[Arquivado] &nbspvirus de email

REDENTOR · Dezembro 16, 2010

Oi pessoal! É sempre bom contar com vocês!

Estou com esse problema há mais de 6 meses, já passei diversos antivirus, antimalware e continua...

Segue o log do hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 02:44:55, on 16/12/2010

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16700)

Boot mode: Normal

Running processes:

C:\windows\system32\taskhost.exe

C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\BatteryCare\BatteryCare.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\taskhost.exe

C:\Program Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Presented by TOSHIBA Leading Innovation >>>

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

O4 - HKLM\..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

O4 - HKLM\..\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

O4 - HKLM\..\Run: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

O4 - HKLM\..\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

O4 - HKLM\..\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe

O4 - HKLM\..\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM\..\Run: [igfxTray] C:\windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"

O4 - HKCU\..\Run: [batteryCare] "C:\Program Files\BatteryCare\BatteryCare.exe"

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\windows\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O15 - Trusted Zone: http://www.bancoreal.com.br

O15 - Trusted Zone: http://www.santander.com.br

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://imagem.caixa.gov.br/cab/gbpdist.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} (GbPluginObj Class) - https://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\PROGRA~1\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Dispositivo Celular da Apple (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Gerenciador do Google Desktop 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Livescribe Smartpen Service (PenCommService) - Livescribe - C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\windows\system32\ThpSrv.exe

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: BitDefender Desktop Update Service (Updatesrv) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe

--

End of file - 11701 bytes

Felipe_88 · Dezembro 16, 2010

Olá, REDENTOR!

Possívelmente é Phishing.

Lê o seguinte tópico:

http://www.guiadohardware.net/comunidade/showthread.php?t=949122&highlight=phishing

Todavia vamos dar uma analisada:

*Baixe o ComboFix e salve-o no desktop

* Desative seu antivírus temporariamente:

*Execute o Combofix e aceite o contrato

*Se o console de recuperação do Windows já estiver instalado, o ComboFix continuará o processo automaticamente. Caso contrário, clique em [sIM] para a sua instalação.

*Clique em [sIM] para continuar.

*Aguarde a conclusão de todas as etapas

*Enquanto o ComboFix estiver em execução, evite usar o mouse e o teclado!!..... Para interromper o procedimento tecle N ou 2 e depois ENTER.

*O programa será fechado automaticamente e um relatório (C:\combofix.txt) será apresentado. Cole-o na próxima resposta.

No Aguardo.

REDENTOR · Dezembro 18, 2010

Olá!

Felipe, não tenho certeza se parte dessa maquina, mas suponho que sim, pois geralmente não faço uso de varios computadores, somente dos meus. Uso outros só em casos de extrema necessidade. Esse é o computador que uso 90% do tempo.

Bem, segue o log do hijackthis atualizado e do combofix. Depois de ter reiniciado, o combofix disse que nao conseguia não sei o que (nao sei muito bem ingles), e tb se eu desejava continuar "restoring" aqueles arquivos? Eu nao sabia o que fazer, respondi sim, em seguida foi informado de que nao tinha sido possivel aquela ação.

Log combofix:

ComboFix 10-12-16.05 - User 17/12/2010 21:50:49.1.2 - x86

Microsoft Windows 7 Starter 6.1.7600.0.1252.1.1046.18.1014.345 [GMT -3:00]

Running from: c:\users\User\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 4 bytes in 2 streams.

ADS - drivers: deleted 308 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\windows\system32\drivers\ntfs.sys . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2010-11-18 to 2010-12-18 )))))))))))))))))))))))))))))))

.

2010-12-18 01:10 . 2010-12-18 01:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-12-16 05:25 . 2010-12-16 05:25 388608 ----a-w- c:\program files\HiJackThis.exe

2010-12-16 01:21 . 2010-12-16 01:21 2048 ----a-w- c:\windows\system32\tzres.dll

2010-12-16 01:16 . 2010-12-16 01:16 101760 ----a-w- c:\windows\system32\consent.exe

2010-12-16 01:16 . 2010-12-16 01:16 2327552 ----a-w- c:\windows\system32\win32k.sys

2010-12-16 01:16 . 2010-12-16 01:16 516096 ----a-w- c:\program files\Windows Mail\wab.exe

2010-12-16 01:16 . 2010-12-16 01:16 314368 ----a-w- c:\windows\system32\webio.dll

2010-12-16 01:15 . 2010-12-16 01:15 749056 ----a-w- c:\windows\system32\schedsvc.dll

2010-12-16 01:15 . 2010-12-16 01:15 496128 ----a-w- c:\windows\system32\taskschd.dll

2010-12-16 01:15 . 2010-12-16 01:15 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll

2010-12-16 01:15 . 2010-12-16 01:15 305152 ----a-w- c:\windows\system32\taskcomp.dll

2010-12-16 01:15 . 2010-12-16 01:15 192000 ----a-w- c:\windows\system32\taskeng.exe

2010-12-16 01:15 . 2010-12-16 01:15 179712 ----a-w- c:\windows\system32\schtasks.exe

2010-12-07 03:45 . 2009-10-22 15:54 37392 ----a-w- c:\windows\system32\drivers\48664682.sys

2010-12-07 03:45 . 2009-10-10 01:31 311312 ----a-w- c:\windows\system32\drivers\4866468.sys

2010-12-07 03:45 . 2009-09-25 19:59 128016 ----a-w- c:\windows\system32\drivers\48664681.sys

2010-12-06 07:22 . 2010-12-06 07:22 -------- d-----w- c:\users\User\AppData\Roaming\BitDefender

2010-12-06 07:22 . 2010-12-06 07:22 -------- d-----w- c:\program files\BitDefender

2010-12-06 06:49 . 2010-12-06 06:49 -------- d-----w- c:\users\User\AppData\Roaming\QuickScan

2010-12-06 06:47 . 2010-12-06 07:23 -------- d-----w- c:\programdata\BitDefender

2010-12-06 06:47 . 2010-12-06 07:22 -------- d-----w- c:\program files\Common Files\BitDefender

2010-12-06 06:47 . 2010-07-28 13:43 253072 ----a-w- c:\windows\system32\drivers\Trufos.sys

2010-12-06 06:47 . 2010-07-09 18:08 327368 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2010-12-06 06:47 . 2010-12-06 07:29 60964 ----a-w- c:\programdata\bdinstall.bin

2010-12-06 05:54 . 2008-08-26 13:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys

2010-12-06 05:53 . 2010-12-06 05:53 -------- d-----w- c:\program files\PC Connectivity Solution

2010-12-06 05:52 . 2010-12-06 05:52 -------- d-----w- c:\program files\Common Files\Nokia

2010-11-30 08:22 . 2010-11-30 08:22 -------- d-----w- C:\CloneDVDTemp

2010-11-30 08:19 . 2010-11-30 08:19 -------- d-----w- c:\programdata\SlySoft

2010-11-30 08:15 . 2010-11-30 08:15 -------- d-----w- c:\program files\SlySoft

2010-11-30 08:10 . 2010-11-30 08:10 -------- d-----w- c:\program files\Elaborate Bytes

2010-11-30 06:56 . 2010-11-30 07:17 -------- d-----w- C:\DELICATESSEN

2010-11-23 21:44 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2010-11-23 09:45 . 2010-11-23 09:45 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys

2010-11-22 16:16 . 2010-11-22 16:16 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll

2010-11-21 09:28 . 2010-11-21 09:28 -------- d-----w- c:\users\User\AppData\Local\Livescribe

2010-11-21 09:28 . 2010-11-21 09:28 -------- d-----w- c:\programdata\Livescribe

2010-11-21 09:23 . 2010-11-21 09:28 -------- d-----w- c:\program files\Common Files\Livescribe

2010-11-21 09:22 . 2010-11-21 09:22 -------- d-----w- c:\program files\Livescribe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-29 20:42 . 2010-07-10 08:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-29 20:42 . 2010-07-10 08:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-03 15:36 . 2009-11-23 01:51 45128 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2010-10-18 18:19 . 2010-10-18 18:19 20480 ----a-w- c:\windows\system32\drivers\PulseUsb.sys

2010-09-23 03:32 . 2010-09-23 03:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

2010-09-21 17:03 . 2010-09-21 17:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2010-12-05 710656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TWebCamera"="%ProgramFiles%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-02 30192]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-07-30 557056]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2010-10-11 71216]

"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2010-12-06 1413312]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2009-8-6 439648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "c:\program files\GbPlugin\gbiehcef.dll" [2010-11-03 335304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2010-08-12 12:28 331304 ----a-w- c:\progra~1\GbPlugin\gbiehAbn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2010-11-03 15:34 335304 ----a-w- c:\program files\GbPlugin\gbiehcef.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk /p \??\C\0autocheck autochk /p \??\C\0autocheck autochk /p \??\C\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 07:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]

2010-11-23 17:37 4697024 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-06-03 23:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2009-08-20 16:25 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2009-04-16 02:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2009-04-16 02:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2009-02-18 00:21 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]

2009-05-20 01:16 222504 ------w- c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]

2009-05-20 01:16 222504 ------w- c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]

2009-05-20 01:16 222504 ------w- c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]

2009-09-25 21:49 210216 ------w- c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe

R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-12-15 23680]

R3 GoogleDesktopManager-051210-111108;Gerenciador do Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-02 30192]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [2010-10-18 20480]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [2008-07-27 14416]

S0 48664682;48664682 Boot Guard Driver;c:\windows\system32\DRIVERS\48664682.sys [2009-10-22 37392]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2010-11-03 45128]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 30272]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 13120]

S1 48664681;48664681;c:\windows\system32\DRIVERS\48664681.sys [2009-09-25 128016]

S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 88144]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-12-15 7936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2010-11-03 58056]

S2 PenCommService;Livescribe Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2010-10-18 457728]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 185712]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]

S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2010-10-11 43424]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-31 171520]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 685424]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 16:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\At1.job