualStore

[19/10/2009|21:24] C:\Users\GIOVAN~1.V\AppData\Local\World in Conflict

[15/11/2009|11:39] C:\Users\GIOVAN~1.V\AppData\Local\Yahoo

--------------------\\ Tarefas Agendadas na pasta C:\Windows\Tasks

[28/07/2010 07:32][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[28/07/2010 10:43][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[28/07/2010 06:58][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-609892749-2426849185-3022172490-1000UA.job

[24/07/2010 22:58][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-609892749-2426849185-3022172490-1000Core.job

[28/07/2010 10:43][--a------] C:\Windows\tasks\RtlVistaStart.job

[28/07/2010 10:43][--ah-----] C:\Windows\tasks\SA.DAT

[28/07/2010 07:41][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Lista de pastas em C:\ProgramData

[26/04/2010|21:54] C:\ProgramData\.zreglib

[22/11/2009|09:52] C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}

[24/06/2010|18:42] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

[12/07/2010|22:37] C:\ProgramData\4C015B2BA4.sys

[12/07/2010|23:21] C:\ProgramData\Adobe

[27/07/2010|15:10] C:\ProgramData\AppData

[24/11/2009|12:48] C:\ProgramData\Apple

[19/11/2009|22:10] C:\ProgramData\Apple Computer

[02/11/2006|12:41] C:\ProgramData\Application Data

[14/12/2009|00:01] C:\ProgramData\BioWare

[05/12/2009|13:26] C:\ProgramData\Blizzard

[18/06/2010|15:49] C:\ProgramData\Codemasters

[13/07/2010|07:10] C:\ProgramData\Corel

[18/10/2009|12:30] C:\ProgramData\CyberLink

[18/10/2009|10:30] C:\ProgramData\Dados de aplicativos

[10/02/2010|19:11] C:\ProgramData\DAEMON Tools Lite

[02/11/2006|12:41] C:\ProgramData\Desktop

[18/10/2009|10:30] C:\ProgramData\Documentos

[02/11/2006|12:41] C:\ProgramData\Documents

[06/03/2010|11:05] C:\ProgramData\EA Core

[06/03/2010|11:03] C:\ProgramData\Electronic Arts

[02/06/2010|14:17] C:\ProgramData\eMule

[02/11/2006|12:41] C:\ProgramData\Favorites

[18/10/2009|10:30] C:\ProgramData\Favoritos

[07/01/2010|09:30] C:\ProgramData\FLEXnet

[25/11/2009|07:45] C:\ProgramData\GbPlugin

[31/01/2010|11:05] C:\ProgramData\Google

[07/01/2010|14:47] C:\ProgramData\HP

[08/01/2010|09:07] C:\ProgramData\HPSSUPPLY

[01/07/2010|06:26] C:\ProgramData\hpzinstall.log

[21/10/2009|05:53] C:\ProgramData\Installations

[18/03/2010|19:40] C:\ProgramData\InstallShield

[12/07/2010|22:37] C:\ProgramData\KGyGaAvL.sys

[16/11/2009|13:36] C:\ProgramData\Last.fm

[23/03/2010|12:37] C:\ProgramData\Media Center Programs

[18/10/2009|10:30] C:\ProgramData\Menu Iniciar

[26/01/2010|08:15] C:\ProgramData\Messenger Plus!

[13/07/2010|07:14] C:\ProgramData\Microsoft

[26/07/2010|09:50] C:\ProgramData\Microsoft Help

[18/10/2009|10:30] C:\ProgramData\Modelos

[28/07/2010|10:43] C:\ProgramData\NVIDIA

[28/07/2010|10:43] C:\ProgramData\nvModes.001

[28/07/2010|10:43] C:\ProgramData\nvModes.dat

[21/10/2009|05:57] C:\ProgramData\PC Suite

[29/06/2010|08:18] C:\ProgramData\PopCap Games

[13/07/2010|07:25] C:\ProgramData\Protexis

[18/03/2010|14:27] C:\ProgramData\Real

[06/07/2010|14:22] C:\ProgramData\SecuROM

[02/06/2010|14:23] C:\ProgramData\Skype

[18/10/2009|12:03] C:\ProgramData\SonicFocus

[04/01/2010|18:39] C:\ProgramData\Spybot - Search & Destroy

[02/11/2006|12:41] C:\ProgramData\Start Menu

[29/06/2010|08:18] C:\ProgramData\Steam

[26/06/2010|15:57] C:\ProgramData\Sun

[07/07/2010|12:16] C:\ProgramData\TechSmith

[28/07/2010|10:43] C:\ProgramData\TEMP

[02/11/2006|12:41] C:\ProgramData\Templates

[10/11/2009|10:24] C:\ProgramData\Ubisoft

[07/01/2010|10:39] C:\ProgramData\WEBREG

[15/05/2010|16:26] C:\ProgramData\WLInstaller

[07/07/2010|13:48] C:\ProgramData\Xfire

LOG do Malwarebytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4363

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

28/07/2010 12:53:27

mbam-log-2010-07-28 (12-53-27).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 472346

Tempo decorrido: 1 hora(s), 25 minuto(s), 7 segundo(s)

Processos de Memória Infectados: 1

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 3

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 1

Pastas Infectadas: 2

Arquivos Infectados: 7

Processos de Memória Infectados:

C:\Users\Gio´vanni R.V\AppData\Local\TempImages\sl1000.exe (Trojan.Agent) -> No action taken.

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DRM\amty (Worm.Autorun) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Valores de Registro Infectados:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sl1000 (Trojan.Agent) -> No action taken.

Itens de Dados no Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe csrcs.exe) Good: (Explorer.exe) -> No action taken.

Pastas Infectadas:

C:\Windows\System32\SYSTEM32 (Trojan.Agent) -> No action taken.

C:\Windows\System32\SYSTEM32\DRIVERS (Trojan.Agent) -> No action taken.

Arquivos Infectados:

C:\Users\Gio´vanni R.V\AppData\Local\TempImages\sl1000.exe (Trojan.Agent) -> No action taken.

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\Alcohol 120%\crack\Alcohol.exe (Trojan.Agent) -> No action taken.

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\Corel Draw Graphics Suite X4\npcgs414\Coreldraw.Graphics.Suite.X4.14.0.0.567-NoPE\crack\coreldraw.graphics.suite.x4.14.0.0.567-nope.exe (Trojan.Downloader) -> No action taken.

C:\Users\Gio´vanni R.V\Downloads\Camtasia Studio 6.0.0 Build 689 [ iron Doom ]\keygen.exe (Backdoor.RBot) -> No action taken.

D:\Office 2007\Serial\msoe2007kg.exe (RiskWare.Tool.CK) -> No action taken.

C:\Windows\System32\SYSTEM32\DRIVERS\rtl8187.sys (Trojan.Agent) -> No action taken.

C:\Windows\System32\SYSTEM32\DRIVERS\RtlProt.sys (Trojan.Agent) -> No action taken.

Log do Norman Malware não apareceu aqui, mas pegou 7 malwares e consertou

O do NOD 32 eu não fiz ainda. Vou ver se já consertou o problema

Power Max · Julho 28, 2010

C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [1] ( 28/07/2010|10:51 )

No seu log do Lop S&D está constando que você fez só a opção de procura (1). Abra ele novamente e tecle 2 para usar a opção Remoção + Hosts e pressione a tecla Enter, como mostra esta imagem:

______________________________

C:\Users\Gio´vanni R.V\AppData\Local\TempImages\sl1000.exe (Trojan.Agent) -> No action taken.

:seta: No seu log do Malwarebytes também está constando que ele encontrou vários problemas mas você ainda não removeu, veja que consta a indicação No action taken na frente das ameaças, isto é: nenhuma ação foi tomada.

Faça uma nova verificação completa com o Malwarebytes e remova todos os problemas que ele encontrar.

_______________________________

O do NOD 32 eu não fiz ainda

Faça ele também por gentileza e depois disto poste um novo log do Hijackthis, o log do Nod32, o novo log do Loop S&D, e o novo log do Malwarebytes e nos diga como está seu PC depois disto.

giovannirv · Agosto 2, 2010

Malwarebytes:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versão da Base de Dados: 4363

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

02/08/2010 13:13:35

mbam-log-2010-08-02 (13-13-35).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Objetos escaneados: 473582

Tempo decorrido: 1 hora(s), 20 minuto(s), 38 segundo(s)

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 0

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 0

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

Valores de Registro Infectados:

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

Arquivos Infectados:

(Não foram detectados ítens maliciosos)

LOP S&D:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Ultimate ( v6.0.6002 ) Service Pack 2

x64-based PC ( Multiprocessor Free : Intel® Core2 Quad CPU Q6600 @ 2.40GHz )

BIOS : BIOS Date: 12/10/07 17:10:32 Ver: 08.00.12

USER : Gio´vanni R.V ( Administrator )

BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1368 [VPS 091204-0] 4.8.1368 (Activated)

C:\ (Local Disk) - NTFS - Total:79 Go (Free:4 Go)

D:\ (Local Disk) - NTFS - Total:218 Go (Free:0 Go)

E:\ (CD or DVD)

F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )

Option : [2] ( 02/08/2010|13:17 )

[ UAC => 0 ]

LOG NOD32:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.16386 (vista_rtm.061101-2205)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=77cdacddebedc845a7e9605f629ae345

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-08-02 08:38:43

# local_time=2010-08-02 05:38:43 (-0300, Hora oficial do Brasil)

# country="Brazil"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=769 16775165 100 98 0 216144993 0 0

# compatibility_mode=5892 16776573 100 56 230992 117366239 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=337609

# found=9

# cleaned=9

# scan_time=14083

C:\LRMCXFRE_BR_DVD.ISO probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\AppData\Local\Temp\Update_3d49.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\AppData\Local\Temp\Update_9680.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\Frost Wire.exe a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\KeyBored2.0.zip probably a variant of Win32/KillFiles trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\Corel Draw Graphics Suite X4\npcgs414.rar a variant of Win32/HackTool.Patcher.A application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\Documents\- GIOVANNI\Programas\Nero 7.8.5.0\Nero-7.8.5.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Gio´vanni R.V\Downloads\MsgPlusLive-483.exe a variant of Win32/Adware.CiDHelp application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\autorun.inf INF/Autorun.gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:29:16, on 02/08/2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v7.00 (7.00.6002.18005)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\ASUS WiFi-AP Solo\RtWLan.exe

C:\Fraps\fraps.exe

D:\Steam\Steam.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\FlashGet Network\FlashGet 3\Flashget3.exe

C:\Program Files (x86)\Nonoh.net\Nonoh\nonoh.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe

C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Last.fm\LastFM.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\conime.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe