Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crazy Worm/Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 S1Lv3R_Sh4rK

S1Lv3R_Sh4rK

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 18 April 2009 - 10:12 AM

Hey i got infected from some kind of virus that doesn't allow me to open certain website's like AVG website, my computer freezes after one or two hours, i mean literally, when it freeze's the Task Manager doesn't open, but i can still move the mouse..
Here goes the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:10, on 18-04-2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programas\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programas\Java\jre6\bin\jusched.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Xfire\Xfire.exe
C:\WINDOWS\system32\devldr32.exe
C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
c:\programas\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programas\Internet Explorer\iexplore.exe
c:\programas\avira\antivir personaledition classic\avscan.exe
C:\Programas\uTorrent\uTorrent.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Programas\DAP\DAP.EXE
C:\Programas\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\David Francisco\Os meus documentos\My Completed Downloads\HiJackThis\HijackThis.exe
C:\Documents and Settings\David Francisco\Os meus documentos\My Completed Downloads\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programa Auxiliar de Início de Sessão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programas\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Programas\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programas\DAP\DAP.EXE" /STARTUP
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Programas\Xfire\Xfire.exe
O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1237930319378
O20 - AppInit_DLLs: TeknoGods.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Serviço Google Update (gupdate1c9b29c7ee47134) (gupdate1c9b29c7ee47134) - Google Inc. - C:\Programas\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programas\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 7033 bytes

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 AM

Posted 19 April 2009 - 11:28 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 S1Lv3R_Sh4rK

S1Lv3R_Sh4rK
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 28 April 2009 - 02:31 PM

Well about now the computer doesnt freeze after 2/3 hours running, and i can already acess AVG website, but while i'm gaming the game freezes...
Ex: Running BattleField 2 and WMP at the same time, i have about 20/30 FPS in-game and the game has a little fps drop after some time...

OTListIt2 Log:

OTListIt logfile created on: 28-04-2009 19:52:16 - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\David Francisco\Os meus documentos\My Completed Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

2,00 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,49% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,68% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas
Drive C: | 57,51 Gb Total Space | 23,85 Gb Free Space | 41,47% Space Free | Partition Type: NTFS
Drive D: | 298,02 Gb Total Space | 57,95 Gb Free Space | 19,45% Space Free | Partition Type: FAT32
Drive E: | 57,51 Gb Total Space | 44,27 Gb Free Space | 76,97% Space Free | Partition Type: NTFS
Drive F: | 3,94 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVIDSECRET
Current User Name: David Francisco
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008-04-14 17:09:47 | 01,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009-04-01 08:35:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Programas\Google\Update\GoogleUpdate.exe
PRC - [2009-03-09 06:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jusched.exe
PRC - [2008-06-12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2008-04-14 17:09:55 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Programas\Messenger\msmsgs.exe
PRC - [2001-11-20 17:41:10 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2009-03-09 06:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jqs.exe
PRC - [2009-02-18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009-03-31 22:49:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009-04-19 20:36:47 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009-02-06 18:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Live\Contacts\wlcomm.exe
PRC - [2009-02-06 19:50:38 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Live\Messenger\msnmsgr.exe
PRC - [2009-02-04 16:35:50 | 01,015,296 | ---- | M] () -- D:\Programas\Rockstar Games\GTA San Andreas\samp.exe
PRC - [2009-03-24 23:14:48 | 02,811,392 | ---- | M] (SpeedBit Ltd.) -- C:\Programas\DAP\DAP.EXE
PRC - [2009-02-28 05:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Programas\Internet Explorer\iexplore.exe
PRC - [2009-04-28 19:43:33 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Francisco\Os meus documentos\My Completed Downloads\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004-10-22 14:42:44 | 00,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Programas\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService [Auto | Stopped])
SRV - [2008-10-15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008-10-15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008-07-25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008-07-25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-07-29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009-04-01 08:35:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Programas\Google\Update\GoogleUpdate.exe -- (gupdate1c9b29c7ee47134 [Auto | Stopped])
SRV - [2009-04-01 08:34:49 | 00,183,280 | ---- | M] (Google) -- C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008-04-14 17:09:23 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-03-09 06:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programas\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008-07-29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-02-18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009-03-31 22:49:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
SRV - [2009-04-19 20:36:47 | 00,189,072 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
SRV - [2007-01-05 21:08:02 | 00,915,968 | ---- | M] (Microsoft Corporation) -- C:\Programas\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004-07-27 12:20:46 | 00,028,205 | ---- | M] (Alpha Networks Inc.) -- C:\WINDOWS\system32\ANIO.SYS -- (ANIO [Auto | Running])
DRV - [2007-02-27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008-05-20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Programas\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008-10-30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001-08-17 20:19:20 | 00,003,712 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\ctljystk.sys -- (ctljystk [On_Demand | Running])
DRV - [2001-08-17 20:19:26 | 00,283,904 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k [On_Demand | Running])
DRV - [2001-08-17 20:19:28 | 00,006,912 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1 [On_Demand | Running])
DRV - [2008-04-13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2009-04-27 18:48:36 | 00,018,704 | ---- | M] () -- C:\Documents and Settings\David Francisco\Definições locais\Temp\XMZE5.tmp -- (GarenaPEngine [On_Demand | Stopped])
DRV - [2009-04-09 00:08:43 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2009-02-18 15:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004-09-21 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005-06-04 21:07:56 | 00,319,104 | ---- | M] (Ralink Technology Inc.) -- C:\WINDOWS\system32\DRIVERS\RT61.sys -- (RT61 [On_Demand | Running])
DRV - [2007-11-13 11:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2001-08-17 20:19:34 | 00,036,480 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman [On_Demand | Running])
DRV - [2009-03-24 23:30:04 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2007-03-01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2003-05-14 13:42:50 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV - [2003-05-14 13:42:56 | 00,021,216 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Stopped])
DRV - [2003-05-14 13:42:58 | 00,013,920 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmHidLo.sys -- (WmHidLo [On_Demand | Stopped])
DRV - [2003-05-14 13:42:48 | 00,005,728 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV - [2003-05-14 13:42:44 | 00,044,288 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57989841-1614895754-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-57989841-1614895754-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/is&api/redir....d=iear=iesearch
IE - HKU\S-1-5-21-57989841-1614895754-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
IE - HKU\S-1-5-21-57989841-1614895754-725345543-1003\S-1-5-21-57989841-1614895754-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.pt"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:8.6.7.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.9

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Components: C:\PROGRAMAS\MOZILLA FIREFOX\COMPONENTS [2009-04-25 10:11:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.9\extensions\\Plugins: C:\PROGRAMAS\MOZILLA FIREFOX\PLUGINS [2009-04-23 23:12:50 | 00,000,000 | ---D | M]

[2009-04-18 21:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Francisco\Application Data\mozilla\Extensions
[2009-04-18 21:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Francisco\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-03-26 20:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Francisco\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009-04-18 21:25:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David Francisco\Application Data\mozilla\Firefox\Profiles\8ypheix0.default\extensions
[2009-04-18 21:24:55 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions
[2009-04-22 18:34:20 | 00,000,000 | ---D | M] -- C:\Programas\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-04-22 18:34:12 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Programas\mozilla firefox\components\browserdirprovider.dll
[2009-04-22 18:34:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Programas\mozilla firefox\components\brwsrcmp.dll
[2007-11-07 23:02:16 | 00,001,525 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008-04-16 05:08:20 | 00,001,706 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\google.xml
[2007-11-07 23:02:16 | 00,001,529 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\priberam.xml
[2007-11-07 23:02:16 | 00,002,071 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\sapo.xml
[2008-04-12 15:58:30 | 00,000,942 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\wikipedia-ptpt.xml
[2007-11-07 23:02:16 | 00,000,648 | ---- | M] () -- C:\Programas\mozilla firefox\searchplugins\yahoo-br.xml

O1 HOSTS File: (808 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Programa Auxiliar de Início de Sessão do Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programas\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programas\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Programas\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-57989841-1614895754-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programas\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-57989841-1614895754-725345543-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programas\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Programas\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programas\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Programas\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [Advanced SystemCare 3] "C:\Programas\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [DAEMON Tools Lite] "C:\Programas\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [DownloadAccelerator] "C:\Programas\DAP\DAP.EXE" /STARTUP (SpeedBit Ltd.)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [MSMSGS] "C:\Programas\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [msnmsgr] "C:\Programas\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1614895754-725345543-1003..\Run: [Steam] "D:\Programas\Steam\Steam.exe" -silent (Valve Corporation)
O4 - Startup: C:\Documents and Settings\David Francisco\Menu Iniciar\Programas\Arranque\Xfire.lnk = C:\Programas\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1614895754-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1614895754-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Clean Traces - C:\Programas\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Programas\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Programas\DAP\dapextie2.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-57989841-1614895754-725345543-1003\..Trusted Domains: 8 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1237930319378 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programas\Ficheiros comuns\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programas\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (TeknoGods.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (A minha home page actual) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-03-24 22:11:23 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005-02-25 18:24:46 | 00,000,051 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{34c63c13-2159-11de-ae23-00179a75348b}\Shell - "" = AutoRun
O33 - MountPoints2\{7aa27774-26cd-11de-ae2f-00179a75348b}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009-04-27 17:26:04 | 00,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\GTA San Andreas.lnk
[2009-04-26 17:15:46 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Play BF2 SF Online Now!.lnk
[2009-04-26 17:15:46 | 00,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield 2 Special Forces.lnk
[2009-04-26 12:54:46 | 00,000,551 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009-04-26 12:54:00 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield Vietnam.lnk
[2009-04-26 11:51:06 | 00,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Play BF2 Online Now!.lnk
[2009-04-26 11:51:06 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield 2.lnk
[2009-04-26 11:48:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\Battlefield 2
[2009-04-26 01:56:51 | 00,000,000 | ---D | C] -- C:\Programas\emote
[2009-04-25 18:30:03 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Team Fortress 2.lnk
[2009-04-25 10:06:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\Leadertech
[2009-04-25 01:57:21 | 00,098,274 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\BATTLEFIELD.ULTIMATE.COLLECTION.INTERNAL- TorrentLeech.torrent
[2009-04-25 00:46:12 | 00,001,445 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Day of Defeat Source.lnk
[2009-04-25 00:46:12 | 00,001,443 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Counter-Strike Source.lnk
[2009-04-25 00:28:54 | 00,000,367 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Steam.lnk
[2009-04-24 21:14:49 | 00,000,000 | ---D | C] -- C:\Program Files
[2009-04-24 18:09:45 | 00,015,441 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\[psy] Team Fortress 2 Full game v-1.0.5.2.torrent
[2009-04-24 17:35:51 | 00,021,519 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Delta.Force.Pack.iNT.torrent
[2009-04-24 15:48:05 | 00,018,730 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Demigod-RADIANCE.torrent
[2009-04-24 15:47:02 | 00,001,758 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\ratiomaster.config
[2009-04-24 15:46:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\Torrents Config
[2009-04-24 15:40:15 | 00,294,912 | ---- | C] (www.moofdev.net) -- C:\Documents and Settings\David Francisco\Os meus documentos\RatioMaster.exe
[2009-04-24 15:40:15 | 00,000,931 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\BitTyrant_1.1.client
[2009-04-24 15:40:15 | 00,000,896 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Azureus_3050.client
[2009-04-24 15:40:15 | 00,000,834 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Vuze_4104.client
[2009-04-24 15:40:15 | 00,000,796 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\BitComet0103.client
[2009-04-24 15:40:15 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\bitlord_1.1.client
[2009-04-24 15:40:15 | 00,000,718 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.8.2_build(14458).client
[2009-04-24 15:40:15 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.8.2_build(14153).client
[2009-04-24 15:40:15 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.8_(build_11813).client
[2009-04-24 15:40:15 | 00,000,685 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.8.1_(build_12616).client
[2009-04-24 15:40:15 | 00,000,681 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.8.1_(build_12639).client
[2009-04-24 15:40:15 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\utorrent_1.7.7_build_(8179).client
[2009-04-24 15:40:15 | 00,000,663 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\BitTorrent 6.0.3 (8642).client
[2009-04-24 15:40:15 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\burst_310b.client
[2009-04-24 15:40:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\lng
[2009-04-23 23:12:19 | 00,000,000 | ---D | C] -- C:\Programas\QuickTime
[2009-04-23 23:12:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009-04-23 23:12:08 | 00,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-23 23:12:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Apple
[2009-04-23 23:12:06 | 00,000,000 | ---D | C] -- C:\Programas\Apple Software Update
[2009-04-23 23:12:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009-04-23 23:12:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Apple Computer
[2009-04-21 23:16:44 | 00,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2009-04-21 23:16:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009-04-21 18:40:47 | 00,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Logitech
[2009-04-21 18:40:42 | 00,000,000 | ---D | C] -- C:\Programas\Logitech
[2009-04-21 18:06:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009-04-20 17:41:03 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\LEFT 4 DEAD.lnk
[2009-04-20 17:40:15 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009-04-20 17:40:15 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009-04-20 17:40:15 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009-04-20 17:40:14 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009-04-20 17:40:14 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009-04-20 17:40:14 | 00,069,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009-04-20 17:40:13 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2009-04-20 17:40:13 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2009-04-20 17:40:13 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009-04-20 17:40:12 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2009-04-20 17:40:12 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2009-04-20 17:40:12 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2009-04-20 17:40:11 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2009-04-20 17:40:11 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2009-04-20 17:40:10 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2009-04-20 17:40:10 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2009-04-20 17:40:09 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2009-04-20 17:40:04 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2009-04-20 17:40:04 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2009-04-20 17:39:52 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2009-04-19 23:45:46 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009-04-19 23:45:46 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009-04-19 23:44:56 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009-04-19 23:44:55 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009-04-19 23:44:55 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009-04-19 23:44:55 | 00,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009-04-19 23:44:55 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009-04-19 23:44:54 | 00,737,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009-04-19 23:44:54 | 00,732,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009-04-19 23:44:54 | 00,684,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009-04-19 23:44:54 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009-04-18 21:25:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009-04-18 21:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Mozilla
[2009-04-18 21:24:52 | 00,000,000 | ---D | C] -- C:\Programas\Mozilla Firefox
[2009-04-18 13:08:42 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-04-18 13:08:42 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-04-18 13:08:42 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-04-18 13:08:40 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-04-18 13:08:39 | 00,000,000 | ---D | C] -- C:\Programas\Avira
[2009-04-18 13:08:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-04-18 12:23:23 | 00,000,000 | ---D | C] -- C:\Programas\IObit
[2009-04-18 12:23:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\IObit
[2009-04-18 12:12:50 | 00,000,000 | ---D | C] -- C:\Programas\MSXML 4.0
[2009-04-18 12:10:27 | 00,000,000 | ---D | C] -- C:\Programas\AVG
[2009-04-18 00:56:45 | 00,000,682 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\KMPlayer.lnk
[2009-04-18 00:56:38 | 00,000,000 | ---D | C] -- C:\Programas\The KMPlayer
[2009-04-16 19:51:42 | 00,000,000 | ---D | C] -- C:\Programas\Valve
[2009-04-14 22:18:02 | 00,201,109 | ---- | C] () -- C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe
[2009-04-14 22:17:59 | 00,000,000 | ---D | C] -- C:\Programas\Ficheiros comuns\Thraex Software
[2009-04-14 22:16:38 | 00,001,605 | ---- | C] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Counter Strike 1.6 Non Steam.lnk
[2009-04-14 17:35:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Identities
[2009-04-14 03:19:32 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-04-13 18:32:10 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009-04-13 13:26:50 | 00,000,000 | ---D | C] -- C:\Programas\Kaspersky Lab
[2009-04-13 02:54:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009-04-13 02:54:38 | 00,000,000 | ---D | C] -- C:\Programas\Security Task Manager
[2009-04-12 21:59:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Wheelman
[2009-04-12 21:59:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\PC
[2009-04-12 00:15:02 | 00,000,000 | ---D | C] -- C:\Programas\Steam
[2009-04-11 21:13:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\THQ
[2009-04-11 13:51:45 | 00,200,704 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\vbalExpBar6.ocx
[2009-04-11 13:51:45 | 00,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL
[2009-04-11 13:51:44 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll
[2009-04-11 13:51:44 | 01,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll
[2009-04-11 13:51:44 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomctl.ocx
[2009-04-11 13:51:44 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009-04-11 13:51:44 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll
[2009-04-11 13:51:44 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2009-04-11 13:51:44 | 00,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009-04-11 13:51:44 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009-04-11 13:51:44 | 00,152,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2009-04-11 13:51:44 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCMCFR.DLL
[2009-04-11 13:51:44 | 00,119,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6FR.DLL
[2009-04-11 13:51:44 | 00,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009-04-11 13:51:44 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msinet.OCX
[2009-04-11 13:51:44 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2009-04-11 13:51:44 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2009-04-11 13:51:44 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009-04-11 13:51:44 | 00,040,960 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSubTmr6.dll
[2009-04-11 13:51:44 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGFR.DLL
[2009-04-11 13:51:44 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetfr.DLL
[2009-04-11 13:51:43 | 00,000,000 | ---D | C] -- C:\Programas\Free Easy Burner
[2009-04-09 23:42:30 | 00,000,000 | ---D | C] -- C:\Programas\Algodoo Phun Edition
[2009-04-09 21:16:14 | 00,000,000 | ---D | C] -- C:\Programas\VDMSound
[2009-04-09 14:44:43 | 00,000,000 | ---D | C] -- C:\Programas\EA GAMES
[2009-04-08 13:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\GTA San Andreas User Files
[2009-04-08 12:02:23 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\uranus.txd
[2009-04-08 12:02:18 | 00,229,376 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\uranus.dff
[2009-04-06 06:25:19 | 00,018,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009-04-06 02:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\Rockstar Games
[2009-04-06 01:49:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Rockstar Games
[2009-04-06 01:44:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009-04-06 01:44:51 | 00,000,000 | ---D | C] -- C:\Programas\Microsoft Games for Windows - LIVE
[2009-04-06 01:42:11 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Grand Theft Auto IV.lnk
[2009-04-06 00:14:47 | 00,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Rockstar Games Social Club.lnk
[2009-04-05 17:58:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\CoD4_Trn
[2009-04-05 14:18:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\Thinstall
[2009-04-05 12:39:18 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009-04-05 12:37:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009-04-05 12:29:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009-04-05 12:29:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009-04-05 12:27:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009-04-05 12:23:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009-04-05 12:20:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009-04-03 01:28:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-04-01 20:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\WMTools Downloaded Files
[2009-04-01 19:56:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\Mis descargas de MassTube
[2009-04-01 19:55:51 | 00,000,000 | ---D | C] -- C:\Programas\MassTube
[2009-04-01 19:55:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\MassTube
[2009-04-01 19:06:02 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009-04-01 10:36:46 | 00,122,913 | ---- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\KcF.jpg
[2009-04-01 10:36:35 | 00,009,216 | -HS- | C] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Thumbs.db
[2009-04-01 10:20:33 | 00,000,000 | ---D | C] -- C:\Programas\Paint.NET
[2009-04-01 10:20:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Paint.NET
[2009-04-01 08:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\Google
[2009-04-01 08:35:57 | 00,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-04-01 08:35:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\Google
[2009-04-01 08:34:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009-04-01 08:34:51 | 00,000,952 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-04-01 08:34:49 | 00,000,000 | ---D | C] -- C:\Programas\Google
[2009-04-01 02:21:50 | 00,000,000 | ---D | C] -- C:\Programas\Garena
[2009-04-01 01:04:08 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2009-04-01 01:04:08 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2009-04-01 01:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2009-04-01 01:04:08 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2009-04-01 01:04:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2009-04-01 01:04:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2009-04-01 01:04:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2009-04-01 01:04:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2009-04-01 01:04:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2009-04-01 01:04:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2009-04-01 01:04:08 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2009-03-31 22:42:55 | 00,000,000 | ---D | C] -- C:\Programas\GameSpy Arcade
[2009-03-31 21:23:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\My Games
[2009-03-31 21:22:30 | 00,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009-03-31 12:38:55 | 01,089,883 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009-03-30 23:38:51 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009-03-30 23:35:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009-03-30 23:35:12 | 00,000,000 | ---D | C] -- C:\Programas\MSBuild
[2009-03-30 23:35:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009-03-30 23:35:03 | 00,000,000 | ---D | C] -- C:\Programas\Reference Assemblies
[2009-03-30 23:33:50 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009-03-30 23:33:50 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsshhdr.dll
[2009-03-30 23:33:50 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009-03-30 23:33:50 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009-03-30 23:33:50 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009-03-30 23:33:49 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009-03-30 23:33:49 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009-03-30 23:32:53 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009-03-30 23:32:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009-03-30 23:31:27 | 00,000,000 | ---D | C] -- C:\Programas\MSXML 6.0
[2009-03-30 23:23:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009-03-30 23:20:54 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009-03-30 23:20:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009-03-30 23:20:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009-03-30 23:17:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009-03-30 23:15:57 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2009-03-30 23:15:56 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2009-03-30 23:15:56 | 01,036,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2009-03-30 23:15:56 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2009-03-30 23:15:56 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2009-03-30 23:15:56 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009-03-30 23:15:55 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2009-03-30 23:15:54 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2009-03-30 23:15:52 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2009-03-30 23:15:39 | 00,016,896 | ---- | C] () -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-30 18:50:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\Downloads
[2009-03-30 18:45:52 | 00,000,000 | ---D | C] -- C:\Programas\uTorrent
[2009-03-30 18:45:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\uTorrent
[2009-03-30 00:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\teamspeak2
[2009-03-30 00:11:31 | 00,034,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm
[2009-03-30 00:11:28 | 00,000,000 | ---D | C] -- C:\Programas\Teamspeak2_RC2
[2009-03-29 23:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Os meus documentos\GSC
[2009-03-29 23:56:06 | 00,000,000 | ---D | C] -- C:\Programas\GSC
[2009-03-29 23:52:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David Francisco\Application Data\GSC
[2009-03-26 19:09:19 | 00,000,311 | ---- | C] () -- C:\WINDOWS\game.ini
[2009-03-24 23:54:51 | 00,138,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-03-24 23:30:04 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009-03-24 22:18:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009-02-18 15:44:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009-02-18 15:44:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009-02-18 15:44:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009-02-18 15:44:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008-10-28 17:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004-09-21 13:00:00 | 00,000,507 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-09-21 13:00:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009-04-28 17:10:02 | 00,000,952 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009-04-28 17:09:41 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009-04-28 17:09:38 | 00,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009-04-28 17:09:31 | 00,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009-04-28 17:09:30 | 00,002,262 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-04-28 17:09:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-04-28 17:09:29 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-04-27 17:26:04 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\GTA San Andreas.lnk
[2009-04-27 00:00:52 | 12,317,924 | -H-- | M] () -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\IconCache.db
[2009-04-26 17:15:46 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Play BF2 SF Online Now!.lnk
[2009-04-26 17:15:46 | 00,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield 2 Special Forces.lnk
[2009-04-26 12:54:46 | 00,000,551 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2009-04-26 12:54:00 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield Vietnam.lnk
[2009-04-26 11:51:06 | 00,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Play BF2 Online Now!.lnk
[2009-04-26 11:51:06 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Battlefield 2.lnk
[2009-04-25 21:43:58 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-04-25 18:30:03 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Team Fortress 2.lnk
[2009-04-25 01:57:23 | 00,098,274 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\BATTLEFIELD.ULTIMATE.COLLECTION.INTERNAL- TorrentLeech.torrent
[2009-04-25 00:46:12 | 00,001,445 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Day of Defeat Source.lnk
[2009-04-25 00:46:12 | 00,001,443 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Counter-Strike Source.lnk
[2009-04-25 00:28:54 | 00,000,367 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Steam.lnk
[2009-04-24 18:09:45 | 00,015,441 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\[psy] Team Fortress 2 Full game v-1.0.5.2.torrent
[2009-04-24 17:35:51 | 00,021,519 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Delta.Force.Pack.iNT.torrent
[2009-04-24 15:48:36 | 00,001,758 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\ratiomaster.config
[2009-04-24 15:48:05 | 00,018,730 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Demigod-RADIANCE.torrent
[2009-04-23 23:12:08 | 00,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-04-20 17:41:03 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\LEFT 4 DEAD.lnk
[2009-04-20 00:17:42 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009-04-19 20:36:47 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2009-04-19 20:36:47 | 00,189,072 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009-04-19 19:51:04 | 00,138,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009-04-19 12:17:21 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009-04-19 12:15:19 | 00,022,328 | ---- | M] () -- C:\Documents and Settings\David Francisco\Application Data\PnkBstrK.sys
[2009-04-19 12:14:53 | 02,250,024 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2009-04-18 21:25:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009-04-18 00:56:45 | 00,000,682 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\KMPlayer.lnk
[2009-04-16 21:25:56 | 00,294,912 | ---- | M] (www.moofdev.net) -- C:\Documents and Settings\David Francisco\Os meus documentos\RatioMaster.exe
[2009-04-14 22:18:02 | 00,201,109 | ---- | M] () -- C:\WINDOWS\ADDONS SITECS (NONSTEAM) Uninstaller.exe
[2009-04-14 22:16:38 | 00,001,605 | ---- | M] () -- C:\Documents and Settings\David Francisco\Ambiente de trabalho\Counter Strike 1.6 Non Steam.lnk
[2009-04-14 22:07:45 | 01,084,206 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-04-14 22:07:45 | 00,488,282 | ---- | M] () -- C:\WINDOWS\System32\perfh016.dat
[2009-04-14 22:07:45 | 00,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-04-14 22:07:45 | 00,082,788 | ---- | M] () -- C:\WINDOWS\System32\perfc016.dat
[2009-04-14 22:07:45 | 00,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-04-14 03:19:32 | 00,041,808 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009-04-09 00:08:43 | 00,017,480 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009-04-08 12:02:23 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\uranus.txd
[2009-04-08 12:02:18 | 00,229,376 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\uranus.dff
[2009-04-06 15:57:24 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-04-06 01:42:11 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Grand Theft Auto IV.lnk
[2009-04-06 00:14:47 | 00,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Ambiente de trabalho\Rockstar Games Social Club.lnk
[2009-04-05 12:39:03 | 00,017,368 | ---- | M] () -- C:\Documents and Settings\David Francisco\Definições locais\Application Data\GDIPFONTCACHEV1.DAT
[2009-04-05 12:36:59 | 00,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-04-05 12:25:13 | 00,251,120 | RHS- | M] () -- C:\ntldr
[2009-04-01 10:36:46 | 00,122,913 | ---- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\KcF.jpg
[2009-04-01 10:36:35 | 00,009,216 | -HS- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\Thumbs.db
[2009-03-31 22:49:55 | 00,075,064 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009-03-30 23:43:27 | 00,000,092 | -HS- | M] () -- C:\Documents and Settings\David Francisco\Os meus documentos\desktop.ini
[2009-03-30 00:11:31 | 00,034,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\lhacm.acm

========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
< End of report >


-------------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER Log:
-------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-28 20:34:09
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT spys.sys ZwCreateKey [0xB9EA80E0]
SSDT B2D3BFF4 ZwCreateThread
SSDT spys.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spys.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spys.sys ZwOpenKey [0xB9EA80C0]
SSDT B2D3BFE0 ZwOpenProcess
SSDT B2D3BFE5 ZwOpenThread
SSDT spys.sys ZwQueryKey [0xB9EC7108]
SSDT spys.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spys.sys ZwSetValueKey [0xB9EC719A]
SSDT B2D3BFEF ZwTerminateProcess
SSDT B2D3BFEA ZwWriteVirtualMemory

INT 0x62 ? 89E55BF8
INT 0x63 ? 89E55BF8
INT 0x73 ? 89C68F00
INT 0x94 ? 89C68F00
INT 0xA4 ? 89C68F00
INT 0xB4 ? 89C68F00

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 3018 805048B4 4 Bytes JMP E8B2D3BF
? spys.sys O sistema não conseguiu localizar o ficheiro especificado. !
.text USBPORT.SYS!DllUnload B92D38AC 5 Bytes JMP 89C684E0
.text aih6kq04.SYS B9185386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aih6kq04.SYS B91853AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aih6kq04.SYS B91853C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text aih6kq04.SYS B91853C9 1 Byte [2E]
.text aih6kq04.SYS B91853C9 11 Bytes [2E, 00, 00, 00, 5C, 02, 00, ...] {ADD CS:[EAX], AL; ADD [EDX+EAX+0x0], BL; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 448EF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 44A81777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 44A816F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 44A8173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 44A81684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 44A816BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 44A817B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Internet Explorer\iexplore.exe[1488] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 449116B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 28001E20 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 28001C60 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 28001BE0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 28001EE0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 28001CF0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 28001F50 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 28001840 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 28001D80 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] ADVAPI32.dll!CryptDeriveKey 77DB9FFD 7 Bytes JMP 28001000 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 28001060 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!GetWindowLongW 7E3988A6 7 Bytes JMP 280069E0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!PeekMessageW 7E39929B 5 Bytes JMP 280045B0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!SetWindowPlacement 7E39DE46 5 Bytes JMP 28005D80 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!CreateDialogParamW 7E39EA3B 5 Bytes JMP 28006000 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!LoadImageW 7E3A7B97 5 Bytes JMP 28006650 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 28003C70 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!SetWindowRgn 7E3AE528 7 Bytes JMP 28005EC0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!LoadIconW 7E3AE8BC 5 Bytes JMP 28006840 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 280061F0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] USER32.dll!TrackPopupMenuEx 7E3ECF62 5 Bytes JMP 28004E90 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 2800B5E0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WS2_32.dll!send 71A54C27 5 Bytes JMP 2800B1C0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WS2_32.dll!WSARecv 71A54CB5 5 Bytes JMP 2800AFA0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WS2_32.dll!recv 71A5676F 5 Bytes JMP 2800AE00 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WS2_32.dll!WSASend 71A568FA 5 Bytes JMP 2800B3A0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] SHELL32.dll!Shell_NotifyIconW 7E70A5BF 5 Bytes JMP 280033D0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] ole32.dll!CoInitializeEx 774CEF7B 5 Bytes JMP 28002260 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 28002600 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] ole32.dll!CoRegisterClassObject 774E7E90 5 Bytes JMP 28002360 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WININET.dll!InternetCloseHandle 445FDA59 5 Bytes JMP 2800A000 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WININET.dll!HttpOpenRequestA 44604321 5 Bytes JMP 28009CC0 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WININET.dll!InternetReadFile 4460ABB4 5 Bytes JMP 28009E50 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programas\Windows Live\Messenger\msnmsgr.exe[2352] WININET.dll!HttpSendRequestA 4460CD40 5 Bytes JMP 28009F30 C:\Programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spys.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spys.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spys.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spys.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spys.sys
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\aih6kq04.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spys.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] 00EFBFC0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetCommandLineA] 00EFC560
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 00EFC230
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentVariableA] 00EF9CA0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] 00EFA3F0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetACP] 00EFC570
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStrings] 00EF9E00
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitProcess] 00EF9F00
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ExitThread] 00EFA070
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00EFC4C0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00EFC470
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00EF86C0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00EF9920
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00EFB230
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00EF9B90
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00EF99A0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00EFA830
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00EFC170
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00EFC1B0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00EFC550
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00EFC030
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00EFB190
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00EFA150
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00EF9B00
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00EF9E80
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00EFCAD0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00EFAB80
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00EFAFF0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00EFB6B0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00EFB440
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00EFB630
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00EFBB10
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00EFB820
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00EF9A70
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00EFA000
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00EFC290
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00EFB580
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00EFB130
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00EFAFB0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00EFB340
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00EFC570
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00EFB380
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 00EFC810
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00EFC7B0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 00EFCA00
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00EFCAA0
IAT C:\Programas\DAP\DAP.EXE[2436] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 00EFC8D0

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89E541F8
Device \FileSystem\Fastfat \FatCdrom 89B961F8
Device \Driver\PCI_PNP0516 \Device\00000043 spys.sys
Device \Driver\usbuhci \Device\USBPDO-0 89C67500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DE31F8
Device \Driver\dmio \Device\DmControl\DmConfig 89DE31F8
Device \Driver\dmio \Device\DmControl\DmPnP 89DE31F8
Device \Driver\dmio \Device\DmControl\DmInfo 89DE31F8
Device \Driver\usbuhci \Device\USBPDO-1 89C67500
Device \Driver\NetBT \Device\NetBT_Tcpip_{D0EFB104-09B7-4F05-A237-03C9AF61F6B8} 89B171F8
Device \Driver\usbuhci \Device\USBPDO-2 89C67500
Device \Driver\usbuhci \Device\USBPDO-3 89C67500
Device \Driver\usbehci \Device\USBPDO-4 89C2F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89E561F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89E561F8
Device \Driver\Cdrom \Device\CdRom0 89C01498
Device \Driver\Ftdisk \Device\HarddiskVolume3 89E561F8
Device \Driver\Cdrom \Device\CdRom1 89C01498
Device \Driver\usbstor \Device\00000073 897821F8
Device \Driver\usbstor \Device\00000076 897821F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89B171F8
Device \Driver\NetBT \Device\NetbiosSmb 89B171F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{7896BD07-998A-4C67-8063-53769029C140} 89B171F8
Device \Driver\usbuhci \Device\USBFDO-0 89C67500
Device \Driver\usbuhci \Device\USBFDO-1 89C67500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899D3500
Device \Driver\usbuhci \Device\USBFDO-2 89C67500
Device \Driver\sptd \Device\1947464266 spys.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector 899D3500
Device \Driver\usbuhci \Device\USBFDO-3 89C67500
Device \Driver\usbehci \Device\USBFDO-4 89C2F1F8
Device \Driver\Ftdisk \Device\FtControl 89E561F8
Device \Driver\aih6kq04 \Device\Scsi\aih6kq041Port4Path0Target0Lun0 89BF81F8
Device \Driver\aih6kq04 \Device\Scsi\aih6kq041 89BF81F8
Device \FileSystem\Fastfat \Fat 89B961F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 896EE500

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] rmvetocz <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@DisplayName Microsoft Support
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz@Description Permite que um computador identifique e se adapte a altera??es de hardware com pouca ou nenhuma interactividade do utilizador. A paragem ou desactiva??o deste servi?o resultar? na instabilidade do sistema.
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\rmvetocz\Parameters@ServiceDll C:\WINDOWS\system32\xshyjrfs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE4 0xF7 0xD1 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0x3F 0xF4 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x9D 0xA1 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE4 0xF7 0xD1 0xBC ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0x3F 0xF4 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x26 0x81 0xEF 0xE4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@DisplayName Microsoft Support
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@Type 32
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@Start 2
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@ImagePath %SystemRoot%\system32\svchost.exe -k netsvcs
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz@Description Permite que um computador identifique e se adapte a altera??es de hardware com pouca ou nenhuma interactividade do utilizador. A paragem ou desactiva??o deste servi?o resultar? na instabilidade do sistema.
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz\Parameters
Reg HKLM\SYSTEM\ControlSet003\Services\rmvetocz\Parameters@ServiceDll C:\WINDOWS\system32\xshyjrfs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programas\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE4 0xF7 0xD1 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x53 0x3F 0xF4 0xBB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE6 0x9D 0xA1 0x10 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\config\SOFTWARE.LOG (size mismatch) 12288/1024 bytes

---- EOF - GMER 1.0.15 ----

Thnx For the Help, Btw...

Edited by S1Lv3R_Sh4rK, 28 April 2009 - 02:36 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 AM

Posted 28 April 2009 - 04:46 PM

Doesn't sound like malware to me, but let's run a scan and see what turns up.

Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 S1Lv3R_Sh4rK

S1Lv3R_Sh4rK
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 29 April 2009 - 01:05 PM

Damn it must be a HDD problem, i'm thinking in buying a 1TB hard drive cuz one time i accidentally hited my computer with my knee on the HDD place :S

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 AM

Posted 29 April 2009 - 02:21 PM

Did you run the virus scan?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:06 AM

Posted 24 May 2009 - 10:47 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users