PDA

View Full Version : Win32.FraudLoad.edt (Resolved)



grAyf0x
2009-08-20, 04:46
Windows won't start unless it's Safe Mode. I can make it start in normal mode if I set a SpyBot search at startup and then just hit cancel though.

There's this Malware I can't remove even if I do a scan at system start-up (says it's being used by memory).

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:12, on 20-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Avast4\aswUpdSv.exe
C:\Programas\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programas\Avast4\ashWebSv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} (Siebel High Interactivity Framework) - https://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_HI_Client.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239662623953
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} (Siebel Calendar) - https://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_Calendar.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: qoMFuvst - qoMFuvst.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

--
End of file - 7499 bytes

katana
2009-08-22, 13:25
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------



Download and Run RSIT

Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:

log.txt will be opened maximized.
info.txt will be opened minimized.

Please post the contents of both log.txt and info.txt.
( They can also be found in the C:\RSIT folder )



Please Download GMER to your desktop

Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

grAyf0x
2009-08-23, 15:58
Logfile of random's system information tool 1.06 (written by random/random)
Run by José at 2009-08-23 13:16:50
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (29%) free of 153 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:00, on 23-08-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Avast4\aswUpdSv.exe
C:\Programas\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Programas\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programas\Nero\Nero 7\Core\nero.exe
C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
C:\Programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\José\Ambiente de trabalho\RSIT.exe
C:\Programas\Trend Micro\HijackThis\José.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {20E59CA2-78B0-4431-BFD0-D8B5ADFC0056} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programas\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programas\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Publicar em Blogue - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Publicar no Blogue no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programas\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} (Siebel High Interactivity Framework) - https://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_HI_Client.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239662623953
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} (Siebel Calendar) - https://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_Calendar.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - Winlogon Notify: qoMFuvst - qoMFuvst.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programas\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programas\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programas\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programas\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

--
End of file - 7825 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{039F2D36-A2E5-4BE0-83F9-89E863311017}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{615906F5-7851-41C9-B770-C6084C5C5531}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Programas\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programa Auxiliar de Início de Sessão do Windows Live - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2A4091A-7AF9-4663-A8C0-13DC0B8399C6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Programas\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"avast!"=C:\PROGRA~1\Avast4\ashDisp.exe [2009-08-17 81000]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"NeroFilterCheck"=C:\Programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Windows Defender"=C:\Programas\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Programas\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qoMFuvst]
qoMFuvst.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{20E59CA2-78B0-4431-BFD0-D8B5ADFC0056}"= []
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ljJBtqRK

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Mozilla Firefox\firefox.exe"="C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Programas\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Programas\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Programas\Ficheiros comuns\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Programas\Ficheiros comuns\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Programas\Garena\Garena.exe"="C:\Programas\Garena\Garena.exe:*:Enabled:Garena"
"C:\Programas\uTorrent\uTorrent.exe"="C:\Programas\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\JOGOS\Pro Evolution Soccer 2009\pes2009.exe"="C:\JOGOS\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\JOGOS\STREETFIGHTERIV\StreetFighterIV.exe"="C:\JOGOS\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV"
"C:\Programas\Sports Interactive\Football Manager 2009\fm.exe"="C:\Programas\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009"
"C:\Documents and Settings\All Users\Documentos\3DM_sf4onlinev1\SF4Online.exe"="C:\Documents and Settings\All Users\Documentos\3DM_sf4onlinev1\SF4Online.exe:*:Enabled:SF4Online"
"C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM_sf4onlinev1\SF4Online.exe"="C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM_sf4onlinev1\SF4Online.exe:*:Enabled:SF4Online"
"C:\JOGOS\STREETFIGHTERIV\SF4Online.exe"="C:\JOGOS\STREETFIGHTERIV\SF4Online.exe:*:Enabled:SF4Online"
"C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM-sf4onlinev2\SF4Online.exe"="C:\Documents and Settings\José\Ambiente de trabalho\Pedro\3DM-sf4onlinev2\SF4Online.exe:*:Enabled:SF4Online"
"C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe"="C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Programas\Windows Live\Messenger\wlcsdk.exe"="C:\Programas\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Programas\Windows Live\Sync\WindowsLiveSync.exe"="C:\Programas\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Programas\Windows Live\Messenger\msnmsgr.exe"="C:\Programas\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe"="C:\SpybotSDPortable\App\SpybotSD\SpybotSD.exe:*:Enabled:SpybotSD"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bac4a09-e0ad-11dc-90bb-00138fe3aa50}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aee9b50-2fda-11dd-91ad-00138fe3aa50}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe


======List of files/folders created in the last 1 months======

2009-08-23 13:16:50 ----D---- C:\rsit
2009-08-22 03:31:23 ----SHD---- C:\Config.Msi
2009-08-22 03:29:39 ----D---- C:\Programas\Windows Defender
2009-08-20 04:18:57 ----A---- C:\WINDOWS\imsins.BAK
2009-08-20 04:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB938759$
2009-08-20 02:59:30 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-08-20 02:59:30 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-08-20 02:59:29 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-08-20 02:59:27 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-20 02:24:39 ----D---- C:\Programas\Trend Micro
2009-08-20 02:22:37 ----D---- C:\Programas\ERUNT
2009-08-19 21:20:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-19 21:18:35 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-19 20:39:37 ----D---- C:\SpybotSDPortable
2009-08-19 20:01:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-19 13:56:09 ----D---- C:\Programas\Spybot - Search & Destroy
2009-08-12 03:04:31 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 03:03:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 03:03:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 03:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 03:02:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 03:02:44 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 03:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 03:02:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 03:00:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlivefnt.dll
2009-08-07 19:51:54 ----A---- C:\WINDOWS\system32\xlive.dll
2009-08-07 19:51:34 ----A---- C:\WINDOWS\system32\xlive.dll.cat
2009-07-29 19:29:43 ----D---- C:\WINDOWS\ie8updates
2009-07-29 19:29:05 ----D---- C:\WINDOWS\WBEM
2009-07-29 19:28:43 ----HDC---- C:\WINDOWS\ie8
2009-07-29 09:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB972260$
2009-07-26 20:54:54 ----D---- C:\Programas\Veetle

======List of files/folders modified in the last 1 months======

2009-08-23 13:15:02 ----D---- C:\Programas\Mozilla Firefox
2009-08-23 13:13:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-23 13:13:21 ----SD---- C:\WINDOWS\Tasks
2009-08-23 13:10:45 ----D---- C:\WINDOWS\Temp
2009-08-23 13:10:45 ----D---- C:\WINDOWS\system32
2009-08-23 13:09:03 ----A---- C:\WINDOWS\wininit.ini
2009-08-22 15:26:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-22 12:37:04 ----D---- C:\WINDOWS\Prefetch
2009-08-22 04:33:47 ----D---- C:\WINDOWS
2009-08-22 03:31:24 ----SHD---- C:\WINDOWS\Installer
2009-08-22 03:31:23 ----RD---- C:\Programas
2009-08-22 03:31:06 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-08-22 03:29:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-08-22 03:29:39 ----HD---- C:\WINDOWS\inf
2009-08-22 03:21:57 ----D---- C:\WINDOWS\system32\drivers
2009-08-22 03:21:54 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-08-22 03:20:42 ----D---- C:\WINDOWS\WinSxS
2009-08-21 21:19:40 ----D---- C:\WINDOWS\system32\pt-pt
2009-08-21 21:19:40 ----D---- C:\Programas\Windows Desktop Search
2009-08-21 14:58:26 ----D---- C:\WINDOWS\system32\wbem
2009-08-21 14:47:49 ----D---- C:\Programas\Avast4
2009-08-20 04:18:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-20 02:59:30 ----D---- C:\WINDOWS\system32\DirectX
2009-08-20 02:23:21 ----D---- C:\WINDOWS\erdnt
2009-08-20 00:09:36 ----D---- C:\Programas\Ficheiros comuns\Wise Installation Wizard
2009-08-19 23:11:44 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-19 23:11:15 ----D---- C:\Programas\Ficheiros comuns\Adobe
2009-08-19 23:10:57 ----D---- C:\Programas\Adobe
2009-08-19 22:49:27 ----SH---- C:\boot.ini
2009-08-19 22:49:27 ----A---- C:\WINDOWS\win.ini
2009-08-19 22:49:27 ----A---- C:\WINDOWS\system.ini
2009-08-19 20:05:46 ----D---- C:\WINDOWS\system32\Restore
2009-08-19 20:00:47 ----SHD---- C:\WINDOWS\CSC
2009-08-19 19:30:41 ----SHD---- C:\RECYCLER
2009-08-19 19:28:20 ----D---- C:\Documents and Settings
2009-08-19 13:56:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & DestroyBackup
2009-08-19 12:57:25 ----D---- C:\WINDOWS\Minidump
2009-08-19 12:57:25 ----D---- C:\WINDOWS\Debug
2009-08-19 03:12:56 ----D---- C:\WINDOWS\SHELLNEW
2009-08-17 17:10:20 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-08-12 03:02:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 03:02:38 ----D---- C:\Programas\Outlook Express
2009-08-05 10:00:10 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 16:16:35 ----D---- C:\Programas\Internet Explorer
2009-07-30 21:31:04 ----D---- C:\Programas\Microsoft Silverlight
2009-07-30 01:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 21:17:07 ----D---- C:\Programas\VSO
2009-07-29 21:17:04 ----D---- C:\Documents and Settings\José\Application Data\Vso
2009-07-29 21:17:04 ----A---- C:\Documents and Settings\José\Application Data\inst.exe
2009-07-29 19:31:31 ----D---- C:\WINDOWS\Help
2009-07-29 19:29:11 ----D---- C:\WINDOWS\system32\config
2009-07-29 19:29:01 ----D---- C:\WINDOWS\Media

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-08-17 26944]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-08-17 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-08-17 51376]
R1 intelppm;Controlador de processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40320]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-08-17 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-08-17 94160]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-08-17 23152]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]
R3 HDAudBus;Controlador de Barramento UAA da Microsoft para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Controlador de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 usbehci;Microsoft USB 2.0 - controlador Miniport de anfitrião melhorado; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrador activado por USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Controlador miniport do controlador Microsoft USB universal; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 kbdhid;Controlador HID de teclado; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S3 a5s0agwb;a5s0agwb; C:\WINDOWS\system32\drivers\a5s0agwb.sys []
S3 apwjwzcg;apwjwzcg; C:\WINDOWS\system32\drivers\apwjwzcg.sys []
S3 FETNDIS;Controlador de placa Fast Ethernet VIA PCI 10/100Mb para NT; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\JOS~1\DEFINI~1\Temp\KHL2.tmp []
S3 mouhid;Controlador HID de rato; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-11-20 12160]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-29 47360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;Controlador de armazenamento de massa USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Controlador do filtro de restauro do sistema; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programas\Avast4\aswUpdSv.exe [2009-08-17 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; C:\Programas\Avast4\ashServ.exe [2009-08-17 138680]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Programas\Ficheiros comuns\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 MDM;Machine Debug Manager; C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 SeaPort;SeaPort; C:\Programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 StarWindServiceAE;StarWind AE Service; C:\Programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WinDefend;Windows Defender; C:\Programas\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Web Scanner;avast! Web Scanner; C:\Programas\Avast4\ashWebSv.exe [2009-08-17 352920]
R3 NMIndexingService;NMIndexingService; C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]
S2 SysEnforce;SysEnforce; C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Programas\Avast4\ashMaiSv.exe [2009-08-17 254040]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Segurança Familiar do Windows Live; C:\Programas\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 ose;Office Source Engine; C:\Programas\Ficheiros comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Programas\Ficheiros comuns\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S3 WMPNetworkSvc;Serviço de Partilha de Rede do Windows Media Player; C:\Programas\Windows Media Player\WMPNetwk.exe [2007-01-05 915968]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

grAyf0x
2009-08-23, 15:59
info.txt logfile of random's system information tool 1.06 2009-08-23 13:17:01

======Uninstall list======

-->C:\Programas\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actualização Crítica para o Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Actualização de Segurança para o Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Actualização de segurança para Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Actualização de segurança para Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Actualização de Segurança para Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Actualização de segurança para Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Actualização para o Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Actualização para Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Actualização para Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Actualização para Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Actualização para Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Actualização para Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Actualização para Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1 - Português-->MsiExec.exe /I{AC76BA86-7AD7-1046-7B44-A91000000001}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Apex RM RMVB Converter 7.43-->"C:\Programas\Apex\Apex RM RMVB Converter\unins000.exe"
Assistente de Início de Sessão do Windows Live-->MsiExec.exe /I{28DA1AA2-07F2-4451-A28B-A6A01A9CE8E9}
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS nVIDIA Driver-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{3C3B2C97-0DAB-482F-9C95-6610827210E3} /l1033
avast! Antivirus-->C:\Programas\Avast4\aswRunDll.exe "C:\Programas\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Programas\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Correcção para o Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Defraggler (remove only)-->"C:\Programas\Defraggler\uninst.exe"
ERUNT 1.1j-->C:\Programas\ERUNT\unins000.exe
Ferramenta de Carregamento do Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Galeria de Fotografias do Windows Live-->MsiExec.exe /X{635B7E55-5566-4BE2-AA7D-F006A78A739B}
Garena-->C:\Programas\InstallShield Installation Information\{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Heroes of Newerth-->C:\JOGOS\Heroes of Newerth\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programas\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB938759)-->"C:\WINDOWS\$NtUninstallKB938759$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix para Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Jurinfor IRScalc2008-->"C:\Programas\InstallShield Installation Information\{EA5DA291-59A4-41B5-A2E5-E21030B008FA}\setup.exe" -runfromtemp -l0x0816 -removeonly
K-Lite Codec Pack 3.9.0 Full-->"C:\Programas\K-Lite Codec Pack\unins000.exe"
Logitech Gaming Software-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{B9242864-2841-4ADE-86E0-8F90F91B04DD}\setup.exe" -l0x9
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Portuguese Language Pack-->MsiExec.exe /X{0D70FCFE-2102-4951-A56E-22DD07DFA5B6}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTG-->MsiExec.exe /I{88528F28-E04A-3A93-B3C0-14651148FE82}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTG-->MsiExec.exe /I{0800E395-4DD7-3A93-BB96-08596C0D725F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - PTG-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - ptg\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - ptg-->MsiExec.exe /I{7B1DBCBE-DF17-3B58-844C-F572F70EF5C4}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110816-6000-11D3-8CFE-0150048383C9}
Microsoft OLE DB Provider for Visual FoxPro-->MsiExec.exe /I{CD5DC4AA-7D62-48D9-B756-5925471001FE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.5.2)-->C:\Programas\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}
Nero 7 Essentials-->MsiExec.exe /X{1DED92A7-05FA-4736-8AEA-1BE2363F2070}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /X{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}
Nokia Flashing Cable Driver-->MsiExec.exe /X{2A0A6470-FD0F-4F45-9B11-85F3167DB943}
Nokia PC Connectivity Solution-->MsiExec.exe /I{0D80391C-0A72-43BB-9BC2-143F63CC111D}
Nokia PC Suite-->MsiExec.exe /I{531317A5-586A-4E36-87C1-CA823447B375}
Nokia Software Launcher-->MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
Nokia Software Updater-->MsiExec.exe /X{8CC51051-9B69-4F70-BBE6-F68DA834C05C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Pacote do Fornecedor de Serviço Criptográfico para Cartão Inteligente Base da Microsoft-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Prince of Persia T2T-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
Pro Evolution Soccer 2009-->MsiExec.exe /X{A8DB611A-D80E-450D-85F6-3ACDD164BE31}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHEI~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programas\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x816 -removeonly
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Segurança Familiar do Windows Live-->MsiExec.exe /X{C6A0ED5A-A478-4092-8065-22CA5142065C}
Sistema de Informação do Técnico Oficial de Contas - NP-->"C:\Programas\InstallShield Installation Information\{257C6761-9710-46F6-A1F6-220E83C9BB40}\setup.exe" -runfromtemp -l0x0816 -uninst -removeonly
Sistema de Informação do Técnico Oficial de Contas-->C:\WINDOWS\IsUn0816.exe -f"C:\Programas\CTOC\Sistema de Informação do Técnico Oficial de Contas\Uninst.isu"
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Programas\Spybot - Search & Destroy\unins000.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}
TeamSpeak 2 RC2-->C:\Programas\Teamspeak2_RC2\unins000.exe
Veetle TV 0.9.15-->C:\Programas\Veetle\UninstallVeetleTV.exe
VIA Platform Device Manager-->C:\PROGRA~1\FICHEI~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_62A340731F8930057B44B8864F236850B0D49D65\nokbtmdm.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{418001D0-F48E-4910-966C-0DCCC996A87A}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Programas\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{44AECAEE-BCE9-4928-A0C7-F1A44706D3CC}
Windows Live Mail-->MsiExec.exe /I{B7D70C6D-8034-423A-A9CB-F331024A0BFE}
Windows Live Messenger-->MsiExec.exe /X{BF6CDAFB-F8C3-4DE1-B2E6-25F4EC27CAA2}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Programas\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{36CCDA14-7935-4D90-8AE7-7440CCA315B8}
Windows Live Toolbar-->MsiExec.exe /X{1965B596-3CA8-4AED-AF1F-91D48A47F4DE}
Windows Live Writer-->MsiExec.exe /X{52F1F403-6AD6-4CBA-BFE5-CF283CF839C2}
Windows Media Format 11 runtime-->"C:\Programas\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programas\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Programas\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
Zoom Player (remove only)-->"C:\Programas\Zoom Player\uninstall.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1351 [VPS 090822-0]

======System event log======

Computer Name: PC
Event Code: 7036
Message: O serviço Serviço COM de gravação de CD de IMAPI entrou no estado execução.

Record Number: 37824
Source Name: Service Control Manager
Time Written: 20090806103921.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 7035
Message: Foi enviado com êxito para o serviço Serviço COM de gravação de CD de IMAPI um controlo Iniciar.

Record Number: 37823
Source Name: Service Control Manager
Time Written: 20090806103921.000000+060
Event Type: Informações
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 7036
Message: O serviço avast! Web Scanner entrou no estado execução.

Record Number: 37822
Source Name: Service Control Manager
Time Written: 20090806103921.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 7035
Message: Foi enviado com êxito para o serviço avast! Web Scanner um controlo Iniciar.

Record Number: 37821
Source Name: Service Control Manager
Time Written: 20090806103921.000000+060
Event Type: Informações
User: NT AUTHORITY\SYSTEM

Computer Name: PC
Event Code: 7000
Message: O serviço SysEnforce falhou o arranque devido ao seguinte erro:
O sistema não conseguiu localizar o caminho especificado.


Record Number: 37820
Source Name: Service Control Manager
Time Written: 20090806103916.000000+060
Event Type: Erro
User:

=====Application event log=====

Computer Name: PC
Event Code: 0
Message: Service started

Record Number: 5251
Source Name: SeaPort
Time Written: 20090624182532.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 5250
Source Name: LightScribeService
Time Written: 20090624182528.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 1003
Message:
Record Number: 5249
Source Name: Windows Search Service
Time Written: 20090624100931.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 102
Message: Windows (1904) Windows: O motor de base de dados iniciou uma nova ocorrência (0).


Record Number: 5248
Source Name: ESENT
Time Written: 20090624100928.000000+060
Event Type: Informações
User:

Computer Name: PC
Event Code: 100
Message: SearchIndexer (1904) O motor de base de dados 5.01.2600.5512 foi iniciado.


Record Number: 5247
Source Name: ESENT
Time Written: 20090624100928.000000+060
Event Type: Informações
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Programas\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Programas\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

grAyf0x
2009-08-23, 16:40
GMER 1.0.15.15077 [Look.exe] - http://www.gmer.net
Rootkit scan 2009-08-23 14:39:59
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 86E680E0 ZwEnumerateKey
Code 86EA7A68 ZwFlushInstructionCache
Code 86E68116 IofCallDriver
Code 86E685FE IofCompleteRequest
Code 86E67145 ZwSaveKey
Code 87086895 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 86E6811B
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 86E68603
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 86E6714A
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8708689A
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 86E680E4
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 86EA7A6C
? C:\WINDOWS\system32\drivers\sptd.sys O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
.text USBPORT.SYS!DllUnload F60998AC 5 Bytes JMP 86FE31C8
? System32\Drivers\a8bu5rpq.SYS O sistema não conseguiu localizar o caminho especificado. !
? System32\Drivers\apsy7wq3.SYS O sistema não conseguiu localizar o caminho especificado. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F75BC06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F75BC018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F75DE9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F75BC06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F75A5AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F75A5C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F75A5B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F75A6748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F75A661E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F75BB29A] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 873D01E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-0 86FE21E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D21E8
Device \Driver\dmio \Device\DmControl\DmConfig 873D21E8
Device \Driver\dmio \Device\DmControl\DmPnP 873D21E8
Device \Driver\dmio \Device\DmControl\DmInfo 873D21E8
Device \Driver\usbuhci \Device\USBPDO-1 86FE21E8
Device \Driver\usbuhci \Device\USBPDO-2 86FE21E8
Device \Driver\PCI_NTPNP6556 \Device\00000046 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-3 86FE21E8
Device \Driver\PCI_NTPNP6556 \Device\00000047 sptd.sys
Device \Driver\usbehci \Device\USBPDO-4 86FB51E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 873621E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86D15500
Device \Driver\NetBT \Device\NetbiosSmb 86D15500

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{826AB9C5-7F92-4C72-BC88-E94CA304B9B0} 86D15500
Device \Driver\usbuhci \Device\USBFDO-0 86FE21E8
Device \Driver\usbuhci \Device\USBFDO-1 86FE21E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86D19790
Device \Driver\usbuhci \Device\USBFDO-2 86FE21E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86D19790
Device \Driver\usbuhci \Device\USBFDO-3 86FE21E8
Device \Driver\usbehci \Device\USBFDO-4 86FB51E8
Device \Driver\Ftdisk \Device\FtControl 873621E8
Device \Driver\a8bu5rpq \Device\Scsi\a8bu5rpq1Port4Path0Target0Lun0 86F8E4B0
Device \Driver\apsy7wq3 \Device\Scsi\apsy7wq31 86EEE388
Device \Driver\viamraid \Device\Scsi\viamraid1 873D11E8
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 873D11E8
Device \Driver\a8bu5rpq \Device\Scsi\a8bu5rpq1 86F8E4B0
Device \FileSystem\Cdfs \Cdfs 86CF7790
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x01090000
Library \\?\globalroot\systemroot\system32\UACoededwdoyk.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [936] 0x02E90000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACyljadtirxu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0xAC 0xED 0xF8 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacmal
Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules@uacrem
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x6B 0x8C 0x3A 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA6 0xAC 0xED 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet005\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet006\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet007\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet008\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet009\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programas\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0xE7 0x19 0x9F ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x7B 0xC9 0x44 0xE0 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xA1 0x9A 0xB0 0xC8 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x04 0xEB 0xA6 0x2E ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xBE 0xD0 0x47 0x59 ...
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7A 0x34 0xF0 0xC4 ...
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACyljadtirxu.sys
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UAChcmnpkwkkc.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACcbefvtsoyi.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACspqwxokykb.dat
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACnkayvtnirm.db
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACoededwdoyk.dll
Reg HKLM\SYSTEM\ControlSet011\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACpiexvkbpxo.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\UACyljadtirxu.sys 54784 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACcbefvtsoyi.dll 74240 bytes executable
File C:\WINDOWS\system32\UAChcmnpkwkkc.dll 26624 bytes executable
File C:\WINDOWS\system32\uacinit.dll 6580 bytes
File C:\WINDOWS\system32\UACnkayvtnirm.db 1110399 bytes
File C:\WINDOWS\system32\UACoededwdoyk.dll 30208 bytes executable
File C:\WINDOWS\system32\UACpiexvkbpxo.dll 19968 bytes executable
File C:\WINDOWS\system32\UACspqwxokykb.dat 174 bytes
File C:\WINDOWS\Temp\UACa553.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UACaf84.tmp 174 bytes
File C:\WINDOWS\Temp\UACc445.tmp 1110399 bytes
File C:\WINDOWS\Temp\UACc762.tmp 30208 bytes executable
File C:\WINDOWS\Temp\UACcb79.tmp 19968 bytes executable

---- EOF - GMER 1.0.15 ----

katana
2009-08-23, 16:59
Information


Please ensure that any USB/Flash/External drives are connected whilst we are cleaning your machine.

Explanation: USB storage devices are all the USB devices that get their own partition letter at connecting to the PC, e.g. flash drives (thumb/pen drives, USB sticks), external HDDs, MP3/MP4 players, digital cameras, memory cards (SD cards, Sony Memory Stick, MultiMedia Cards etc.), some mobile phones, some GPS navigation devices etc.

----------------------------------------------------------------------------------------
Step 1


Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)

----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Combofix Log
MalwareBytes Log
How are things running now ?

grAyf0x
2009-08-23, 17:55
ComboFix 09-08-22.06 - José 23-08-2009 15:37.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1023.598 [GMT 1:00]
Executando de: c:\documents and settings\José\Ambiente de trabalho\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 090822-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Criado um novo ponto de restauração
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\BM4fb04567.txt
c:\windows\BM4fb04567.xml
c:\windows\cookies.ini
c:\windows\Installer\37f96.msi
c:\windows\system32\abiijyvh.ini
c:\windows\system32\dclwkbkq.ini
c:\windows\system32\drivers\UACyljadtirxu.sys
c:\windows\system32\ghftjpyc.ini
c:\windows\system32\KRqtBJjl.ini
c:\windows\system32\nfsrivfq.ini
c:\windows\system32\UACcbefvtsoyi.dll
c:\windows\system32\UAChcmnpkwkkc.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACnkayvtnirm.db
c:\windows\system32\UACoededwdoyk.dll
c:\windows\system32\UACpiexvkbpxo.dll
c:\windows\system32\UACspqwxokykb.dat
c:\windows\system32\xxvepbpv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-23 to 2009-08-23 ))))))))))))))))))))))))))))
.

2009-08-23 12:16 . 2009-08-23 12:17 -------- d-----w- C:\rsit
2009-08-22 02:29 . 2009-08-22 02:29 -------- d-----w- c:\programas\Windows Defender
2009-08-22 02:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-20 03:18 . 2008-11-13 14:19 603648 -c----w- c:\windows\system32\dllcache\crypt32.dll
2009-08-20 03:18 . 2008-11-13 14:19 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-08-20 01:59 . 2008-03-05 15:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-20 01:59 . 2008-02-05 23:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-20 01:59 . 2008-03-05 15:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-20 01:59 . 2007-04-04 18:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\programas\Trend Micro
2009-08-20 01:22 . 2009-08-20 01:22 -------- d-----w- c:\programas\ERUNT
2009-08-19 20:20 . 2009-08-19 23:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 19:39 . 2009-08-19 19:39 -------- d-----w- C:\SpybotSDPortable
2009-08-19 12:56 . 2009-08-19 23:10 -------- d-----w- c:\programas\Spybot - Search & Destroy
2009-08-19 11:51 . 2009-08-19 18:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 22:44 . 2009-08-18 22:44 71168 ----a-w- c:\windows\system32\drivers\wwoseqvtadcdbqtx.sys
2009-08-18 22:33 . 2009-08-18 22:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-11 23:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 18:51 . 2009-08-07 18:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 18:51 . 2009-08-07 18:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:00 . 2009-08-05 09:00 205824 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 18:33 . 2009-07-29 18:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-29 18:29 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 18:29 . 2009-07-19 17:44 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-29 18:29 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 18:29 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 18:29 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-29 18:29 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 18:29 . 2009-07-29 18:29 -------- d-----w- c:\windows\ie8updates
2009-07-29 18:29 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-29 18:28 . 2009-07-29 18:29 -------- dc-h--w- c:\windows\ie8
2009-07-26 19:54 . 2009-07-26 19:54 -------- d-----w- c:\programas\Veetle

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 02:31 . 2008-06-27 23:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-21 20:19 . 2009-04-14 00:05 -------- d-----w- c:\programas\Windows Desktop Search
2009-08-21 13:58 . 2004-09-21 12:00 84976 ----a-w- c:\windows\system32\perfc016.dat
2009-08-21 13:58 . 2004-09-21 12:00 491106 ----a-w- c:\windows\system32\perfh016.dat
2009-08-21 13:47 . 2008-01-24 15:44 -------- d-----w- c:\programas\Avast4
2009-08-19 23:09 . 2007-12-20 12:42 -------- d-----w- c:\programas\Ficheiros comuns\Wise Installation Wizard
2009-08-19 22:11 . 2007-12-14 18:52 -------- d-----w- c:\programas\Ficheiros comuns\Adobe
2009-08-19 12:56 . 2008-01-24 15:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & DestroyBackup
2009-08-17 16:10 . 2008-10-13 18:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-13 18:41 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-13 18:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-13 18:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-13 18:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-13 18:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-13 18:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-13 18:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-13 18:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2004-09-21 12:00 205824 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 20:31 . 2008-07-24 18:57 -------- d-----w- c:\programas\Microsoft Silverlight
2009-07-29 20:17 . 2008-04-29 19:54 -------- d-----w- c:\programas\VSO
2009-07-20 14:09 . 2009-04-01 16:08 -------- d-----w- c:\programas\Garena
2009-07-17 19:03 . 2004-09-21 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 14:58 . 2009-07-14 14:58 -------- d-----w- c:\programas\Defraggler
2009-07-13 22:43 . 2004-09-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 13:37 . 2008-11-15 20:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sports Interactive
2009-07-11 13:35 . 2007-11-30 18:57 -------- d--h--w- c:\programas\InstallShield Installation Information
2009-07-04 12:18 . 2009-05-06 22:07 -------- d-----w- c:\programas\Windows Live Safety Center
2009-07-03 16:57 . 2004-09-21 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-01 12:32 . 2009-07-01 12:32 -------- d-----w- c:\programas\Microsoft Games for Windows - LIVE
2009-06-16 14:39 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-09-21 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-09-21 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-09-21 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:20 . 2007-11-30 15:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-09-21 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-09-21 12:00 1297920 ----a-w- c:\windows\system32\quartz.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Defender"="c:\programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\programas\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BM4fb04567"=Rundll32.exe "c:\windows\system32\yxmfamru.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programas\\Garena\\Garena.exe"=
"c:\\JOGOS\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\JOGOS\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM_sf4onlinev1\\SF4Online.exe"=
"c:\\JOGOS\\STREETFIGHTERIV\\SF4Online.exe"=
"c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM-sf4onlinev2\\SF4Online.exe"=
"c:\\SpybotSDPortable\\App\\SpybotSD\\SpybotSD.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13-10-2008 19:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-10-2008 19:41 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13-03-2009 20:17 55152]
R2 WinDefend;Windows Defender;c:\programas\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
S3 fsssvc;Segurança Familiar do Windows Live;c:\programas\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp --> c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{039F2D36-A2E5-4BE0-83F9-89E863311017} - (no file)
BHO-{615906F5-7851-41C9-B770-C6084C5C5531} - (no file)
BHO-{F2A4091A-7AF9-4663-A8C0-13DC0B8399C6} - (no file)
Notify-qoMFuvst - qoMFuvst.dll


.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_HI_Client.cab
DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_Calendar.cab
FF - ProfilePath - c:\docume~1\JOS~1\APPLIC~1\Mozilla\Firefox\Profiles\9p7bxllp.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - plugin: c:\programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programas\Veetle\Player\npvlc.dll
FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 15:44
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programas\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr
c:\programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\programas\Avast4\aswUpdSv.exe
c:\programas\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe
c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\rundll32.exe
c:\programas\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-08-23 15:51 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-08-23 14:51
ComboFix2.txt 2008-06-28 02:57

Pré-execução: 46.682.705.920 bytes livres
Pós execução: 46.577.872.896 bytes livres

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=10 Default=10 Failed=9 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,10,11
276 --- E O F --- 2009-08-12 02:05

grAyf0x
2009-08-23, 18:27
Malwarebytes' Anti-Malware 1.40
Versão do banco de dados: 2682
Windows 5.1.2600 Service Pack 3

23-08-2009 16:27:16
mbam-log-2009-08-23 (16-27-16).txt

Tipo de Verificação: Completa (C:\|D:\|F:\|)
Objetos verificados: 155981
Tempo decorrido: 30 minute(s), 43 second(s)

Processos da Memória infectados: 0
Módulos de Memória Infectados: 0
Chaves do Registo infectadas: 0
Valores do Registo infectados: 0
Ítens do Registo infectados: 1
Pastas infectadas: 0
Ficheiros infectados: 5

Processos da Memória infectados:
(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:
(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:
(Nenhum item malicioso foi detectado)

Valores do Registo infectados:
(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Pastas infectadas:
(Nenhum item malicioso foi detectado)

Ficheiros infectados:
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACcbefvtsoyi.dll.vir (Rogue.Agent) -> Delete on reboot.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAChcmnpkwkkc.dll.vir (Trojan.Agent) -> Delete on reboot.
C:\System Volume Information\_restore{DF182C99-0110-48EC-995B-D9EA2BDFF95E}\RP0\A0000002.dll (Trojan.Agent) -> Delete on reboot.
C:\System Volume Information\_restore{DF182C99-0110-48EC-995B-D9EA2BDFF95E}\RP0\A0000003.dll (Rogue.Agent) -> Delete on reboot.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

grAyf0x
2009-08-23, 18:45
Nero detects the DVD recorder now.

Spybot didn't detect any threats.

I also have no problems starting up Windows anymore.

By the way, is it ok to uninstall Windows Recovery Console or is it better to leave it just there?

:thanks: Really appreciated ;)

katana
2009-08-23, 20:02
is it ok to uninstall Windows Recovery Console or is it better to leave it just there
Due to the threat that current and future malware poses it is vital that you have some form of recovery option.
Recovery Console is the easiest.

There are still a couple of items showing that need removing, but let's have one more scan before we do the final sweep.


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

grAyf0x
2009-08-24, 00:27
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 23, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 23, 2009 20:54:02
Records in database: 2681601
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\

Scan statistics:
Objects scanned: 60321
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:10:21


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACyljadtirxu.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACpiexvkbpxo.dll.vir Infected: Packed.Win32.TDSS.y 1

Selected area has been scanned.

katana
2009-08-24, 00:38
Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:



http://forums.spybot.info/showthread.php?p=330542#post330542
Collect::
c:\windows\system32\drivers\wwoseqvtadcdbqtx.sys
FixCset::
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
ADS::
Save this as CFScript.txt and place it on your desktop.


http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

grAyf0x
2009-08-24, 06:54
ComboFix 09-08-22.06 - José 24-08-2009 4:36.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.351.2070.18.1023.644 [GMT 1:00]
Executando de: c:\documents and settings\José\Ambiente de trabalho\Combo-Fix.exe
Comandos utilizados :: c:\documents and settings\José\Ambiente de trabalho\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 090823-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\drivers\wwoseqvtadcdbqtx.sys
.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\wwoseqvtadcdbqtx.sys

.
(((((((((((((((( Arquivos/Ficheiros criados de 2009-07-24 to 2009-08-24 ))))))))))))))))))))))))))))
.

2009-08-23 14:54 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 14:54 . 2009-08-23 14:54 -------- d-----w- c:\programas\Malwarebytes' Anti-Malware
2009-08-23 14:54 . 2009-08-23 14:54 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-08-23 14:54 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 12:16 . 2009-08-23 12:17 -------- d-----w- C:\rsit
2009-08-22 02:29 . 2009-08-22 02:29 -------- d-----w- c:\programas\Windows Defender
2009-08-22 02:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-20 03:18 . 2008-11-13 14:19 603648 -c----w- c:\windows\system32\dllcache\crypt32.dll
2009-08-20 03:18 . 2008-11-13 14:19 177664 -c----w- c:\windows\system32\dllcache\wintrust.dll
2009-08-20 01:59 . 2008-03-05 15:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
2009-08-20 01:59 . 2008-02-05 23:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
2009-08-20 01:59 . 2008-03-05 15:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
2009-08-20 01:59 . 2007-04-04 18:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-08-20 01:24 . 2009-08-20 01:24 -------- d-----w- c:\programas\Trend Micro
2009-08-20 01:22 . 2009-08-20 01:22 -------- d-----w- c:\programas\ERUNT
2009-08-19 20:20 . 2009-08-19 23:10 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-08-19 19:39 . 2009-08-19 19:39 -------- d-----w- C:\SpybotSDPortable
2009-08-19 12:56 . 2009-08-23 15:42 -------- d-----w- c:\programas\Spybot - Search & Destroy
2009-08-19 11:51 . 2009-08-19 18:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-18 22:33 . 2009-08-18 22:33 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-11 23:29 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-07 18:51 . 2009-08-07 18:51 15308424 ----a-w- c:\windows\system32\xlive.dll
2009-08-07 18:51 . 2009-08-07 18:51 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-08-05 09:00 . 2009-08-05 09:00 205824 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 18:33 . 2009-07-29 18:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-29 18:29 . 2009-07-03 16:57 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-29 18:29 . 2009-07-19 17:44 11067392 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-07-29 18:29 . 2009-07-03 16:57 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-29 18:29 . 2009-07-03 16:57 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-07-29 18:29 . 2009-07-03 16:57 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-07-29 18:29 . 2009-07-03 16:57 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-29 18:29 . 2009-07-29 18:29 -------- d-----w- c:\windows\ie8updates
2009-07-29 18:29 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-29 18:28 . 2009-07-29 18:29 -------- dc-h--w- c:\windows\ie8
2009-07-26 19:54 . 2009-07-26 19:54 -------- d-----w- c:\programas\Veetle

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 02:31 . 2008-06-27 23:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Lavasoft
2009-08-21 20:19 . 2009-04-14 00:05 -------- d-----w- c:\programas\Windows Desktop Search
2009-08-21 13:58 . 2004-09-21 12:00 84976 ----a-w- c:\windows\system32\perfc016.dat
2009-08-21 13:58 . 2004-09-21 12:00 491106 ----a-w- c:\windows\system32\perfh016.dat
2009-08-21 13:47 . 2008-01-24 15:44 -------- d-----w- c:\programas\Avast4
2009-08-19 23:09 . 2007-12-20 12:42 -------- d-----w- c:\programas\Ficheiros comuns\Wise Installation Wizard
2009-08-19 22:11 . 2007-12-14 18:52 -------- d-----w- c:\programas\Ficheiros comuns\Adobe
2009-08-19 12:56 . 2008-01-24 15:45 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & DestroyBackup
2009-08-17 16:10 . 2008-10-13 18:41 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-10-13 18:41 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-10-13 18:41 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-10-13 18:41 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-10-13 18:41 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-10-13 18:41 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-10-13 18:41 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-10-13 18:41 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-10-13 18:41 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-05 09:00 . 2004-09-21 12:00 205824 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 20:31 . 2008-07-24 18:57 -------- d-----w- c:\programas\Microsoft Silverlight
2009-07-29 20:17 . 2008-04-29 19:54 -------- d-----w- c:\programas\VSO
2009-07-20 14:09 . 2009-04-01 16:08 -------- d-----w- c:\programas\Garena
2009-07-17 19:03 . 2004-09-21 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 14:58 . 2009-07-14 14:58 -------- d-----w- c:\programas\Defraggler
2009-07-13 22:43 . 2004-09-21 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 13:37 . 2008-11-15 20:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Sports Interactive
2009-07-11 13:35 . 2007-11-30 18:57 -------- d--h--w- c:\programas\InstallShield Installation Information
2009-07-04 12:18 . 2009-05-06 22:07 -------- d-----w- c:\programas\Windows Live Safety Center
2009-07-03 16:57 . 2004-09-21 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 12:32 . 2009-07-01 12:32 -------- d-----w- c:\programas\Microsoft Games for Windows - LIVE
2009-06-16 14:39 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:39 . 2004-09-21 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-09-21 12:00 77824 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:44 . 2004-09-21 12:00 81920 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-10 14:14 . 2004-09-21 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 08:20 . 2007-11-30 15:09 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-09-21 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-09-21 12:00 1297920 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_14.45.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-24 03:42 . 2009-08-24 03:42 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
- 2009-08-23 14:43 . 2009-08-23 14:43 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programas\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"NeroFilterCheck"="c:\programas\Ficheiros comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Windows Defender"="c:\programas\Windows Defender\MSASCui.exe" [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programas\\Mozilla Firefox\\firefox.exe"=
"c:\\Programas\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programas\\Ficheiros comuns\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programas\\Garena\\Garena.exe"=
"c:\\JOGOS\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programas\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\JOGOS\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM_sf4onlinev1\\SF4Online.exe"=
"c:\\JOGOS\\STREETFIGHTERIV\\SF4Online.exe"=
"c:\\Documents and Settings\\José\\Ambiente de trabalho\\Pedro\\3DM-sf4onlinev2\\SF4Online.exe"=
"c:\\SpybotSDPortable\\App\\SpybotSD\\SpybotSD.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13-10-2008 19:41 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-10-2008 19:41 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [13-03-2009 20:17 55152]
R2 WinDefend;Windows Defender;c:\programas\Windows Defender\MsMpEng.exe [03-11-2006 19:19 13592]
S3 fsssvc;Segurança Familiar do Windows Live;c:\programas\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp --> c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\programas\Ficheiros comuns\LightScribe\LSRunOnce.exe"
.
.
------- Scan Suplementar -------
.
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {408902B4-F82D-4FE4-B1FF-7DB2B6E6A669} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_HI_Client.cab
DPF: {F3A5BD4E-4DFD-4CA6-9410-7D0B0A9CDE16} - hxxps://www.bancobest.pt/FINSECHANNEL/18379/applets/SiebelAx_Calendar.cab
FF - ProfilePath - c:\docume~1\JOS~1\APPLIC~1\Mozilla\Firefox\Profiles\9p7bxllp.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - plugin: c:\programas\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programas\Veetle\Player\npvlc.dll
FF - plugin: c:\programas\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programas\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programas\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programas\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programas\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-24 04:43
Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso
arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet010\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\JOS~1\DEFINI~1\Temp\KHL2.tmp"
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3124)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programas\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programas\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\programas\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_por.nlr
c:\programas\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Outros Processos em Execução ------------------------
.
c:\programas\Avast4\aswUpdSv.exe
c:\programas\Avast4\ashServ.exe
c:\windows\ATKKBService.exe
c:\programas\Ficheiros comuns\LightScribe\LSSrvc.exe
c:\programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\programas\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\programas\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2009-08-24 4:49 - Máquina reiniciou
ComboFix-quarantined-files.txt 2009-08-24 03:49
ComboFix2.txt 2009-08-23 14:51
ComboFix3.txt 2008-06-28 02:57

Pré-execução: 46.480.523.264 bytes livres
Pós execução: 46.514.327.552 bytes livres

245 --- E O F --- 2009-08-12 02:05

katana
2009-08-24, 11:44
Please Submit a file

Please open LINK >>> THIS PAGE (http://www.bleepingcomputer.com/submit-malware.php?channel=4) <<<LINK in a new window.


In the box marked Link to topic where this file was requested: please put this text

http://forums.spybot.info/showthread.php?p=330597#post330597

Click the Browse button and navigate to C:\Qoobox\Quarantine\
There should be a zip file there called [4]-Submit_****-**-**_**.**.**.zip ( the * denote Date and time stamp )
Select this file and click Open

In the Largest box please put

File Requested By Katana
Failed Submit

Finally click SendFile


----------------------------------------------------------------------------------------
Congratulations your logs look clean :)

Let's see if I can help you keep it that way

First lets tidy up



Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png




OTCleanup
Please download OTCleanup from HERE (http://oldtimer.geekstogo.com/OTC.exe)
Click the OTC.exe icon and then click the CleanUp button.
If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
Let me know if there were any problems with OT CleanIt




You can also delete any logs we have produced, and empty your Recycle bin.

----------------------------------------------------------- -----------------------------------------------------------

The following is some info to help you stay safe and clean.


You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

grAyf0x
2009-08-24, 14:39
I've submitted the file.

There were no problems while running OT CleanIt.

Everything seems to be running smooth, thank you!