Pronto Mr Wolf,
demorou mas saiu!
E aí Mestre, será que temos chance de remover?
demorou mas saiu!
SDFix: Version 1.240
Run by Pedro on sex 01/05/2009 at 02:34
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpF.tmp - Deleted
C:\WINDOWS\csrss.exe - Deleted
Removing Temp Files
ADS Check :
C:\WINDOWS
:0BA97ACCC81B6BC7 24
Total size: 24 bytes.
WINDOWS: deleted 24 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 02:47:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:ec2f7bba
"s1"=dword:6d056a47
"s2"=dword:980ee038
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs]
"CTE_32 Name"="2454892:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}\Version 1.1]
"dat"="806585365:{7B580B85-93B3-3A19-DAE6-BC5540E3071F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install\xga-1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install\xga-1\dat]
"default"="516231575:{83E883D0-0F3E-27F9-5B89-F036E22BC242}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}\Version 3.x]
"dat"="1767914624:{56553F38-8585-EE5B-28E2-485C8166DF67}"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\DreaMule\\emule.exe"="C:\\Arquivos de programas\\DreaMule\\emule.exe:*:Enabled
reamule"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*
isabled:Compartilhamento de aplicativo RTC"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"="C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
xpsp2res.dll,-22019"
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 15 Dec 2008 36,096 ..SHR --- "C:\WINDOWS\system32\drive21.sys"
Fri 12 Dec 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 28 Feb 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Apr 2009 1,514,272 ..SHR --- "C:\WINDOWS\system32\7225D3\FDF101.EXE"
Fri 20 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Jan 2009 34,816 ...H. --- "C:\Documents and Settings\Pedro\Dados de aplicativos\Microsoft\Word\~WRL0004.tmp"
Finished!
Run by Pedro on sex 01/05/2009 at 02:34
Microsoft Windows XP [versÆo 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
Trojan Files Found:
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Pedro\CONFIG~1\Temp\tmpF.tmp - Deleted
C:\WINDOWS\csrss.exe - Deleted
Removing Temp Files
ADS Check :
C:\WINDOWS
:0BA97ACCC81B6BC7 24
Total size: 24 bytes.
WINDOWS: deleted 24 bytes in 1 streams.
Checking for remaining Streams
C:\WINDOWS
No streams found.
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 02:47:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:ec2f7bba
"s1"=dword:6d056a47
"s2"=dword:980ee038
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:24,e7,6d,d9,0e,37,5a,8c,a3,3a,ce,bc,d0,e4,f8,60,cd,ef,1b,a2,0c,..
"p0"="C:\Arquivos de programas\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a8,e4,72,f1,19,74,50,cd,30,c2,ad,1e,4c,92,25,cb,ae,..
"khjeh"=hex:3f,8a,4d,ef,0a,89,c8,85,6f,59,1f,03,69,7c,8e,31,7e,2c,62,6c,8e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:5c,5e,6c,46,1e,ca,9f,6e,4c,f9,31,30,7a,96,d6,1d,d4,03,ca,96,1d,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\{8AC25C6A-D4B3-FF2F-2A61-C75CA1DB6116}\Install\VxDs]
"CTE_32 Name"="2454892:{301564B2-67A6-1A66-9C4E-A1FE91DE9752}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}\Version 1.1]
"dat"="806585365:{7B580B85-93B3-3A19-DAE6-BC5540E3071F}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install\xga-1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3433EFFB-D52A-DCD3-08C5-13C866A21837}\Install\xga-1\dat]
"default"="516231575:{83E883D0-0F3E-27F9-5B89-F036E22BC242}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Install VBX\Current\Install\xga-1-{7D4173F1-55F5-0F5D-0EE2-8E03738B530C}\Version 3.x]
"dat"="1767914624:{56553F38-8585-EE5B-28E2-485C8166DF67}"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
"C:\\Arquivos de programas\\DreaMule\\emule.exe"="C:\\Arquivos de programas\\DreaMule\\emule.exe:*:Enabled
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE"="C:\\Arquivos de programas\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"="C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe"="C:\\Arquivos de programas\\Windows Live\\Sync\\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Arquivos de programas\Messenger\msmsgs.exe"
Mon 15 Dec 2008 36,096 ..SHR --- "C:\WINDOWS\system32\drive21.sys"
Fri 12 Dec 2008 2,516 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 28 Feb 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Apr 2009 1,514,272 ..SHR --- "C:\WINDOWS\system32\7225D3\FDF101.EXE"
Fri 20 Mar 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 14 Jan 2009 34,816 ...H. --- "C:\Documents and Settings\Pedro\Dados de aplicativos\Microsoft\Word\~WRL0004.tmp"
Finished!