Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Win32.FraudLoad.edt (Resolved)

  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default Win32.FraudLoad.edt (Resolved)

    Windows won't start unless it's Safe Mode. I can make it start in normal mode if I set a SpyBot search at startup and then just hit cancel though.

    There's this Malware I can't remove even if I do a scan at system start-up (says it's being used by memory).

    Thanks in advance.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:25:12, on 20-08-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Avast4\aswUpdSv.exe
    C:\Programas\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programas\Avast4\ashWebSv.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Programas\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} (Siebel High Interactivity Framework) - https://www.bancobest.pt/FINSECHANNE..._HI_Client.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1239662623953
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} (Siebel Calendar) - https://www.bancobest.pt/FINSECHANNE...x_Calendar.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O20 - Winlogon Notify: qoMFuvst - qoMFuvst.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

    --
    End of file - 7499 bytes

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    ----------------------------------------------------------------------------------------



    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )



    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by José at 2009-08-23 13:16:50
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 45 GB (29%) free of 153 GB
    Total RAM: 1023 MB (46% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:17:00, on 23-08-2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programas\Avast4\aswUpdSv.exe
    C:\Programas\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Programas\Windows Defender\MSASCui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\ATKKBService.exe
    C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Programas\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programas\Nero\Nero 7\Core\nero.exe
    C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
    C:\Programas\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\José\Ambiente de trabalho\RSIT.exe
    C:\Programas\Trend Micro\HijackThis\José.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
    O2 - BHO: (no name) - {039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: (no name) - {615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: (no name) - {F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} (Siebel High Interactivity Framework) - https://www.bancobest.pt/FINSECHANNE..._HI_Client.cab
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1239662623953
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} (Siebel Calendar) - https://www.bancobest.pt/FINSECHANNE...x_Calendar.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O20 - Winlogon Notify: qoMFuvst - qoMFuvst.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Avast4\aswUpdSv.exe
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Avast4\ashWebSv.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

    --
    End of file - 7825 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\MP Scheduled Scan.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{039F2D36-A2E5-4BE0-83F9-89E863311017}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{615906F5-7851-41C9-B770-C6084C5C5531}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    Search Helper - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    Windows Live Toolbar Helper - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A4091A-7AF9-4663-A8C0-13DC0B8399C6}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
    "avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-08-17 81000]
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
    "NeroFilterCheck"=C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
    "Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "Windows Defender"=C:\Programas\Windows Defender\MSASCui.exe [2006-11-03 866584]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"=C:\Programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
    C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    C:\WINDOWS\system32\dumprep 0 -k []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /install []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMFuvst]
    qoMFuvst.dll []

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}"= []
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "authentication packages"=msv1_0
    C:\WINDOWS\system32\ljJBtqRK

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programas\Mozilla Firefox\firefox.exe"="C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
    "C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
    "C:\Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
    "C:\Programas\Ficheiros comuns\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programas\Ficheiros comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
    "C:\Programas\Garena\Garena.exe"="C:\Programas\Garena\Garena.exe:*:Enabled:Garena"
    "C:\Programas\uTorrent\uTorrent.exe"="C:\Programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
    "C:\JOGOS\Pro Evolution Soccer 2009\pes2009.exe"="C:\JOGOS\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
    "C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\JOGOS\STREETFIGHTERIV\StreetFighterIV.exe"="C:\JOGOS\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
    "C:\Programas\Sports Interactive\Football Manager 2009\fm.exe"="C:\Programas\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
    "C:\Documents and Settings\All Users\Documentos\3DM_sf4onlinev1\SF4Online.exe"="C:\Documents and Settings\All Users\Documentos\3DM_sf4onlinev1\SF4Online.exe:*:Enabled:SF4Online"
    "C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM_sf4onlinev1\SF4Online.exe"="C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM_sf4onlinev1\SF4Online.exe:*:Enabled:SF4Online"
    "C:\JOGOS\STREETFIGHTERIV\SF4Online.exe"="C:\JOGOS\STREETFIGHTERIV\SF4Online.exe:*:Enabled:SF4Online"
    "C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM-sf4onlinev2\SF4Online.exe"="C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM-sf4onlinev2\SF4Online.exe:*:Enabled:SF4Online"
    "C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe"="C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe"="C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bac4a09-e0ad-11dc-90bb-00138fe3aa50}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
    shell\Open(0)\command - Recycled\ctfmon.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aee9b50-2fda-11dd-91ad-00138fe3aa50}]
    shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


    ======List of files/folders created in the last 1 months======

    2009-08-23 13:16:50 ----D---- C:\rsit
    2009-08-22 03:31:23 ----SHD---- C:\Config.Msi
    2009-08-22 03:29:39 ----D---- C:\Programas\Windows Defender
    2009-08-20 04:18:57 ----A---- C:\WINDOWS\imsins.BAK
    2009-08-20 04:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
    2009-08-20 02:59:30 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
    2009-08-20 02:59:30 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
    2009-08-20 02:59:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
    2009-08-20 02:59:27 ----A---- C:\WINDOWS\system32\xinput1_3.dll
    2009-08-20 02:24:39 ----D---- C:\Programas\Trend Micro
    2009-08-20 02:22:37 ----D---- C:\Programas\ERUNT
    2009-08-19 21:20:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-08-19 21:18:35 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-08-19 20:39:37 ----D---- C:\SpybotSDPortable
    2009-08-19 20:01:06 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-19 13:56:09 ----D---- C:\Programas\Spybot - Search & Destroy
    2009-08-12 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-12 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-12 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-12 03:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
    2009-08-12 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-12 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-12 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-12 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
    2009-08-12 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlivefnt.dll
    2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlive.dll
    2009-08-07 19:51:34 ----A---- C:\WINDOWS\system32\xlive.dll.cat
    2009-07-29 19:29:43 ----D---- C:\WINDOWS\ie8updates
    2009-07-29 19:29:05 ----D---- C:\WINDOWS\WBEM
    2009-07-29 19:28:43 ----HDC---- C:\WINDOWS\ie8
    2009-07-29 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
    2009-07-26 20:54:54 ----D---- C:\Programas\Veetle

    ======List of files/folders modified in the last 1 months======

    2009-08-23 13:15:02 ----D---- C:\Programas\Mozilla Firefox
    2009-08-23 13:13:23 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-23 13:13:21 ----SD---- C:\WINDOWS\Tasks
    2009-08-23 13:10:45 ----D---- C:\WINDOWS\Temp
    2009-08-23 13:10:45 ----D---- C:\WINDOWS\system32
    2009-08-23 13:09:03 ----A---- C:\WINDOWS\wininit.ini
    2009-08-22 15:26:21 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-08-22 12:37:04 ----D---- C:\WINDOWS\Prefetch
    2009-08-22 04:33:47 ----D---- C:\WINDOWS
    2009-08-22 03:31:24 ----SHD---- C:\WINDOWS\Installer
    2009-08-22 03:31:23 ----RD---- C:\Programas
    2009-08-22 03:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2009-08-22 03:29:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-08-22 03:29:39 ----HD---- C:\WINDOWS\inf
    2009-08-22 03:21:57 ----D---- C:\WINDOWS\system32\drivers
    2009-08-22 03:21:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-08-22 03:20:42 ----D---- C:\WINDOWS\WinSxS
    2009-08-21 21:19:40 ----D---- C:\WINDOWS\system32\pt-pt
    2009-08-21 21:19:40 ----D---- C:\Programas\Windows Desktop Search
    2009-08-21 14:58:26 ----D---- C:\WINDOWS\system32\wbem
    2009-08-21 14:47:49 ----D---- C:\Programas\Avast4
    2009-08-20 04:18:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-20 02:59:30 ----D---- C:\WINDOWS\system32\DirectX
    2009-08-20 02:23:21 ----D---- C:\WINDOWS\erdnt
    2009-08-20 00:09:36 ----D---- C:\Programas\Ficheiros comuns\Wise Installation Wizard
    2009-08-19 23:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-08-19 23:11:15 ----D---- C:\Programas\Ficheiros comuns\Adobe
    2009-08-19 23:10:57 ----D---- C:\Programas\Adobe
    2009-08-19 22:49:27 ----SH---- C:\boot.ini
    2009-08-19 22:49:27 ----A---- C:\WINDOWS\win.ini
    2009-08-19 22:49:27 ----A---- C:\WINDOWS\system.ini
    2009-08-19 20:05:46 ----D---- C:\WINDOWS\system32\Restore
    2009-08-19 20:00:47 ----SHD---- C:\WINDOWS\CSC
    2009-08-19 19:30:41 ----SHD---- C:\RECYCLER
    2009-08-19 19:28:20 ----D---- C:\Documents and Settings
    2009-08-19 13:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & DestroyBackup
    2009-08-19 12:57:25 ----D---- C:\WINDOWS\Minidump
    2009-08-19 12:57:25 ----D---- C:\WINDOWS\Debug
    2009-08-19 03:12:56 ----D---- C:\WINDOWS\SHELLNEW
    2009-08-17 17:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
    2009-08-12 03:02:58 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-12 03:02:38 ----D---- C:\Programas\Outlook Express
    2009-08-05 10:00:10 ----A---- C:\WINDOWS\system32\mswebdvd.dll
    2009-08-01 16:16:35 ----D---- C:\Programas\Internet Explorer
    2009-07-30 21:31:04 ----D---- C:\Programas\Microsoft Silverlight
    2009-07-30 01:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-07-29 21:17:07 ----D---- C:\Programas\VSO
    2009-07-29 21:17:04 ----D---- C:\Documents and Settings\José\Application Data\Vso
    2009-07-29 21:17:04 ----A---- C:\Documents and Settings\José\Application Data\inst.exe
    2009-07-29 19:31:31 ----D---- C:\WINDOWS\Help
    2009-07-29 19:29:11 ----D---- C:\WINDOWS\system32\config
    2009-07-29 19:29:01 ----D---- C:\WINDOWS\Media

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
    R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
    R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
    R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
    R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
    R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
    R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
    R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
    R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
    R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
    R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
    R3 HDAudBus;Controlador de Barramento UAA da Microsoft para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
    R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
    R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
    S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
    S3 a5s0agwb;a5s0agwb; C:\WINDOWS\system32\drivers\a5s0agwb.sys []
    S3 apwjwzcg;apwjwzcg; C:\WINDOWS\system32\drivers\apwjwzcg.sys []
    S3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\JOS~1\DEFINI~1\Temp\KHL2.tmp []
    S3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
    S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
    S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
    S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
    S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-29 47360]
    S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
    S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
    S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
    S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;Controlador do filtro de restauro do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programas\Avast4\aswUpdSv.exe [2009-08-17 18752]
    R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
    R2 avast! Antivirus;avast! Antivirus; C:\Programas\Avast4\ashServ.exe [2009-08-17 138680]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [2007-05-15 79400]
    R2 MDM;Machine Debug Manager; C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
    R2 SeaPort;SeaPort; C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
    R2 StarWindServiceAE;StarWind AE Service; C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
    R2 WinDefend;Windows Defender; C:\Programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    R3 avast! Web Scanner;avast! Web Scanner; C:\Programas\Avast4\ashWebSv.exe [2009-08-17 352920]
    R3 NMIndexingService;NMIndexingService; C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
    S2 SysEnforce;SysEnforce; C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE []
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 avast! Mail Scanner;avast! Mail Scanner; C:\Programas\Avast4\ashMaiSv.exe [2009-08-17 254040]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 fsssvc;Segurança Familiar do Windows Live; C:\Programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 NBService;NBService; C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
    S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 ServiceLayer;ServiceLayer; C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
    S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  4. #4
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    info.txt logfile of random's system information tool 1.06 2009-08-23 13:17:01

    ======Uninstall list======

    -->C:\Programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Actualização Crítica para o Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Actualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Actualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Actualização de segurança para Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Actualização de segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Actualização de segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Actualização para o Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
    Actualização para Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
    Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Actualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A91000000001}
    AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
    Apex RM RMVB Converter 7.43-->"C:\Programas\Apex\Apex RM RMVB Converter\unins000.exe"
    Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
    ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
    ASUS nVIDIA Driver-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
    avast! Antivirus-->C:\Programas\Avast4\aswRunDll.exe "C:\Programas\Avast4\Setup\setiface.dll",RunSetup
    CCleaner (remove only)-->"C:\Programas\CCleaner\uninst.exe"
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Defraggler (remove only)-->"C:\Programas\Defraggler\uninst.exe"
    ERUNT 1.1j-->C:\Programas\ERUNT\unins000.exe
    Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Galeria de Fotografias do Windows Live-->MsiExec.exe /X{635B7E55-5566-4BE2-AA7D-F006A78A739B}
    Garena-->C:\Programas\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
    Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
    Heroes of Newerth-->C:\JOGOS\Heroes of Newerth\uninstall.exe
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix para Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
    Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
    Jurinfor IRScalc2008-->"C:\Programas\InstallShield Installation Information\{EA5DA291-59A4-41B5-A2E5-E21030B008FA}\setup.exe" -runfromtemp -l0x0816 -removeonly
    K-Lite Codec Pack 3.9.0 Full-->"C:\Programas\K-Lite Codec Pack\unins000.exe"
    Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1 Portuguese Language Pack-->MsiExec.exe /X{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG-->MsiExec.exe /I{88528F28-E04A-3A93-B3C0-14651148FE82}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG-->MsiExec.exe /I{0800E395-4DD7-3A93-BB96-08596C0D725F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 Language Pack SP1 - PTG-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg\setup.exe
    Microsoft .NET Framework 3.5 Language Pack SP1 - ptg-->MsiExec.exe /I{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
    Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110816-6000-11D3-8CFE-0150048383C9}
    Microsoft OLE DB Provider for Visual FoxPro-->MsiExec.exe /I{CD5DC4AA-7D62-48D9-B756-5925471001FE}
    Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
    Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
    Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
    Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
    Mozilla Firefox (3.5.2)-->C:\Programas\Mozilla Firefox\uninstall\helper.exe
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
    Nero 7 Essentials-->MsiExec.exe /X{1DED92A7-05FA-4736-8AEA-1BE2363F2070}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
    Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
    Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
    Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
    Nokia Software Launcher-->MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
    Nokia Software Updater-->MsiExec.exe /X{8CC51051-9B69-4F70-BBE6-F68DA834C05C}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
    Pacote do Fornecedor de Serviço Criptográfico para Cartão Inteligente Base da Microsoft-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Prince of Persia T2T-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
    Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
    QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x816 -removeonly
    Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Segurança Familiar do Windows Live-->MsiExec.exe /X{C6A0ED5A-A478-4092-8065-22CA5142065C}
    Sistema de Informação do Técnico Oficial de Contas - NP-->"C:\Programas\InstallShield Installation Information\{257C6761-9710-46F6-A1F6-220E83C9BB40}\setup.exe" -runfromtemp -l0x0816 -uninst -removeonly
    Sistema de Informação do Técnico Oficial de Contas-->C:\WINDOWS\IsUn0816.exe -f"C:\Programas\CTOC\Sistema de Informação do Técnico Oficial de Contas\Uninst.isu"
    Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
    Spybot - Search & Destroy-->"C:\Programas\Spybot - Search & Destroy\unins000.exe"
    Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
    TeamSpeak 2 RC2-->C:\Programas\Teamspeak2_RC2\unins000.exe
    Veetle TV 0.9.15-->C:\Programas\Veetle\UninstallVeetleTV.exe
    VIA Platform Device Manager-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{418001D0-F48E-4910-966C-0DCCC996A87A}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Essentials-->C:\Programas\Windows Live\Installer\wlarp.exe
    Windows Live Essentials-->MsiExec.exe /I{44AECAEE-BCE9-4928-A0C7-F1A44706D3CC}
    Windows Live Mail-->MsiExec.exe /I{B7D70C6D-8034-423A-A9CB-F331024A0BFE}
    Windows Live Messenger-->MsiExec.exe /X{BF6CDAFB-F8C3-4DE1-B2E6-25F4EC27CAA2}
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Live Sync-->MsiExec.exe /X{36CCDA14-7935-4D90-8AE7-7440CCA315B8}
    Windows Live Toolbar-->MsiExec.exe /X{1965B596-3CA8-4AED-AF1F-91D48A47F4DE}
    Windows Live Writer-->MsiExec.exe /X{52F1F403-6AD6-4CBA-BFE5-CF283CF839C2}
    Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    WinRAR archiver-->C:\Programas\WinRAR\uninstall.exe
    XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
    Zoom Player (remove only)-->"C:\Programas\Zoom Player\uninstall.exe"

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: avast! antivirus 4.8.1351 [VPS 090822-0]

    ======System event log======

    Computer Name: PC
    Event Code: 7036
    Message: O serviço Serviço COM de gravação de CD de IMAPI entrou no estado execução.

    Record Number: 37824
    Source Name: Service Control Manager
    Time Written: 20090806103921.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 7035
    Message: Foi enviado com êxito para o serviço Serviço COM de gravação de CD de IMAPI um controlo Iniciar.

    Record Number: 37823
    Source Name: Service Control Manager
    Time Written: 20090806103921.000000+060
    Event Type: Informações
    User: NT AUTHORITY\SYSTEM

    Computer Name: PC
    Event Code: 7036
    Message: O serviço avast! Web Scanner entrou no estado execução.

    Record Number: 37822
    Source Name: Service Control Manager
    Time Written: 20090806103921.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 7035
    Message: Foi enviado com êxito para o serviço avast! Web Scanner um controlo Iniciar.

    Record Number: 37821
    Source Name: Service Control Manager
    Time Written: 20090806103921.000000+060
    Event Type: Informações
    User: NT AUTHORITY\SYSTEM

    Computer Name: PC
    Event Code: 7000
    Message: O serviço SysEnforce falhou o arranque devido ao seguinte erro:
    O sistema não conseguiu localizar o caminho especificado.


    Record Number: 37820
    Source Name: Service Control Manager
    Time Written: 20090806103916.000000+060
    Event Type: Erro
    User:

    =====Application event log=====

    Computer Name: PC
    Event Code: 0
    Message: Service started

    Record Number: 5251
    Source Name: SeaPort
    Time Written: 20090624182532.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 4
    Message: The LightScribe Service started successfully.

    Record Number: 5250
    Source Name: LightScribeService
    Time Written: 20090624182528.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 1003
    Message:
    Record Number: 5249
    Source Name: Windows Search Service
    Time Written: 20090624100931.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 102
    Message: Windows (1904) Windows: O motor de base de dados iniciou uma nova ocorrência (0).


    Record Number: 5248
    Source Name: ESENT
    Time Written: 20090624100928.000000+060
    Event Type: Informações
    User:

    Computer Name: PC
    Event Code: 100
    Message: SearchIndexer (1904) O motor de base de dados 5.01.2600.5512 foi iniciado.


    Record Number: 5247
    Source Name: ESENT
    Time Written: 20090624100928.000000+060
    Event Type: Informações
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programas\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
    "PROCESSOR_REVISION"=0605
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
    "QTJAVA"=C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

    -----------------EOF-----------------

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    GMER 1.0.15.15077 [Look.exe] - http://www.gmer.net
    Rootkit scan 2009-08-23 14:39:59
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    Code 86E680E0 ZwEnumerateKey
    Code 86EA7A68 ZwFlushInstructionCache
    Code 86E68116 IofCallDriver
    Code 86E685FE IofCompleteRequest
    Code 86E67145 ZwSaveKey
    Code 87086895 ZwSaveKeyEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 86E6811B
    .text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86E68603
    .text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 86E6714A
    .text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8708689A
    PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 86E680E4
    PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 86EA7A6C
    ? C:\WINDOWS\system32\drivers\sptd.sys O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
    .text USBPORT.SYS!DllUnload F60998AC 5 Bytes JMP 86FE31C8
    ? System32\Drivers\a8bu5rpq.SYS O sistema não conseguiu localizar o caminho especificado. !
    ? System32\Drivers\apsy7wq3.SYS O sistema não conseguiu localizar o caminho especificado. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F75BC06C] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75BC018] sptd.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75DE9AE] sptd.sys
    IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75BC06C] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75A5AD4] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75A5C1A] sptd.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75A5B9C] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75A6748] sptd.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75A661E] sptd.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75BB29A] sptd.sys

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 873D01E8

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\usbuhci \Device\USBPDO-0 86FE21E8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D21E8
    Device \Driver\dmio \Device\DmControl\DmConfig 873D21E8
    Device \Driver\dmio \Device\DmControl\DmPnP 873D21E8
    Device \Driver\dmio \Device\DmControl\DmInfo 873D21E8
    Device \Driver\usbuhci \Device\USBPDO-1 86FE21E8
    Device \Driver\usbuhci \Device\USBPDO-2 86FE21E8
    Device \Driver\PCI_NTPNP6556 \Device\00000046 sptd.sys
    Device \Driver\usbuhci \Device\USBPDO-3 86FE21E8
    Device \Driver\PCI_NTPNP6556 \Device\00000047 sptd.sys
    Device \Driver\usbehci \Device\USBPDO-4 86FB51E8

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Ftdisk \Device\HarddiskVolume1 873621E8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 86D15500
    Device \Driver\NetBT \Device\NetbiosSmb 86D15500

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{826AB9C5-7F92-4C72-BC88-E94CA304B9B0} 86D15500
    Device \Driver\usbuhci \Device\USBFDO-0 86FE21E8
    Device \Driver\usbuhci \Device\USBFDO-1 86FE21E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86D19790
    Device \Driver\usbuhci \Device\USBFDO-2 86FE21E8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86D19790
    Device \Driver\usbuhci \Device\USBFDO-3 86FE21E8
    Device \Driver\usbehci \Device\USBFDO-4 86FB51E8
    Device \Driver\Ftdisk \Device\FtControl 873621E8
    Device \Driver\a8bu5rpq \Device\Scsi\a8bu5rpq1Port4Path0Target0Lun0 86F8E4B0
    Device \Driver\apsy7wq3 \Device\Scsi\apsy7wq31 86EEE388
    Device \Driver\viamraid \Device\Scsi\viamraid1 873D11E8
    Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 873D11E8
    Device \Driver\a8bu5rpq \Device\Scsi\a8bu5rpq1 86F8E4B0
    Device \FileSystem\Cdfs \Cdfs 86CF7790
    ---- Processes - GMER 1.0.15 ----

    Library \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x01090000
    Library \\?\globalroot\systemroot\system32\UACoededwdoyk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x02E90000

    ---- Services - GMER 1.0.15 ----

    Service C:\WINDOWS\system32\drivers\UACyljadtirxu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0xAC 0xED 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal
    Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0x8C 0x3A 0x56 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0xAC 0xED 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal
    Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@start 1
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@type 1
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@group file system
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
    Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\drivers\UACyljadtirxu.sys 54784 bytes executable <-- ROOTKIT !!!
    File C:\WINDOWS\system32\UACcbefvtsoyi.dll 74240 bytes executable
    File C:\WINDOWS\system32\UAChcmnpkwkkc.dll 26624 bytes executable
    File C:\WINDOWS\system32\uacinit.dll 6580 bytes
    File C:\WINDOWS\system32\UACnkayvtnirm.db 1110399 bytes
    File C:\WINDOWS\system32\UACoededwdoyk.dll 30208 bytes executable
    File C:\WINDOWS\system32\UACpiexvkbpxo.dll 19968 bytes executable
    File C:\WINDOWS\system32\UACspqwxokykb.dat 174 bytes
    File C:\WINDOWS\Temp\UACa553.tmp 74240 bytes executable
    File C:\WINDOWS\Temp\UACaf84.tmp 174 bytes
    File C:\WINDOWS\Temp\UACc445.tmp 1110399 bytes
    File C:\WINDOWS\Temp\UACc762.tmp 30208 bytes executable
    File C:\WINDOWS\Temp\UACcb79.tmp 19968 bytes executable

    ---- EOF - GMER 1.0.15 ----

  6. #6
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Information


    Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

    Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

    ----------------------------------------------------------------------------------------
    Step 1


    Download and Run ComboFix (by sUBs)
    Please visit this webpage for instructions for downloading and running ComboFix:

    Bleeping Computer ComboFix Tutorial

    • You must download it to and run it from your Desktop
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply
    • Re-enable all the programs that were disabled during the running of ComboFix..



    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper

    For instructions on how to disable your security programs, please see this topic
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    ----------------------------------------------------------------------------------------
    Step 2

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


    ----------------------------------------------------------------------------------------
    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • Combofix Log
    • MalwareBytes Log
    • How are things running now ?
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  7. #7
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    ComboFix 09-08-22.06 - José 23-08-2009 15:37.2.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1023.598 [GMT 1:00]
    Executando de: c:\documents and settings\José\Ambiente de trabalho\Combo-Fix.exe
    AV: avast! antivirus 4.8.1351 [VPS 090822-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Criado um novo ponto de restauração
    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\BM4fb04567.txt
    c:\windows\BM4fb04567.xml
    c:\windows\cookies.ini
    c:\windows\Installer\37f96.msi
    c:\windows\system32\abiijyvh.ini
    c:\windows\system32\dclwkbkq.ini
    c:\windows\system32\drivers\UACyljadtirxu.sys
    c:\windows\system32\ghftjpyc.ini
    c:\windows\system32\KRqtBJjl.ini
    c:\windows\system32\nfsrivfq.ini
    c:\windows\system32\UACcbefvtsoyi.dll
    c:\windows\system32\UAChcmnpkwkkc.dll
    c:\windows\system32\uacinit.dll
    c:\windows\system32\UACnkayvtnirm.db
    c:\windows\system32\UACoededwdoyk.dll
    c:\windows\system32\UACpiexvkbpxo.dll
    c:\windows\system32\UACspqwxokykb.dat
    c:\windows\system32\xxvepbpv.ini

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_UACd.sys
    -------\Legacy_UACd.sys


    (((((((((((((((( Arquivos/Ficheiros criados de 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))
    .

    2009-08-23 12:16 . 2009-08-23 12:17 -------- d-----w- C:\rsit
    2009-08-22 02:29 . 2009-08-22 02:29 -------- d-----w- c:\programas\Windows Defender
    2009-08-22 02:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-08-20 03:18 . 2008-11-13 14:19 603648 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2009-08-20 03:18 . 2008-11-13 14:19 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
    2009-08-20 01:59 . 2008-03-05 15:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-08-20 01:59 . 2008-02-05 23:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-08-20 01:59 . 2008-03-05 15:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-08-20 01:59 . 2007-04-04 18:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\programas\Trend Micro
    2009-08-20 01:22 . 2009-08-20 01:22 -------- d-----w- c:\programas\ERUNT
    2009-08-19 20:20 . 2009-08-19 23:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2009-08-19 19:39 . 2009-08-19 19:39 -------- d-----w- C:\SpybotSDPortable
    2009-08-19 12:56 . 2009-08-19 23:10 -------- d-----w- c:\programas\Spybot - Search & Destroy
    2009-08-19 11:51 . 2009-08-19 18:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2009-08-18 22:44 . 2009-08-18 22:44 71168 ----a-w- c:\windows\system32\drivers\wwoseqvtadcdbqtx.sys
    2009-08-18 22:33 . 2009-08-18 22:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-08-11 23:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
    2009-08-07 18:51 . 2009-08-07 18:51 15308424 ----a-w- c:\windows\system32\xlive.dll
    2009-08-07 18:51 . 2009-08-07 18:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
    2009-08-05 09:00 . 2009-08-05 09:00 205824 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
    2009-07-29 18:33 . 2009-07-29 18:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2009-07-29 18:29 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-07-29 18:29 . 2009-07-19 17:44 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2009-07-29 18:29 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2009-07-29 18:29 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-07-29 18:29 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2009-07-29 18:29 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-29 18:29 . 2009-07-29 18:29 -------- d-----w- c:\windows\ie8updates
    2009-07-29 18:29 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-07-29 18:28 . 2009-07-29 18:29 -------- dc-h--w- c:\windows\ie8
    2009-07-26 19:54 . 2009-07-26 19:54 -------- d-----w- c:\programas\Veetle

    .
    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-08-22 02:31 . 2008-06-27 23:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
    2009-08-21 20:19 . 2009-04-14 00:05 -------- d-----w- c:\programas\Windows Desktop Search
    2009-08-21 13:58 . 2004-09-21 12:00 84976 ----a-w- c:\windows\system32\perfc016.dat
    2009-08-21 13:58 . 2004-09-21 12:00 491106 ----a-w- c:\windows\system32\perfh016.dat
    2009-08-21 13:47 . 2008-01-24 15:44 -------- d-----w- c:\programas\Avast4
    2009-08-19 23:09 . 2007-12-20 12:42 -------- d-----w- c:\programas\Ficheiros comuns\Wise Installation Wizard
    2009-08-19 22:11 . 2007-12-14 18:52 -------- d-----w- c:\programas\Ficheiros comuns\Adobe
    2009-08-19 12:56 . 2008-01-24 15:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & DestroyBackup
    2009-08-17 16:10 . 2008-10-13 18:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
    2009-08-17 16:06 . 2008-10-13 18:41 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2009-08-17 16:06 . 2008-10-13 18:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2009-08-17 16:05 . 2008-10-13 18:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-08-17 16:05 . 2008-10-13 18:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-08-17 16:04 . 2008-10-13 18:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-08-17 16:04 . 2008-10-13 18:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-08-17 16:03 . 2008-10-13 18:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2009-08-17 16:02 . 2008-10-13 18:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-08-05 09:00 . 2004-09-21 12:00 205824 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-30 20:31 . 2008-07-24 18:57 -------- d-----w- c:\programas\Microsoft Silverlight
    2009-07-29 20:17 . 2008-04-29 19:54 -------- d-----w- c:\programas\VSO
    2009-07-20 14:09 . 2009-04-01 16:08 -------- d-----w- c:\programas\Garena
    2009-07-17 19:03 . 2004-09-21 12:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-14 14:58 . 2009-07-14 14:58 -------- d-----w- c:\programas\Defraggler
    2009-07-13 22:43 . 2004-09-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-11 13:37 . 2008-11-15 20:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sports Interactive
    2009-07-11 13:35 . 2007-11-30 18:57 -------- d--h--w- c:\programas\InstallShield Installation Information
    2009-07-04 12:18 . 2009-05-06 22:07 -------- d-----w- c:\programas\Windows Live Safety Center
    2009-07-03 16:57 . 2004-09-21 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-07-01 12:32 . 2009-07-01 12:32 -------- d-----w- c:\programas\Microsoft Games for Windows - LIVE
    2009-06-16 14:39 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:39 . 2004-09-21 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-15 10:44 . 2004-09-21 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
    2009-06-15 10:44 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\tlntsess.exe
    2009-06-10 14:14 . 2004-09-21 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
    2009-06-10 08:20 . 2007-11-30 15:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
    2009-06-10 06:15 . 2004-09-21 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
    2009-06-03 19:10 . 2004-09-21 12:00 1297920 ----a-w- c:\windows\system32\quartz.dll
    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por defeito não são mostradas.
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
    "avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-08-17 81000]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
    "NeroFilterCheck"="c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Windows Defender"="c:\programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\programas\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "BM4fb04567"=Rundll32.exe "c:\windows\system32\yxmfamru.dll",s

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Programas\\Mozilla Firefox\\firefox.exe"=
    "c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Programas\\Garena\\Garena.exe"=
    "c:\\JOGOS\\Pro Evolution Soccer 2009\\pes2009.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\JOGOS\\STREETFIGHTERIV\\StreetFighterIV.exe"=
    "c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM_sf4onlinev1\\SF4Online.exe"=
    "c:\\JOGOS\\STREETFIGHTERIV\\SF4Online.exe"=
    "c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM-sf4onlinev2\\SF4Online.exe"=
    "c:\\SpybotSDPortable\\App\\SpybotSD\\SpybotSD.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13-10-2008 19:41 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-10-2008 19:41 20560]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13-03-2009 20:17 55152]
    R2 WinDefend;Windows Defender;c:\programas\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
    S3 fsssvc;Segurança Familiar do Windows Live;c:\programas\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
    S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp --> c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"
    .
    - - - - ORFÃOS REMOVIDOS - - - -

    BHO-{039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
    BHO-{615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
    BHO-{F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
    Notify-qoMFuvst - qoMFuvst.dll


    .
    ------- Scan Suplementar -------
    .
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_HI_Client.cab
    DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_Calendar.cab
    FF - ProfilePath - c:\docume~1\JOS~1\APPLIC~1\Mozilla\Firefox\Profiles\9p7bxllp.default\
    FF - prefs.js: browser.search.selectedEngine - IMDb
    FF - plugin: c:\programas\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\programas\Veetle\Player\npvlc.dll
    FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll
    FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
    c:\programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
    c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
    c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
    c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-08-23 15:44
    Windows 5.1.2600 Service Pack 3 NTFS

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso
    arquivos/ficheiros ocultos: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet010\Services\GarenaPEngine]
    "ImagePath"="\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp"
    .
    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'explorer.exe'(3248)
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
    c:\programas\Nokia\Nokia PC Suite 6\PCSCM.dll
    c:\windows\system32\ConnAPI.DLL
    c:\programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr
    c:\programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\programas\Avast4\aswUpdSv.exe
    c:\programas\Avast4\ashServ.exe
    c:\windows\ATKKBService.exe
    c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe
    c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\nvsvc32.exe
    c:\programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\rundll32.exe
    c:\programas\Avast4\ashWebSv.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2009-08-23 15:51 - Máquina reiniciou
    ComboFix-quarantined-files.txt 2009-08-23 14:51
    ComboFix2.txt 2008-06-28 02:57

    Pré-execução: 46.682.705.920 bytes livres
    Pós execução: 46.577.872.896 bytes livres

    WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
    276 --- E O F --- 2009-08-12 02:05

  8. #8
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    Malwarebytes' Anti-Malware 1.40
    Versão do banco de dados: 2682
    Windows 5.1.2600 Service Pack 3

    23-08-2009 16:27:16
    mbam-log-2009-08-23 (16-27-16).txt

    Tipo de Verificação: Completa (C:\|D:\|F:\|)
    Objetos verificados: 155981
    Tempo decorrido: 30 minute(s), 43 second(s)

    Processos da Memória infectados: 0
    Módulos de Memória Infectados: 0
    Chaves do Registo infectadas: 0
    Valores do Registo infectados: 0
    Ítens do Registo infectados: 1
    Pastas infectadas: 0
    Ficheiros infectados: 5

    Processos da Memória infectados:
    (Nenhum item malicioso foi detectado)

    Módulos de Memória Infectados:
    (Nenhum item malicioso foi detectado)

    Chaves do Registo infectadas:
    (Nenhum item malicioso foi detectado)

    Valores do Registo infectados:
    (Nenhum item malicioso foi detectado)

    Ítens do Registo infectados:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Pastas infectadas:
    (Nenhum item malicioso foi detectado)

    Ficheiros infectados:
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcbefvtsoyi.dll.vir (Rogue.Agent) -> Delete on reboot.
    C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChcmnpkwkkc.dll.vir (Trojan.Agent) -> Delete on reboot.
    C:\System Volume Information\_restore{DF182C99-0110-48EC-995B-D9EA2BDFF95E}\RP0\A0000002.dll (Trojan.Agent) -> Delete on reboot.
    C:\System Volume Information\_restore{DF182C99-0110-48EC-995B-D9EA2BDFF95E}\RP0\A0000003.dll (Rogue.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

  9. #9
    Junior Member
    Join Date
    Aug 2009
    Posts
    10

    Default

    Nero detects the DVD recorder now.

    Spybot didn't detect any threats.

    I also have no problems starting up Windows anymore.

    By the way, is it ok to uninstall Windows Recovery Console or is it better to leave it just there?

    Really appreciated

  10. #10
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    is it ok to uninstall Windows Recovery Console or is it better to leave it just there
    Due to the threat that current and future malware poses it is vital that you have some form of recovery option.
    Recovery Console is the easiest.

    There are still a couple of items showing that need removing, but let's have one more scan before we do the final sweep.


    Kaspersky Online Scanner .
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- This scan is best done from IE (Internet Explorer)

    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Go Here http://www.kaspersky.com/kos/eng/par...avwebscan.html

    Read the Requirements and limitations before you click Accept.
    Once the database has downloaded, click My Computer in the left pane
    Now go and put the kettle on !
    When the scan has completed, click Save Report As...
    Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


    **Note**

    To optimize scanning time and produce a more sensible report for review:
    • Close any open programs.
    • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

    Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •