Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
fkseki

Possível infecção - Trojan Crypt.Xpack

Recommended Posts

Olá pessoal,

O meu Avira acusou esse trojan Crypt.Xpack e tratou. Depois de reiniciar o computador, não apareceu mais nenhuma mensagem de nenhum malware/trojan mas como não sei se estou realmente livre, venho pedir a ajuda de vocês.

Obrigado

Seguem os logs:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Fabiano at 19:51:57,34 on 13/08/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1033.18.2046.1161 [GMT -3:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Users\Fabiano\AppData\Local\CrossLoop\CrossLoopService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Soluto\SolutoService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\DllHost.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\BOINC\boinctray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\BOINC\boincmgr.exe

C:\Program Files\BOINC\boinc.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Users\Fabiano\Programas\procexp.exe

C:\ProgramData\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_6.17_windows_intelx86

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Fabiano\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live

\WindowsLiveLogin.dll

BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\gbiehabn.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [Vista Services Optimizer] "c:\program files\vista services optimizer\QuickControl.exe"

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_Plugin.exe -update plugin

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer

\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\gbiehabn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\fabiano\appdata\roaming\mozilla\firefox\profiles\o0kmh0an.default\

FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

FF - component: c:\users\fabiano\appdata\roaming\mozilla\firefox\profiles\o0kmh0an.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components

\GbMzhAbn.dll

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\users\fabiano\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\users\fabiano\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\users\fabiano\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\fabiano\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\windows\system32\wat\npWatWeb.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name",

"chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description",

"chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-9 11608]

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-12 142592]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-9 108289]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-9 185089]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-9 56816]

R2 CrossLoopService;CrossLoop Service;c:\users\fabiano\appdata\local\crossloop\CrossLoopService.exe [2010-8-3 560848]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-12 1153368]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-23 339008]

R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-4-26 17280]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-24 179656]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-26 14216]

S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-26 8456]

S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 232832]

S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 uvnc_service;uvnc_service;c:\users\fabiano\appdata\local\crossloop\winvnc.exe [2010-8-3 1587352]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-22 1343400]

=============== Created Last 30 ================

2010-08-13 02:39:58 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-08-13 02:39:58 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-08-13 02:39:51 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-08-13 02:39:50 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-13 02:39:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-08-13 02:39:45 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-13 02:38:11 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-08-13 02:38:07 1233920 ----a-w- c:\windows\system32\msxml3.dll

2010-08-13 02:37:34 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-13 02:37:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-13 02:35:59 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-09 00:36:22 0 d-----w- c:\program files\Vista Services Optimizer

2010-08-09 00:34:37 0 d-----w- c:\users\fabiano\appdata\roaming\Smart PC Utilities

2010-08-08 23:58:28 0 d-----w- c:\users\fabiano\appdata\roaming\IrfanView

2010-08-08 23:58:26 0 d-----w- c:\program files\IrfanView

2010-08-04 00:34:21 0 d-----w- c:\users\fabiano\appdata\roaming\UltraVNC

2010-08-02 05:28:47 0 d-----w- c:\program files\SpeedFan

2010-08-02 05:28:31 45 ----a-w- c:\windows\system32\initdebug.nfo

2010-08-02 04:53:38 0 d-----w- c:\program files\WinDirStat

2010-07-28 04:25:47 0 d-----w- c:\users\fabiano\appdata\roaming\PrimoPDF

2010-07-28 04:24:58 176235 ----a-w- c:\windows\system32\Primomonnt.dll

2010-07-28 04:24:55 0 d-----w- c:\program files\Nitro PDF

2010-07-27 16:02:55 0 d-----w- c:\users\fabiano\appdata\roaming\Qualys

2010-07-27 03:40:20 0 d-----w- c:\users\fabiano\appdata\roaming\ManyCam

2010-07-27 03:40:11 0 d-----w- c:\program files\ManyCam

==================== Find3M ====================

2010-07-13 03:23:02 59746 ----a-w- c:\windows\hpqins11.dat

2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-23 15:05:30 179656 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys

2010-06-21 00:38:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll

2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2010-01-25 00:30:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

2009-12-14 18:06:29 16384 --sha-w- c:\windows\temp\cookies\index.dat

2009-12-14 18:06:29 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

2009-12-14 18:06:29 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c

\WinMail.exe

============= FINISH: 19:53:06,80 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume3

Install Date: 07/09/2009 18:14:57

System Uptime: 13/08/2010 10:23:13 (9 hours ago)

Motherboard: Dell Inc. | | 0WY040

Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 136 GiB total, 22,168 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 6,004 GiB free.

E: is CDROM ()

G: is CDROM ()

H: is CDROM ()

J: is FIXED (NTFS) - 496 GiB total, 269,73 GiB free.

==== Disabled Device Manager Items =============

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Service:

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C089\7&272FF243&0&0023457DFE57_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C089\7&272FF243&0&0023457DFE57_C00000000

Service:

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Service:

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

Service:

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

Service:

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

Service:

==== System Restore Points ===================

RP193: 05/08/2010 11:54:50 - Windows Update

RP194: 08/08/2010 21:36:41 - Installed Vista Services Optimizer

RP195: 12/08/2010 23:18:43 - Windows Update

RP196: 12/08/2010 23:37:43 - Windows Update

RP197: 13/08/2010 02:29:14 - Windows Update

==== Installed Programs ======================

32 Bit HP CIO Components Installer

Adobe Download Manager

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.3

Alien Swarm

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Aquaria

µTorrent

Avira AntiVir Personal - Free Antivirus

Bonjour

Broadcom 440x 10/100 Integrated Controller

BUFFALO TurboUSB for FLASH/HDD

Camtasia Studio 7

Counter-Strike: Source

CrossLoop 2.73

Dell Driver Download Manager

Dell Touchpad

Dell Webcam Center

Dell Webcam Manager

Digital Line Detect

EASEUS Partition Master 5.5.1 Home Edition

EnhanceMySe7en

FinanceDesktop

Glary Utilities 2.15.0.738

Google Chrome

Google Gears

Google Talk (remove only)

Google Talk Plugin

Google Update Helper

HijackThis 2.0.2

HyperCam 2

ImgBurn

IrfanView (remove only)

iTunes

K-Lite Mega Codec Pack 5.1.0

KeePass Password Safe 2.08

Laptop Integrated Webcam Driver (1.04.01.1011)

ManyCam 2.5.48 (remove only)

Media Go

Messenger Plus! Live

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.4

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

MoneyManagerEx 0.9.6.0

Mozilla Firefox (3.6.8)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyPhoneExplorer

Nero 7 Premium

neroxml

NVIDIA Drivers

NVIDIA PhysX

OpenMG Limited Patch 4.7-07-14-05-01

OpenMG Secure Module 4.7.00

Paint.NET v3.36

PokerStars

Portal

PrimoPDF -- brought to you by Nitro PDF Software

PSpice Student 9.1

QuickTime

Security Update for 2007 Microsoft Office System (KB2277947)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for 2007 Microsoft Office System (KB982312)

Security Update for 2007 Microsoft Office System (KB982331)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB982308)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office Outlook 2007 (KB980376)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office Publisher 2007 (KB982124)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2251419)

Skype Toolbars

Skype™ 4.2

Soluto

SonicStage 4.3

SpeedFan (remove only)

SpiderOak

Spybot - Search & Destroy

Spyware Terminator

Steam

TeraCopy 2.12

Unity Web Player

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Outlook 2007 Junk Email Filter (kb2279264)

Vista Services Optimizer

VLC media player 1.0.1

WBFS Manager 3.0

WinDirStat 1.1.2

Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Messenger

Windows Live Upload Tool

Windows Mobile Device Center

Windows Mobile Device Center Driver Update

Windows XP Mode

WinRAR archiver

WinSCP 4.1.9

World Community Grid - BOINC for Windows

==== Event Viewer Messages From Past Week ========

12/08/2010 23:43:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.87.1764.0).

12/08/2010 23:31:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.87.1528.0).

11/08/2010 03:05:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.

09/08/2010 01:06:27, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.

08/08/2010 19:04:14, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

08/08/2010 16:54:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR5.

08/08/2010 15:16:36, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

06/08/2010 22:28:53, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-13 20:45:53

Windows 6.1.7600

Running: gmer.exe; Driver: C:\Users\Fabiano\AppData\Local\Temp\uxdcyfow.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8E74188E]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8E7410EC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8E740DCE]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8E742938]

SSDT 81F592BC ZwCreateThread

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8E740ED8]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8E740FC2]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8E741BBC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8E7413F4]

SSDT 81F592A8 ZwOpenProcess

SSDT 81F592AD ZwOpenThread

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0x8E741526]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8E740BFC]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8E741B04]

SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8E74170C]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C24AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C24104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C243F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0D2D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0C898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C241DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C24958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C246F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C24F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C251A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C84599 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82CB07C8 4 Bytes [8E, 18, 74, 8E] {MOV DS, [EAX]; JZ 0xffffffffffffff92}

.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82CB0808 4 Bytes [EC, 10, 74, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 308 82CB0818 4 Bytes [CE, 0D, 74, 8E]

.text ntkrnlpa.exe!RtlSidHashLookup + 340 82CB0850 4 Bytes [38, 29, 74, 8E] {CMP [ECX], CH; JZ 0xffffffffffffff92}

.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CB085C 4 Bytes [bC, 92, F5, 81]

.text ...

? System32\Drivers\spmf.sys The system cannot find the path specified. !

.text USBPORT.SYS!DllUnload 8FDD9CA0 5 Bytes JMP 867F51D8

.text a1xgxqjl.SYS 90772000 12 Bytes [44, F8, C0, 82, EE, F6, C0, ...]

.text a1xgxqjl.SYS 9077200D 9 Bytes [D7, C0, 82, 48, FB, C0, 82, ...]

.text a1xgxqjl.SYS 90772017 170 Bytes [00, DE, 57, D3, 88, E6, 55, ...]

.text a1xgxqjl.SYS 907720C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text a1xgxqjl.SYS 907720CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}

.text ...

.text azalu6jo.SYS 907A9000 12 Bytes [44, F8, C0, 82, EE, F6, C0, ...]

.text azalu6jo.SYS 907A900D 9 Bytes [D7, C0, 82, 48, FB, C0, 82, ...]

.text azalu6jo.SYS 907A9017 170 Bytes [00, DE, 57, D3, 88, E6, 55, ...]

.text azalu6jo.SYS 907A90C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}

.text azalu6jo.SYS 907A90CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}

.text ...

.text peauth.sys 9F6E8C9D 28 Bytes [9E, 9A, 0D, 04, 03, 04, E6, ...]

.text peauth.sys 9F6E8CC1 28 Bytes [9E, 9A, 0D, 04, 03, 04, E6, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88C39042] \SystemRoot\System32\Drivers\spmf.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88C396D6] \SystemRoot\System32\Drivers\spmf.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88C39800] \SystemRoot\System32\Drivers\spmf.sys

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88C3913E] \SystemRoot\System32\Drivers\spmf.sys

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortNotification] 000003E3

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortQuerySystemTime] 8B24568B

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortReadPortUchar] 50522046

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortStallExecution] FFED23E8

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortWritePortUchar] 08C483FF

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortWritePortUlong] 0874FF85

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortGetPhysicalAddress] FF53006A

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 08C483D7

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortGetScatterGatherList] 81107D8B

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortGetParentBusType] 0003E5FF

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortRequestCallback] 0F840F00

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 81000001

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0003E3FF

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortCompleteRequest] EC840F00

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortCopyMemory] 8B000000

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortEtwTraceLog] 0001F88E

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] FC8E0B00

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 0F000001

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 0000DA84

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortReadPortBufferUshort] ECF2E800

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortInitialize] 8E8BFFFF

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortGetDeviceBase] 000001F8

IAT \SystemRoot\System32\Drivers\a1xgxqjl.SYS[ataport.SYS!AtaPortDeviceStateChange] 01E08E01

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortNotification] 00147880

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortStallExecution] C25DC033

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortInitialize] 157B805E

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500

IAT \SystemRoot\System32\Drivers\azalu6jo.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[1916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75D85E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[1916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75D85E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[1916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75D85E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\System32\rundll32.exe[1916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75D85E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73642494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73625624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [736256E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7364250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73638573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73634D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [736350CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [736351A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [736366D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [736382CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73638819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7363907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7363E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[3892] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73634C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 850781F8

Device \FileSystem\fastfat \FatCdrom 9939A500

Device \Driver\USBSTOR \Device\0000009c 868E5500

Device \Driver\USBSTOR \Device\0000009d 868E5500

Device \Driver\sptd \Device\2956442674 spmf.sys

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\sptd \Device\2956286673 spmf.sys

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl 850731F8

Device \Driver\NetBT \Device\NetBT_Tcpip_{CBD40CD7-EB62-407D-886F-9F8AD6B5683C} 866AC430

Device \Driver\usbuhci \Device\USBPDO-0 867F71F8

Device \FileSystem\fastfat \Fat 9939A500

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@0023457dfe57 0x4A 0x70 0xA1 0x39 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@0018960a026c 0x84 0xCA 0x00 0x7E ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@00242cbb0919 0x6D 0xFE 0xB0 0x71 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB5 0x4A 0xEA 0x85 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0xC9 0x71 0x2B ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0xD6 0x42 0x0A ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x92 0x78 0xD7 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xB2 0xBE 0x57 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x83 0xCF 0x7A ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@0023457dfe57 0x4A 0x70 0xA1 0x39 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@0018960a026c 0x84 0xCA 0x00 0x7E ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@00242cbb0919 0x6D 0xFE 0xB0 0x71 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB5 0x4A 0xEA 0x85 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0xC9 0x71 0x2B ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0xD6 0x42 0x0A ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x92 0x78 0xD7 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xB2 0xBE 0x57 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x83 0xCF 0x7A ...

---- EOF - GMER 1.0.15 ----

Editado por fkseki

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Como assim, data atualizada? Todos logs foram gerados logo antes da postagem..

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Seguem os novos logs:

    DDS (Ver_10-03-17.01) - NTFSx86

    Run by Fabiano at 10:53:02,23 on 16/08/2010

    Internet Explorer: 8.0.7600.16385

    Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1033.18.2046.924 [GMT -3:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Avira\AntiVir Desktop\sched.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe

    C:\Users\Fabiano\AppData\Local\CrossLoop\CrossLoopService.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Soluto\SolutoService.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

    C:\Windows\system32\svchost.exe -k bthsvcs

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Windows\system32\taskhost.exe

    C:\Program Files\Soluto\soluto.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\svchost.exe -k WindowsMobile

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\System32\rundll32.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\BOINC\boinctray.exe

    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Program Files\uTorrent\uTorrent.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\system32\taskeng.exe

    C:\Users\Fabiano\AppData\Local\Google\Update\GoogleUpdate.exe

    C:\Users\Fabiano\AppData\Local\Google\Chrome\Application\chrome.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Users\Fabiano\Desktop\dds.scr

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: GbIehObj Class: {c41a1c0e-ea6c-11d4-b1b8-444553540007} - c:\windows\downloaded program files\gbiehabn.dll

    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

    {555d4d79-4bd2-4094-a395-cfc534424a05}

    uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

    uRun: [Vista Services Optimizer] "c:\program files\vista services optimizer\QuickControl.exe"

    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

    mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.euro.dell.com/systemprofiler/SysProExe.CAB

    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

    DPF: {E37CB5F0-51F5-4395-A808-5FA49E399007} - hxxps://wwws.realsecureweb.com.br/mpr/plugin/Cab/GbPluginABN.cab

    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    SEH: GbPluginObj Class: {e37cb5f0-51f5-4395-a808-5fa49e399007} - c:\windows\downloaded program files\gbiehabn.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\fabiano\appdata\roaming\mozilla\firefox\profiles\o0kmh0an.default\

    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll

    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll

    FF - component: c:\users\fabiano\appdata\roaming\mozilla\firefox\profiles\o0kmh0an.default\extensions\{87f8774f-b485-47e2-a755-a40a8a5e8874}\components\GbMzhAbn.dll

    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll

    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

    FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

    FF - plugin: c:\program files\microsoft\office live\npOLW.dll

    FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll

    FF - plugin: c:\users\fabiano\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll

    FF - plugin: c:\users\fabiano\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll

    FF - plugin: c:\users\fabiano\appdata\roaming\mozilla\plugins\npgoogletalk.dll

    FF - plugin: c:\users\fabiano\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

    FF - plugin: c:\windows\system32\wat\npWatWeb.dll

    ---- FIREFOX POLICIES ----

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-24 179656]

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-9-9 11608]

    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-12 142592]

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-9-9 108289]

    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-9-9 185089]

    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-9 56816]

    R2 CrossLoopService;CrossLoop Service;c:\users\fabiano\appdata\local\crossloop\CrossLoopService.exe [2010-8-3 560848]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-12 1153368]

    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-23 339008]

    R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-4-26 17280]

    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-26 14216]

    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-26 8456]

    S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-9-24 232832]

    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-9 133104]

    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

    S3 uvnc_service;uvnc_service;c:\users\fabiano\appdata\local\crossloop\winvnc.exe [2010-8-3 1587352]

    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-22 1343400]

    =============== Created Last 30 ================

    2010-08-13 02:39:58 82944 ----a-w- c:\windows\system32\iccvid.dll

    2010-08-13 02:39:58 197632 ----a-w- c:\windows\system32\ir32_32.dll

    2010-08-13 02:39:51 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

    2010-08-13 02:39:50 310784 ----a-w- c:\windows\system32\drivers\srv.sys

    2010-08-13 02:39:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

    2010-08-13 02:39:45 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

    2010-08-13 02:38:11 37376 ----a-w- c:\windows\system32\rtutils.dll

    2010-08-13 02:38:07 1233920 ----a-w- c:\windows\system32\msxml3.dll

    2010-08-13 02:37:34 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2010-08-13 02:37:33 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

    2010-08-13 02:35:59 2326016 ----a-w- c:\windows\system32\win32k.sys

    2010-08-09 00:36:22 0 d-----w- c:\program files\Vista Services Optimizer

    2010-08-09 00:34:37 0 d-----w- c:\users\fabiano\appdata\roaming\Smart PC Utilities

    2010-08-08 23:58:28 0 d-----w- c:\users\fabiano\appdata\roaming\IrfanView

    2010-08-08 23:58:26 0 d-----w- c:\program files\IrfanView

    2010-08-04 00:34:21 0 d-----w- c:\users\fabiano\appdata\roaming\UltraVNC

    2010-08-02 05:28:47 0 d-----w- c:\program files\SpeedFan

    2010-08-02 05:28:31 45 ----a-w- c:\windows\system32\initdebug.nfo

    2010-08-02 04:53:38 0 d-----w- c:\program files\WinDirStat

    2010-07-28 04:25:47 0 d-----w- c:\users\fabiano\appdata\roaming\PrimoPDF

    2010-07-28 04:24:58 176235 ----a-w- c:\windows\system32\Primomonnt.dll

    2010-07-28 04:24:55 0 d-----w- c:\program files\Nitro PDF

    2010-07-27 16:02:55 0 d-----w- c:\users\fabiano\appdata\roaming\Qualys

    2010-07-27 03:40:20 0 d-----w- c:\users\fabiano\appdata\roaming\ManyCam

    2010-07-27 03:40:11 0 d-----w- c:\program files\ManyCam

    ==================== Find3M ====================

    2010-07-13 03:23:02 59746 ----a-w- c:\windows\hpqins11.dat

    2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll

    2010-06-23 15:05:30 179656 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys

    2010-06-21 00:38:59 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

    2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll

    2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll

    2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll

    2010-05-21 17:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

    2010-01-25 00:30:15 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

    2009-12-14 18:06:29 16384 --sha-w- c:\windows\temp\cookies\index.dat

    2009-12-14 18:06:29 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat

    2009-12-14 18:06:29 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

    ============= FINISH: 10:54:55,77 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows 7 Professional

    Boot Device: \Device\HarddiskVolume3

    Install Date: 07/09/2009 18:14:57

    System Uptime: 16/08/2010 07:43:28 (3 hours ago)

    Motherboard: Dell Inc. | | 0WY040

    Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 1180/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 136 GiB total, 22,568 GiB free.

    D: is FIXED (NTFS) - 10 GiB total, 6,004 GiB free.

    E: is CDROM ()

    G: is CDROM ()

    H: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Service:

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C089\7&272FF243&0&0023457DFE57_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00000000_PID&C089\7&272FF243&0&0023457DFE57_C00000000

    Service:

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Service:

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{0000111E-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

    Service:

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&0018960A026C_C00000000

    Service:

    Class GUID:

    Description: Bluetooth Peripheral Device

    Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Manufacturer:

    Name: Bluetooth Peripheral Device

    PNP Device ID: BTHENUM\{00001108-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&272FF243&0&00242CBB0919_C00000000

    Service:

    ==== System Restore Points ===================

    RP193: 05/08/2010 11:54:50 - Windows Update

    RP194: 08/08/2010 21:36:41 - Installed Vista Services Optimizer

    RP195: 12/08/2010 23:18:43 - Windows Update

    RP196: 12/08/2010 23:37:43 - Windows Update

    RP197: 13/08/2010 02:29:14 - Windows Update

    RP198: 13/08/2010 21:18:28 - Windows Update

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer

    Adobe Download Manager

    Adobe Flash Player 10 ActiveX

    Adobe Flash Player 10 Plugin

    Adobe Reader 9.3.3

    Alien Swarm

    Apple Application Support

    Apple Mobile Device Support

    Apple Software Update

    Aquaria

    µTorrent

    Avira AntiVir Personal - Free Antivirus

    Bonjour

    Broadcom 440x 10/100 Integrated Controller

    BUFFALO TurboUSB for FLASH/HDD

    Camtasia Studio 7

    Counter-Strike: Source

    CrossLoop 2.73

    Dell Driver Download Manager

    Dell Touchpad

    Dell Webcam Center

    Dell Webcam Manager

    Digital Line Detect

    EASEUS Partition Master 5.5.1 Home Edition

    EnhanceMySe7en

    Glary Utilities 2.15.0.738

    Google Chrome

    Google Gears

    Google Talk (remove only)

    Google Talk Plugin

    Google Update Helper

    HijackThis 2.0.2

    HyperCam 2

    ImgBurn

    IrfanView (remove only)

    iTunes

    K-Lite Mega Codec Pack 5.1.0

    KeePass Password Safe 2.08

    Laptop Integrated Webcam Driver (1.04.01.1011)

    ManyCam 2.5.48 (remove only)

    Media Go

    Messenger Plus! Live

    Microsoft Application Error Reporting

    Microsoft Choice Guard

    Microsoft Office 2007 Service Pack 2 (SP2)

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office Live Add-in 1.4

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Silverlight

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    MoneyManagerEx 0.9.6.0

    Mozilla Firefox (3.6.8)

    MSVCRT

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MyPhoneExplorer

    Nero 7 Premium

    neroxml

    NVIDIA Drivers

    NVIDIA PhysX

    OpenMG Limited Patch 4.7-07-14-05-01

    OpenMG Secure Module 4.7.00

    Paint.NET v3.36

    PokerStars

    Portal

    PrimoPDF -- brought to you by Nitro PDF Software

    QuickTime

    Security Update for 2007 Microsoft Office System (KB2277947)

    Security Update for 2007 Microsoft Office System (KB969559)

    Security Update for 2007 Microsoft Office System (KB976321)

    Security Update for 2007 Microsoft Office System (KB982312)

    Security Update for 2007 Microsoft Office System (KB982331)

    Security Update for Microsoft Office Access 2007 (KB979440)

    Security Update for Microsoft Office Excel 2007 (KB982308)

    Security Update for Microsoft Office InfoPath 2007 (KB979441)

    Security Update for Microsoft Office Outlook 2007 (KB980376)

    Security Update for Microsoft Office PowerPoint 2007 (KB982158)

    Security Update for Microsoft Office Publisher 2007 (KB982124)

    Security Update for Microsoft Office system 2007 (972581)

    Security Update for Microsoft Office system 2007 (KB974234)

    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

    Security Update for Microsoft Office Word 2007 (KB2251419)

    Skype Toolbars

    Skype™ 4.2

    Soluto

    SonicStage 4.3

    SpeedFan (remove only)

    SpiderOak

    Spybot - Search & Destroy

    Spyware Terminator

    Steam

    TeraCopy 2.12

    Unity Web Player

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft Office 2007 Help for Common Features (KB963673)

    Update for Microsoft Office Access 2007 Help (KB963663)

    Update for Microsoft Office Excel 2007 Help (KB963678)

    Update for Microsoft Office Infopath 2007 Help (KB963662)

    Update for Microsoft Office OneNote 2007 (KB980729)

    Update for Microsoft Office OneNote 2007 Help (KB963670)

    Update for Microsoft Office Outlook 2007 Help (KB963677)

    Update for Microsoft Office Powerpoint 2007 Help (KB963669)

    Update for Microsoft Office Publisher 2007 Help (KB963667)

    Update for Microsoft Office Script Editor Help (KB963671)

    Update for Microsoft Office Word 2007 Help (KB963665)

    Update for Outlook 2007 Junk Email Filter (kb2279264)

    Vista Services Optimizer

    VLC media player 1.0.1

    WBFS Manager 3.0

    WinDirStat 1.1.2

    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)

    Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)

    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)

    Windows Live Call

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live ID Sign-in Assistant

    Windows Live Messenger

    Windows Live Upload Tool

    Windows Mobile Device Center

    Windows Mobile Device Center Driver Update

    Windows XP Mode

    WinRAR archiver

    WinSCP 4.1.9

    World Community Grid - BOINC for Windows

    ==== Event Viewer Messages From Past Week ========

    13/08/2010 20:52:34, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x00000003, 0x869e0030, 0x869e019c, 0x82e69dd0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081310-28516-01.

    12/08/2010 23:43:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.87.1764.0).

    12/08/2010 23:31:16, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.87.1528.0).

    11/08/2010 03:05:28, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.

    09/08/2010 01:06:27, Error: Service Control Manager [7023] - The System Event Notification Service service terminated with the following error: Overlapped I/O operation is in progress.

    ==== End Of File ===========================

    GMER 1.0.15.15281 - http://www.gmer.net

    Rootkit scan 2010-08-16 11:42:45

    Windows 6.1.7600

    Running: gmer.exe; Driver: C:\Users\Fabiano\AppData\Local\Temp\uxdcyfow.sys

    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201BAF8

    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B104

    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B3F4

    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 820042D8

    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82003898

    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B1DC

    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B958

    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201B6F8

    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201BF2C

    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8201C1A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8207B599 1 Byte [06]

    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8209FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74322494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74305624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743056E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7432250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74318573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74314D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743150CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743151A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743166D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743182CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74318819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7431907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7431E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    IAT C:\Windows\Explorer.EXE[1156] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74314C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \FileSystem\fastfat \Fat 8CF9B130

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@0023457dfe57 0x4A 0x70 0xA1 0x39 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@0018960a026c 0x84 0xCA 0x00 0x7E ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019860023c0@00242cbb0919 0x6D 0xFE 0xB0 0x71 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB5 0x4A 0xEA 0x85 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0xC9 0x71 0x2B ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0xD6 0x42 0x0A ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x92 0x78 0xD7 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xB2 0xBE 0x57 ...

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x83 0xCF 0x7A ...

    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@0023457dfe57 0x4A 0x70 0xA1 0x39 ...

    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@0018960a026c 0x84 0xCA 0x00 0x7E ...

    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019860023c0@00242cbb0919 0x6D 0xFE 0xB0 0x71 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xB5 0x4A 0xEA 0x85 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x47 0xC9 0x71 0x2B ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x94 0xD6 0x42 0x0A ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xA0 0x92 0x78 0xD7 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x96 0xB2 0xBE 0x57 ...

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x59 0x83 0xCF 0x7A ...

    ---- EOF - GMER 1.0.15 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro fkseki

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

    Por favor, atente para o seguinte:

    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    • Sempre coloque suas respostas neste tópico... Não abra outro!
    • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

    Temporariamente desative seu antivirus!

    Acesse o site do Kaspersky OnLine

    • Clique no botão Accept
    • Na janela que aparecer clique em Run
    • Será iniciado o download de instalação e depois as atualizações;
    • Clique no botão Settings
    • Verifique se as opções abaixo estejam marcadas:
      1. Spyware, Adware, Dialers, and other potentially dangerous programs
      2. Archives
      3. Mail databases

      [*]Clique em My Computer e depois em Save para começar o scan;

      [*]Uma vez completo, clique em View Scan Report;

      [*]Clique em Save Resport As...

      [*]Escolha um local, nome e salve;

      [*]Copie e cole todo o conteúdo em sua próxima resposta.

    Para um melhor entendimento clique no link abaixo e veja a animação:

    http://d.imagehost.org/0688/kaspersky.gif

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá, segue o log do kaspersky, após 6hrs de scan... Oo

    --------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER 7.0: scan report

    Tuesday, August 17, 2010

    Operating system: Microsoft Professional (build 7600)

    Kaspersky Online Scanner version: 7.0.26.13

    Last database update: Tuesday, August 17, 2010 05:00:23

    Records in database: 4135703

    --------------------------------------------------------------------------------

    Scan settings:

    scan using the following database: extended

    Scan archives: yes

    Scan e-mail databases: yes

    Scan area - My Computer:

    C:\

    D:\

    E:\

    F:\

    G:\

    H:\

    J:\

    Scan statistics:

    Objects scanned: 175074

    Threats found: 1

    Infected objects found: 2

    Suspicious objects found: 0

    Scan duration: 05:56:34

    File name / Threat / Threats count

    C:\Users\Fabiano\AppData\Local\CrossLoop\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.gc 1

    J:\DATA\Backup\ProgramasInstalados\CrossLoopSetup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.gc 1

    Selected area has been scanned.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro fkseki

    Vamos fazer mais um scan :)

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Não achou nada nesse scan..

    Malwarebytes' Anti-Malware 1.46

    www.malwarebytes.org

    Database version: 4445

    Windows 6.1.7600

    Internet Explorer 8.0.7600.16385

    18/08/2010 11:05:27

    mbam-log-2010-08-18 (11-05-27).txt

    Scan type: Quick scan

    Objects scanned: 156020

    Time elapsed: 9 minute(s), 35 second(s)

    Memory Processes Infected: 0

    Memory Modules Infected: 0

    Registry Keys Infected: 0

    Registry Values Infected: 0

    Registry Data Items Infected: 0

    Folders Infected: 0

    Files Infected: 0

    Memory Processes Infected:

    (No malicious items detected)

    Memory Modules Infected:

    (No malicious items detected)

    Registry Keys Infected:

    (No malicious items detected)

    Registry Values Infected:

    (No malicious items detected)

    Registry Data Items Infected:

    (No malicious items detected)

    Folders Infected:

    (No malicious items detected)

    Files Infected:

    (No malicious items detected)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro fkseki

    Log limpo :)

    # Etapa nº 1 #

    Faça download do OTC by OldTimer e salve em seu desktop.

    • Clique duas vezes no ícone 4142006426_4719050954_o.gif
    • Clique em executar;
    • Clique em seu único botão (imagem abaixo):
      4141259853_5a542d5908_o.jpg
    • Permita que seu computador seja reiniciado.

    # Etapa nº 2 #

    <<@>> Instale o CCleaner

    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


    • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    • Abra o programa e clique em Executar Limpeza;
    • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
      Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×