thiagodiniz

Cannot remove multiple viruses

Recommended Posts

Here are the logs.

a-squared Free - Versão 4.5
Última atualização 2/10/2009 18:08:35

Configurações da análise:

Scan type: deep
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Desligado
Análise de ADS: Ligado

Início da análise:	2/10/2009 18:11:17

Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\Bifrost --> klg 	detectado: Trace.Registry.Bifrost!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost --> nck 	detectado: Trace.Registry.Bifrost!A2
c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\advanced virus remover.lnk 	detectado: Trace.File.Advanced Virus Remover 2009!A2
c:\documents and settings\administrador\menu iniciar\advanced virus remover.lnk 	detectado: Trace.File.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastD 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastScan 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastVFC 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> VirList 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
c:\windows\system32\bifrost 	detectado: Trace.Directory.maxx.d.free.fr!A2
c:\windows\system32\bifrost\klog.dat 	detectado: Trace.File.maxx.d.free.fr!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> winupdate.exe 	detectado: Trace.Registry.trucount3001.com!A2
c:\windows\system32\winupdate.exe 	detectado: Trace.File.AdvancedVirusRemover!A2
c:\documents and settings\administrador\desktop\advanced virus remover.lnk 	detectado: Trace.File.AdvancedVirusRemover!A2
Key: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\software\AVR 	detectado: Trace.Registry.AdvancedVirusRemover!A2
C:\Arquivos de programas\CyberScript32\CyberScript.exe 	detectado: Riskware.Client-IRC.Win32.mIRC!IK
C:\Arquivos de programas\NewBlue\3D Explosions for Vegas\Uninstal.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\Arquivos de programas\NewBlue\3D Transformations for Vegas\Uninstal.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\Arquivos de programas\NewBlue\Art Effects for Vegas\Uninstal.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\Arquivos de programas\NewBlue\Motion Effects for Vegas\Uninstal.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_by_Dota-Utilities.rar/dotahelper.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/BluSmash v1.0(1.22).exe 	detectado: BehavesLike!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/dotahelper.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/GarenaExtreme.exe 	detectado: MonitoringTool!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack_SPECIAL_EDITION__by_DotA-Utilities.rar/GarenaHack.exe.bak 	detectado: MonitoringTool!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/BluSmash v1.0(1.22).exe 	detectado: BehavesLike!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/dotahelper.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/Garena Mega Exp Hack.exe 	detectado: Trojan-Downloader.Win32.Banload!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/GarenaExtreme.exe 	detectado: MonitoringTool!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Garena_Hack__Updated__by_DotA-Utilities.rar/GarenaHack.exe.bak 	detectado: MonitoringTool!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\NewBlue_FX_pack.rar/NewBlueMotionBlendsVegasSetup20.exe 	detectado: Riskware.AdWare.Win32.EShoper!IK
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe 	detectado: Riskware.MultiKeygenPatch!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe 	detectado: Trojan-Downloader.Win32.Banload!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe 	detectado: Trojan-Spy.Win32.PcGhost!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP76\A0010957.exe 	detectado: Gen.Trojan!IK
C:\WINDOWS\system32\winupdate.exe 	detectado: Trojan-Downloader.Win32.FraudLoad!IK

Analisado

Arquivos: 	99250
Objetos: 	610667
Cookies: 	6
Processos: 	31

Encontrado

Arquivos: 	53
Objetos: 	14
Cookies: 	0
Processos: 	0
Chaves do registro: 	0

Fim da análise:	2/10/2009 19:13:07
Duração da análise:	1:01:50

 
************************************************************************************  
                                  ISeeYouXP v2.0 Beta 14  

                 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude 
                 ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan 
------------------------------------------------------------------------------------  
****  PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE  NOT  BADDIES!  **** 
  ****   PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.   **** 
************************************************************************************  

Windows/Browser/Java Versions: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Microsoft Windows XP Professional
Version:           5.1.2600
Service Pack:      2.0
Windows Directory: C:\WINDOWS
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Internet Explorer
Version:  8.0.6001.18702
Build:    86001
Language: Inglˆs (Estados Unidos)
Path:     C:\Arquivos de programas\Internet Explorer

Sun Microsystems Java Runtime 
Version: 1.6.0_16 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Boot State: Normal boot

Scan done at 19:16:34,73, sex 02/10/2009 

------------------------------------------------------------------------------------  

ISeeYouXP installation folder and files 

"C:\ISeeYouXP\"
bootst~1.vbs  28 May 2007         359  "bootstate.vbs"
change.log     8 Jun 2008        5012  "change.log"
chodefix.bat  18 Apr 2007        5387  "chodefix.bat"
fixchode.reg  18 Apr 2007         528  "fixChode.reg"
fixexp~1.bat  24 Feb 2007         487  "FixExplorerPolicies.bat"
getunk~1.bat  12 Aug 2006        1478  "GetUnKeys.bat"
grep.exe      24 Dec 2004      160768  "grep.exe"
hideit.bat    17 Oct 2007        1072  "HideIT.bat"
ieinfo.vbs    28 May 2007         514  "ieinfo.vbs"
iesecu~1.bat  28 Oct 2007          72  "IESecurityZones.bat"
iesecu~1.vbs   8 Nov 2007        2399  "IESecurityZones.vbs"
iseeyo~1.bat   8 Jun 2008      211377  "ISeeYouXP.bat"
libico~1.dll  16 Mar 2004      898048  "libiconv2.dll"
libintl3.dll   9 Oct 2004      101888  "libintl3.dll"
locate.com    14 Jan 2005       11254  "locate.com"
md5sum.exe     5 Aug 2007       49152  "md5sum.exe"
msconf~1.bat  24 Feb 2007         578  "MSConfigFix.bat"
osinfo.vbs    28 May 2007         598  "osinfo.vbs"
pcbutts.txt   25 Mar 2007        5167  "PCBUTTS.TXT"
pcre.dll      14 Nov 2004      183313  "pcre.dll"
pv.exe         3 Mar 2006       73728  "pv.exe"
regedi~1.bat  30 Mar 2007         650  "RegEditFix.bat"
regfix.bat    18 Apr 2007         145  "Regfix.bat"
servic~1.vbs  28 May 2007         672  "servicesinfo.vbs"
showit.bat    17 Oct 2007        1013  "ShowIT.bat"
swreg.exe      5 Apr 2007      139776  "swreg.exe"
system~1.bat  28 Feb 2007         369  "SystemRestoreFix.bat"
taskmg~1.bat  24 Feb 2007         288  "TaskMgrFix.bat"

28 items found:  28 files, 0 directories.
  Total of file sizes:  1.856.092 bytes      1,77 M

------------------------------------------------------------------------------------  

System Environment Variables  

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=LITE
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\LITE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
USERDOMAIN=LITE
USERNAME=Administrador
USERPROFILE=C:\Documents and Settings\Administrador
windir=C:\WINDOWS

------------------------------------------------------------------------------------ 

Showing any Pocket Killbox backup files 

No matches found.

------------------------------------------------------------------------------------ 

Displaying BOOT.INI: 

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

------------------------------------------------------------------------------------ 

Displaying SYSTEM.INI: 

; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON

------------------------------------------------------------------------------------ 

Displaying WIN.INI: 

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
wpl=MPEGVideo

------------------------------------------------------------------------------------ 

Displaying AUTOEXEC.BAT: 


------------------------------------------------------------------------------------ 

Displaying CONFIG.SYS: 


------------------------------------------------------------------------------------ 

Displaying Running Processes: 

 PROCESS            PID  PRIO     PATH 
smss.exe             580 Normal   C:\WINDOWS\System32\smss.exe 
csrss.exe            628 Normal   C:\WINDOWS\system32\csrss.exe 
winlogon.exe         668 High     C:\WINDOWS\system32\winlogon.exe 
services.exe         712 Normal   C:\WINDOWS\system32\services.exe 
lsass.exe            724 Normal   C:\WINDOWS\system32\lsass.exe 
GbpSv.exe            884 Normal   C:\ARQUIV~1\GbPlugin\GbpSv.exe 
svchost.exe          916 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe          984 Normal   C:\WINDOWS\system32\svchost.exe 
MsMpEng.exe         1080 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe 
svchost.exe         1120 Normal   C:\WINDOWS\System32\svchost.exe 
svchost.exe         1276 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe         1344 Normal   C:\WINDOWS\system32\svchost.exe 
Explorer.EXE        1496 Normal   C:\WINDOWS\Explorer.EXE 
spoolsv.exe         1596 Normal   C:\WINDOWS\system32\spoolsv.exe 
smax4pnp.exe        1832 Normal   C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe 
Smax4.exe           1952 Normal   C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe 
jusched.exe          428 Normal   C:\Arquivos de programas\Java\jre6\bin\jusched.exe 
ctfmon.exe          1384 Normal   C:\WINDOWS\system32\ctfmon.exe 
jqs.exe              912 Idle     C:\Arquivos de programas\Java\jre6\bin\jqs.exe 
nvsvc32.exe          284 Normal   C:\WINDOWS\system32\nvsvc32.exe 
OcHealthMon.exe     1828 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe 
msfwsvc.exe         1932 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe 
winss.exe            240 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe 
alg.exe             2344 Normal   C:\WINDOWS\System32\alg.exe 
winssnotify.exe     5308 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe 
a2service.exe       4532 Normal   C:\Arquivos de programas\a-squared Free\a2service.exe 
a2free.exe          6088 Normal   C:\Arquivos de programas\a-squared Free\a2free.exe 
msnmsgr.exe         2272 Normal   C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe 
wlcomm.exe          3456 Normal   C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe 
firefox.exe         3852 Normal   C:\Arquivos de programas\Mozilla Firefox\firefox.exe 
cmd.exe              972 Normal   C:\WINDOWS\system32\cmd.exe 
ntvdm.exe           3000 Normal   C:\WINDOWS\system32\ntvdm.exe 
wmiprvse.exe        2424 Normal   C:\WINDOWS\system32\wbem\wmiprvse.exe 
SkypeNames.exe      5220 Normal   C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe 
pv.exe              4936 Normal   C:\ISEEYO~1\pv.exe 

------------------------------------------------------------------------------------ 

Displaying Windows Services: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Name:           ALG
Display Name:   Servi‡o 'Gateway de camada de aplicativo'
  Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows.
  Path Name:   C:\WINDOWS\System32\alg.exe
  Start Mode:  Manual
  State:       Running

Name:           AppMgmt
Display Name:   Gerenciamento de aplicativo
  Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           aspnet_state
Display Name:   ASP.NET State Service
  Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  Start Mode:  Manual
  State:       Stopped

Name:           AudioSrv
Display Name:   µudio do Windows
  Description: Gerencia dispositivos de  udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de  udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           BITS
Display Name:   Servi‡o de transferˆncia inteligente de plano de fundo
  Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Browser
Display Name:   Localizador de computadores
  Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser  atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ClipSrv
Display Name:   µrea de armazenamento
  Description: Permite que o 'Visualizador da  rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da  rea de armazenamento' nÆo poder  compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\clipsrv.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           clr_optimization_v2.0.50727_32
Display Name:   .NET Runtime Optimization Service v2.0.50727_X86
  Description: Microsoft .NET Framework NGEN
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  Start Mode:  Manual
  State:       Stopped

Name:           COMSysApp
Display Name:   Aplicativo de sistema COM+
  Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar  adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar  ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Start Mode:  Manual
  State:       Stopped

Name:           CryptSvc
Display Name:   Servi‡os de criptografia
  Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           DcomLaunch
Display Name:   Inicializador de Processo de Servidor DCOM
  Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM.
  Path Name:   C:\WINDOWS\system32\svchost -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           Dhcp
Display Name:   Cliente DHCP
  Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           dmadmin
Display Name:   Servi‡o administrativo do gerenciador de disco l¢gico
  Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra.
  Path Name:   C:\WINDOWS\System32\dmadmin.exe /com
  Start Mode:  Manual
  State:       Stopped

Name:           dmserver
Display Name:   Gerenciador de discos l¢gicos
  Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Dnscache
Display Name:   Cliente DNS
  Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder  resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           ERSvc
Display Name:   Erro ao informar o servi‡o
  Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Eventlog
Display Name:   Log de eventos
  Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           EventSystem
Display Name:   Sistema de eventos COM+
  Description: D  suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser  fechado e nÆo poder  fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir  falhar ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           FastUserSwitchingCompatibility
Display Name:   Compatibilidade com 'Troca r pida de usu rio'
  Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           FontCache3.0.0.0
Display Name:   Windows Presentation Foundation Font Cache 3.0.0.0
  Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
  Path Name:   c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
  Start Mode:  Manual
  State:       Stopped

Name:           GbpSv
Display Name:   Gbp Service
  Description: Service for G-Buster Browser Defense
  Path Name:   C:\ARQUIV~1\GbPlugin\GbpSv.exe
  Start Mode:  Auto
  State:       Running

Name:           helpsvc
Display Name:   Ajuda e suporte
  Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar  dispon¡vel. Se esse servi‡o for desativado, haver  falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HidServ
Display Name:   HID Input Service
  Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HTTPFilter
Display Name:   HTTP SSL
  Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HTTPFilter
  Start Mode:  Manual
  State:       Stopped

Name:           idsvc
Display Name:   Windows CardSpace
  Description: Securely enables the creation, management, and disclosure of digital identities.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           JavaQuickStarterService
Display Name:   Java Quick Starter
  Description: Prefetches JRE files for faster startup of Java applets and applications
  Path Name:   "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf"
  Start Mode:  Auto
  State:       Running

Name:           lanmanserver
Display Name:   Servidor
  Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           lanmanworkstation
Display Name:   Esta‡Æo de trabalho
  Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           LmHosts
Display Name:   Auxiliar NetBIOS TCP/IP
  Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           MSDTC
Display Name:   Coordenador de transa‡äes distribu¡das
  Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. 
  Path Name:   C:\WINDOWS\system32\msdtc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           msfwsvc
Display Name:   OneCare Firewall
  Description: OneCare Firewall
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           MSIServer
Display Name:   Windows Installer
  Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\msiexec.exe /V
  Start Mode:  Manual
  State:       Stopped

Name:           NetDDE
Display Name:   DDE de rede
  Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           NetDDEdsdm
Display Name:   DSDM de DDE de rede
  Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. 
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           Netlogon
Display Name:   Logon de rede
  Description: D  suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Netman
Display Name:   Conexäes de rede
  Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           NetTcpPortSharing
Display Name:   Net.Tcp Port Sharing Service
  Description: Provides ability to share TCP ports over the net.tcp protocol.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
  Start Mode:  Disabled
  State:       Stopped

Name:           Nla
Display Name:   Reconhecimento de local da rede (NLA)
  Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           npggsvc
Display Name:   nProtect GameGuard Service
  Description: nProtect GameGuard Service
  Path Name:   C:\WINDOWS\system32\GameMon.des -service
  Start Mode:  Manual
  State:       Stopped

Name:           NtLmSsp
Display Name:   Fornecedor de suporte de seguran‡a NT LM
  Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           NtmsSvc
Display Name:   Armazenamento remov¡vel
  Description: 
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           NVSvc
Display Name:   NVIDIA Display Driver Service
  Description: Provides system and desktop level support to the NVIDIA display driver
  Path Name:   C:\WINDOWS\system32\nvsvc32.exe
  Start Mode:  Auto
  State:       Running

Name:           OcHealthMon
Display Name:   Windows Live OneCare Health Monitor
  Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped.
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe"
  Start Mode:  Auto
  State:       Running

Name:           OneCareMP
Display Name:   OneCare AntiSpyware and AntiVirus
  Description: Helps protect users from spyware and other potentially unwanted software
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
  Start Mode:  Auto
  State:       Running

Name:           PlugPlay
Display Name:   Plug and Play
  Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar  inst vel.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           PolicyAgent
Display Name:   Servi‡os IPSEC
  Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           ProtectedStorage
Display Name:   Armazenamento protegido
  Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           RasAuto
Display Name:   Gerenciador de conexÆo de acesso remoto autom tico
  Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           RasMan
Display Name:   Gerenciador de conexÆo de acesso remoto
  Description: Cria uma conexÆo de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           RDSessMgr
Display Name:   Gerenciador de sessÆo de ajuda de  rea de trabalho remota
  Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar  indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'.
  Path Name:   C:\WINDOWS\system32\sessmgr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RemoteAccess
Display Name:   Roteamento e acesso remoto
  Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           RemoteRegistry
Display Name:   Registro remoto
  Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder  ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           RpcLocator
Display Name:   Alocador Remote Procedure Call (RPC)
  Description: Gerencia o banco de dados do servi‡o de nomes RPC.
  Path Name:   C:\WINDOWS\system32\locator.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RpcSs
Display Name:   Chamada de procedimento remoto (RPC)
  Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados.
  Path Name:   C:\WINDOWS\system32\svchost -k rpcss
  Start Mode:  Auto
  State:       Running

Name:           RSVP
Display Name:   QoS RSVP
  Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle.
  Path Name:   C:\WINDOWS\system32\rsvp.exe
  Start Mode:  Manual
  State:       Stopped

Name:           SamSs
Display Name:   Gerenciador de contas de seguran‡a
  Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           SCardSvr
Display Name:   CartÆo inteligente
  Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder  ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\SCardSvr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Schedule
Display Name:   Agendador de tarefas
  Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           seclogon
Display Name:   Logon secund rio
  Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar  dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SENS
Display Name:   Notifica‡Æo de eventos de sistema
  Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia.  Notifica assinantes do Sistema de evento COM+ destes eventos.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SharedAccess
Display Name:   Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS)
  Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ShellHWDetection
Display Name:   Detec‡Æo do hardware do shell
  Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Spooler
Display Name:   Spooler de impressÆo
  Description: Carrega arquivos na mem¢ria para impressÆo posterior.
  Path Name:   C:\WINDOWS\system32\spoolsv.exe
  Start Mode:  Auto
  State:       Running

Name:           srservice
Display Name:   Servi‡o de restaura‡Æo do sistema
  Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades'
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SSDPSRV
Display Name:   Servi‡o de descoberta SSDP
  Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           stisvc
Display Name:   Assistente de aquisi‡Æo de imagens do Windows (WIA)
  Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras
  Path Name:   C:\WINDOWS\system32\svchost.exe -k imgsvc
  Start Mode:  Manual
  State:       Stopped

Name:           SwPrv
Display Name:   MS Software Shadow Copy Provider
  Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4}
  Start Mode:  Manual
  State:       Stopped

Name:           SysmonLog
Display Name:   Logs e alertas de desempenho
  Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\smlogsvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           TapiSrv
Display Name:   Telefonia
  Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           TermService
Display Name:   Servi‡os de terminal
  Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as  reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da  rea de trabalho remota (inclusive a  rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server.
  Path Name:   C:\WINDOWS\System32\svchost -k DComLaunch
  Start Mode:  Manual
  State:       Running

Name:           Themes
Display Name:   Temas
  Description: Fornece gerenciamento de temas para experiˆncia do usu rio.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           TlntSvr
Display Name:   Telnet
  Description: Permite que  um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder  nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\tlntsvr.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           TrkWks
Display Name:   Cliente de rastreamento de link distribu¡do
  Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           upnphost
Display Name:   Host de dispositivo Plug and Play universal
  Description: Oferece suporte para hospedar dispositivos Plug and Play universais.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Stopped

Name:           UPS
Display Name:   Sistema de alimenta‡Æo ininterrupta
  Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador.
  Path Name:   C:\WINDOWS\System32\ups.exe
  Start Mode:  Manual
  State:       Stopped

Name:           VSS
Display Name:   C¢pia de volume em mem¢ria
  Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\vssvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           W32Time
Display Name:   Hor rio do Windows
  Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar  dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados.

  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WebClient
Display Name:   Cliente da Web
  Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           winmgmt
Display Name:   Testador de instrumenta‡Æo de gerenciam. do Windows
  Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar  corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           winss
Display Name:   Windows Live OneCare
  Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats.
  Path Name:   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
  Start Mode:  Auto
  State:       Running

Name:           WmdmPmSN
Display Name:   Portable Media Serial Number Service
  Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Wmi
Display Name:   Extensäes de driver de instrum. gerenc. do Windows
  Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           WmiApSrv
Display Name:   Adaptador de desempenho WMI
  Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI.
  Path Name:   C:\WINDOWS\system32\wbem\wmiapsrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           WMPNetworkSvc
Display Name:   Servi‡o de Compartilhamento de Rede do Windows Media Player
  Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play
  Path Name:   "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           wuauserv
Display Name:   Atualiza‡äes Autom ticas
  Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser  capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WudfSvc
Display Name:   Windows Driver Foundation - User-mode Driver Framework
  Description: Manages user-mode driver host processes
  Path Name:   C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
  Start Mode:  Manual
  State:       Stopped

Name:           WZCSVC
Display Name:   Configura‡Æo zero sem fio
  Description: Fornece configura‡Æo autom tica para os adaptadores 802.11
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           xmlprov
Display Name:   Servi‡o de Configura‡Æo de Rede
  Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           a2free
Display Name:   a-squared Free Service
  Description: Scans the PC for unwanted software and provides protection from malicious code
  Path Name:   "C:\Arquivos de programas\a-squared Free\a2service.exe"
  Start Mode:  Auto
  State:       Running


------------------------------------------------------------------------------------ 

Displaying LOG for Microsoft Windows Malicious Software Removal Tool: 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 13:51:38 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 15:19:56 2009

Extended Scan Results
----------------
Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
-> Sysclean ERROR: Internal error, code = 8050800C

Results Summary:
----------------
Found TrojanDownloader:Win32/Renos (detected generically)

Return code: 6
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009

Removal Tool Finished On Fri Oct 02 16:32:45 2009

---------------------------------------------------------------------------- 
   Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys 
       if Hidden = 0 then Hidden Files and Folders are not shown 
       if SuperHidden = 1 is the desired default value. 
       if ShowSuperHidden = 0 then System Files are not shown 
       if HideFileExt = 1 then File Extension are not shown 
   We want their values to be (from top to bottom) 1,1,1,0 
---------------------------------------------------------------------------- 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
  Hidden	REG_DWORD      	1 (0x1)
  SuperHidden	REG_DWORD      	1 (0x1)
  ShowSuperHidden	REG_DWORD      	1 (0x1)
  HideFileExt	REG_DWORD      	0 (0x0)

************************************************************************************  

Examining Select Windows Registry Keys 
------------------------------------------------------------------------------------ 

   -------------------------------------------------------------------------- 
       Items Found in ZoneMap\Domains: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

   ---------------------------------------------------------------------------- 
       Current User ZoneMap ProtocolDefaults 
   ---------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
  <NO NAME>	REG_SZ         	
  http	REG_DWORD      	3 (0x3)
  https	REG_DWORD      	3 (0x3)
  ftp	REG_DWORD      	3 (0x3)
  file	REG_DWORD      	3 (0x3)
  @ivt	REG_DWORD      	1 (0x1)
  shell	REG_DWORD      	0 (0x0)

   ---------------------------------------------------------------------------- 
           Default URL Prefix Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
  <NO NAME>	REG_SZ         	http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
  ftp	REG_SZ         	ftp://
  gopher	REG_SZ         	gopher://
  home	REG_SZ         	http://
  mosaic	REG_SZ         	http://
  www	REG_SZ         	http://

   -------------------------------------------------------------------------- 
           Startup Items Disabled via MSCONFIG: 
   -------------------------------------------------------------------------- 


   -------------------------------------------------------------------------- 
           Select AutoRun Registry Keys: 
   -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
  uTorrent	REG_SZ         	"C:\Arquivos de programas\uTorrent\uTorrent.exe"
  Skype	REG_SZ         	"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
  DAEMON Tools Lite	REG_SZ         	"C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
  NCsoft Launcher	REG_SZ         	C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  nwiz	REG_SZ         	nwiz.exe /install
  NvMediaCenter	REG_SZ         	RunDLL32.exe NvMCTray.dll,NvTaskbarInit
  High Definition Audio Property Page Shortcut	REG_SZ         	HDAShCut.exe
  SoundMAXPnP	REG_SZ         	C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
  SoundMAX	REG_SZ         	"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
  Adobe Reader Speed Launcher	REG_SZ         	"C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  mspaint	REG_SZ         	"C:\WINDOWS\system32\paint.exe" -autocheck
  winupdate.exe	REG_SZ         	C:\WINDOWS\system32\winupdate.exe
  OneCareUI	REG_SZ         	"C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"
  SunJavaUpdateSched	REG_SZ         	"C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex


HKEY_USERS\.default\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

   -------------------------------------------------------------------------- 
           WinLogon Notify Registry Key: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  MaxWait	REG_DWORD      	258 (0x102)
  DllName	REG_SZ         	C:\Arquivos de programas\GbPlugin\gbieh.dll
  Startup	REG_SZ         	GbPluginEventStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	crypt32.dll
  Logoff	REG_SZ         	ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	cryptnet.dll
  Logoff	REG_SZ         	CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
  DLLName	REG_SZ         	cscdll.dll
  Logon	REG_SZ         	WinlogonLogonEvent
  Logoff	REG_SZ         	WinlogonLogoffEvent
  ScreenSaver	REG_SZ         	WinlogonScreenSaverEvent
  Startup	REG_SZ         	WinlogonStartupEvent
  Shutdown	REG_SZ         	WinlogonShutdownEvent
  StartShell	REG_SZ         	WinlogonStartShellEvent
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	SCardStartCertProp
  Logoff	REG_SZ         	SCardStopCertProp
  Lock	REG_SZ         	SCardSuspendCertProp
  Unlock	REG_SZ         	SCardResumeCertProp
  Enabled	REG_DWORD      	1 (0x1)
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  StartShell	REG_SZ         	SchedStartShell
  Logoff	REG_SZ         	SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
  Logoff	REG_SZ         	WLEventLogoff
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)
  DllName	REG_EXPAND_SZ  	sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
  DLLName	REG_SZ         	WlNotify.dll
  Lock	REG_SZ         	SensLockEvent
  Logon	REG_SZ         	SensLogonEvent
  Logoff	REG_SZ         	SensLogoffEvent
  Safe	REG_DWORD      	1 (0x1)
  MaxWait	REG_DWORD      	600 (0x258)
  StartScreenSaver	REG_SZ         	SensStartScreenSaverEvent
  StopScreenSaver	REG_SZ         	SensStopScreenSaverEvent
  Startup	REG_SZ         	SensStartupEvent
  Shutdown	REG_SZ         	SensShutdownEvent
  StartShell	REG_SZ         	SensStartShellEvent
  PostShell	REG_SZ         	SensPostShellEvent
  Disconnect	REG_SZ         	SensDisconnectEvent
  Reconnect	REG_SZ         	SensReconnectEvent
  Unlock	REG_SZ         	SensUnlockEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  Logoff	REG_SZ         	TSEventLogoff
  Logon	REG_SZ         	TSEventLogon
  PostShell	REG_SZ         	TSEventPostShell
  Shutdown	REG_SZ         	TSEventShutdown
  StartShell	REG_SZ         	TSEventStartShell
  Startup	REG_SZ         	TSEventStartup
  MaxWait	REG_DWORD      	600 (0x258)
  Reconnect	REG_SZ         	TSEventReconnect
  Disconnect	REG_SZ         	TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	RegisterTicketExpiredNotificationEvent
  Logoff	REG_SZ         	UnregisterTicketExpiredNotificationEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

   -------------------------------------------------------------------------- 
           Shared Task Scheduler Registry Items: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1}	REG_SZ         	Pré-carregador Browseui
  {8C7461EF-2B13-11d2-BE35-3078302C2030}	REG_SZ         	Daemon de cache de categorias de componente

   -------------------------------------------------------------------------- 
           Scheduled Tasks: 
   -------------------------------------------------------------------------- 

O volume na unidade C nÆo tem nome.
O n£mero de s‚rie do volume ‚ 50E8-DE77

Pasta de C:\WINDOWS\tasks

05/09/2009  08:48    <DIR>          .
05/09/2009  08:48    <DIR>          ..
28/10/2001  11:07                65 desktop.ini
02/10/2009  17:16                 6 SA.DAT
              2 arquivo(s)             71 bytes

    Total de arquivos na lista:
              2 arquivo(s)             71 bytes
              2 pasta(s) 114.748.612.608 bytes dispon¡veis
   HR     C:\WINDOWS\tasks\desktop.ini
A   H      C:\WINDOWS\tasks\SA.DAT

   ---------------------------------------------------------------------------- 
           ShellExecuteHooks Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
  {AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	
  {E37CB5F0-51F5-4395-A808-5FA49E399F83}	REG_SZ         	GbPlugin ShlObj

   ---------------------------------------------------------------------------- 
           ShellServiceObjectDelayLoad Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
  PostBootReminder	REG_SZ         	{7849596a-48ea-486e-8937-a2a3009f31a9}
  CDBurn	REG_SZ         	{fbeb8a05-beee-4442-804e-409d6c4515e9}
  WebCheck	REG_SZ         	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
  SysTray	REG_SZ         	{35CEC8A3-2BE6-11D2-8773-92E220524153}
  WPDShServiceObj	REG_SZ         	{AAA288BA-9A4C-45B0-95D7-94D524869DB5}

   ---------------------------------------------------------------------------- 
           ModuleUsage Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll
  .Owner	REG_SZ         	{5ED80217-570B-4DA9-BF44-BE107C0EC166}
  {5ED80217-570B-4DA9-BF44-BE107C0EC166}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           BHO Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
  <NO NAME>	REG_SZ         	AcroIEHelperStub
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}
  <NO NAME>	REG_SZ         	G-Buster Browser Defense

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
  <NO NAME>	REG_SZ         	JQSIEStartDetectorImpl
  NoExplorer	REG_DWORD      	1 (0x1)

    -------------------------------------------------------------------------- 
           Select Policy Keys: 
    -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)
  NoSetActiveDesktop	REG_DWORD      	1 (0x1)
  NoActiveDesktopChanges	REG_DWORD      	1 (0x1)


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
  DisableTaskMgr	REG_DWORD      	0 (0x0)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
  NoDesktopCleanupWizard	REG_DWORD      	1 (0x1)
  NoSetActiveDesktop	REG_DWORD      	1 (0x1)
  NoActiveDesktopChanges	REG_DWORD      	1 (0x1)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
  dontdisplaylastusername	REG_DWORD      	0 (0x0)
  legalnoticecaption	REG_SZ         	
  legalnoticetext	REG_SZ         	
  shutdownwithoutlogon	REG_DWORD      	1 (0x1)
  undockwithoutlogon	REG_DWORD      	1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)

************************************************************************************ 

Checking File System for suspicious Files 

-------------------------------------------------------------------------- 
   Items in the Root Directory: 
-------------------------------------------------------------------------- 

   Locating all files created in C:\ 

"C:\"
ARQUIV~1       6 Jul 2009              "Arquivos de programas"
autoexec.bat   6 Jul 2009           0  "AUTOEXEC.BAT"
boot.ini       6 Jul 2009         211  "boot.ini"
bootfont.bin  28 Oct 2001        4952  "Bootfont.bin"
config.sys     6 Jul 2009           0  "CONFIG.SYS"
DOCUME~1       6 Jul 2009              "Documents and Settings"
FRAPS         30 Jul 2009              "Fraps"
GOOGLE~1      21 Sep 2009              "GoogleAppEngine"
io.sys         6 Jul 2009           0  "IO.SYS"
ISEEYO~1       2 Oct 2009              "ISeeYouXP"
msdos.sys      6 Jul 2009           0  "MSDOS.SYS"
ntdetect.com   3 Aug 2004       47564  "NTDETECT.COM"
ntldr          3 Aug 2004      251168  "ntldr"
pagefile.sys   2 Oct 2009  1610612736  "pagefile.sys"
PROGRA~1      14 Jul 2009              "Program Files"
RECYCLER       6 Jul 2009              "RECYCLER"
SYSTEM~1       6 Jul 2009              "System Volume Information"
TMP            5 Sep 2009              "tmp"
WINDOWS        6 Jul 2009              "WINDOWS"

19 items found:  9 files (7 H/S), 10 directories (2 H/S).
  Total of file sizes:  1.610.916.631 bytes      1,50 G

-------------------------------------------------------------------------- 
   Locating all Backup files on C: 
-------------------------------------------------------------------------- 

   Locating all *.BAK* files 

"C:\Arquivos de programas\Analog Devices\SoundMAX\"
smaxlo~1.bak   6 Jul 2009        3322  "SMax.log.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"
sfs4rw~1.bak  10 Sep 2008     1188096  "sfs4rw.dll.bak"
vegas8~1.bak  10 Sep 2008    11515136  "vegas80.exe.bak"

"C:\WINDOWS\Debug\UserMode\"
userenv.bak   18 Sep 2009      309204  "userenv.bak"

"C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\"
mchamm~1.bak   6 Aug 2008     1317888  "mchammer.dll.bak"
sffrgp~1.bak  10 Sep 2008     1298688  "sffrgpnv.dll.bak"
sfppac~1.bak  10 Sep 2008     1665280  "sfppack1.dll.bak"
sfppac~2.bak  10 Sep 2008     1845504  "sfppack2.dll.bak"
sfppac~3.bak  10 Sep 2008     1561856  "sfppack3.dll.bak"
sfresf~1.bak   6 Aug 2008     1282048  "sfresfilter.dll.bak"
sftrkf~1.bak  10 Sep 2008     1531648  "sftrkfx1.dll.bak"
sfxpfx~1.bak  10 Sep 2008     1287936  "sfxpfx1.dll.bak"
sfxpfx~2.bak  10 Sep 2008     1291520  "sfxpfx2.dll.bak"
sfxpfx~3.bak  10 Sep 2008     1425664  "sfxpfx3.dll.bak"
xpviny~1.bak   6 Aug 2008     1340928  "xpvinyl.dll.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\"
spcons~1.bak  10 Sep 2008     1981952  "spconsoleopt.dll.bak"
spgenc~1.bak  10 Sep 2008     1696256  "spgenctrlopt.dll.bak"
spmack~1.bak  10 Sep 2008     1759744  "spmackiectrlopt.dll.bak"
tranzp~1.bak  10 Sep 2008      855552  "tranzport.dll.bak"

"C:\WINDOWS\Debug\Setup\Backup\"
hdaudi~1.bak   2 Oct 2009           0  "HDAUDIO_Backup.bak"
intppm~1.bak   2 Oct 2009           4  "INTPPM_Backup.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\"
ac3plu~1.bak  10 Sep 2008     2015488  "ac3plug.dll.bak"
ac3plu~2.bak  10 Sep 2008     1188096  "ac3plugrw.dll.bak"

"C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         141  "brndlog.bak"

"C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
profes~1.bak  31 Jul 2009      181272  "Professional_32_1046.dat.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"

"C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\"
data.bak      10 Feb 2001        1106  "DATA.BAK"

"C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

32 items found:  32 files, 0 directories.
  Total of file sizes:  42.432.683 bytes     40,46 M

-------------------------------------------------------------------------- 
   Locating all copies of Internet Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\Arquivos de programas\Internet Explorer\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\ie8\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

"C:\WINDOWS\system32\dllcache\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

4 items found:  4 files, 0 directories.
  Total of file sizes:  1.464.000 bytes      1,39 M

-------------------------------------------------------------------------- 
   Locating all copies of beep.sy_ on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

No matches found.

-------------------------------------------------------------------------- 
   Locating all copies of beep.sys on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\WINDOWS\system32\drivers\"
beep.sys      28 Oct 2001        4224  "beep.sys"

1 item found:  1 file, 0 directories.
  Total of file sizes:  4.224 bytes      4,13 K

-------------------------------------------------------------------------- 
   Locating all copies of Windows Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Windows Explorer 

"C:\WINDOWS\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

2 items found:  2 files, 0 directories.
  Total of file sizes:  2.068.480 bytes      1,97 M

--------------------------------------------------------------------------
   Items in Document and Settings: 
--------------------------------------------------------------------------

    Listing contents of C:\Documents and Settings 

"C:\Documents and Settings\"
ADMINI~1       6 Jul 2009              "Administrador"
ALLUSE~1       6 Jul 2009              "All Users"
DEFAUL~1       6 Jul 2009              "Default User"
LOCALS~1       6 Jul 2009              "LocalService"
NETWOR~1       6 Jul 2009              "NetworkService"

5 items found:  0 files, 5 directories (3 H/S).

    --------------------------------------------------------------------------
           Desktop Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. 

"C:\Documents and Settings\Administrador\Desktop\"
amplif~1.pdf  14 Sep 2009      118950  "Amplificador em Cascata.pdf"
backup.reg    27 Sep 2009    11647698  "backup.reg"
C__~1         22 Sep 2009              "C++"
cnpq.doc      19 Sep 2009       41472  "CNPQ.doc"
codigo~1.txt  23 Sep 2009          10  "codigo orquidea.txt"
counte~1.lnk  24 Sep 2009        1683  "Counter Strike 1.6 Non Steam.lnk"
c__exe~1.lnk  23 Sep 2009         762  "c++.exe.lnk"
DATASH~1      30 Sep 2009              "datasheet"
eletrn~1.rar  30 Aug 2009   101890014  "Eletr“nica - Dispositivos Eletr“nicos e Teoria de Circuitos - Robert L. Boylestad.rar"
exercc~1.doc  18 Sep 2009      423936  "EXERCÖCIO SOBRE O FILME RASTROS DE àDIO.doc"
garena.lnk    11 Sep 2009         710  "Garena.lnk"
heroes~1.lnk  18 Jul 2009        1660  "Heroes of Newerth.lnk"
LOGS           2 Oct 2009              "LOGS"
MANOEL         3 Sep 2009              "manoel"
mozill~1.lnk   6 Jul 2009        1692  "Mozilla Firefox.lnk"
orquidea.mht  26 Aug 2009     1305854  "ORQUIDEA.mht"
VIRUS          2 Oct 2009              "VIRUS"
window~1.lnk   6 Jul 2009        1871  "Windows Live Messenger .lnk"

18 items found:  13 files, 5 directories.
  Total of file sizes:  115.436.312 bytes    110,09 M

   Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. 

"C:\Documents and Settings\All Users\Desktop\"
adober~1.lnk   6 Jul 2009        1769  "Adobe Reader 9.lnk"
mozill~1.lnk   6 Jul 2009        1674  "Mozilla Firefox.lnk"
pokers~1.lnk  14 Sep 2009         792  "PokerStars.lnk"
steam.lnk      1 Oct 2009        2255  "Steam.lnk"
trucol~1.lnk  10 Sep 2009         802  "Truco LigasOnline.lnk"

5 items found:  5 files, 0 directories.
  Total of file sizes:  7.292 bytes      7,12 K

    --------------------------------------------------------------------------
           Start Menu Items: 
    --------------------------------------------------------------------------

   Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           Application Data Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           C:\Documents and Settings\Administrador\Local Settings\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. 

    --------------------------------------------------------------------------
           Items in Templates Folder: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Templates 

No matches found.

--------------------------------------------------------------------------
           Items in Program Files: 
--------------------------------------------------------------------------

   Locating all files created in C:\Arquivos de programas\ within the last 90 days. 

"C:\Arquivos de programas\"
A-SQUA~1       2 Oct 2009              "a-squared HiJackFree"
A-SQUA~2       2 Oct 2009              "a-squared Free"
ADOBE          6 Jul 2009              "Adobe"
ANALOG~1       6 Jul 2009              "Analog Devices"
ARQUIV~1       6 Jul 2009              "Arquivos comuns"
CODEBL~1      22 Sep 2009              "CodeBlocks"
CSPIRA~1      24 Sep 2009              "cspiratao"
CYBERS~1      28 Jul 2009              "CyberScript32"
DAEMON~1      16 Sep 2009              "DAEMON Tools Lite"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
EXPLOR~1       2 Oct 2009              "ExplorerXP"
FREEAU~1      10 Sep 2009              "Free Audio Pack"
GABEST         4 Sep 2009              "Gabest"
GARENA        11 Sep 2009              "Garena"
GBPLUGIN       4 Aug 2009              "GbPlugin"
HEROES~1      18 Jul 2009              "Heroes of Newerth"
INSTAL~1       6 Jul 2009              "InstallShield Installation Information"
INTERN~1       6 Jul 2009              "Internet Explorer"
JAVA           4 Aug 2009              "Java"
K-LITE~1       6 Jul 2009              "K-Lite Codec Pack"
LIGASO~1      10 Sep 2009              "LigasOnline"
MICROS~1       6 Jul 2009              "Microsoft"
MICROS~2       6 Jul 2009              "Microsoft Office"
MICROS~3       1 Oct 2009              "Microsoft Windows OneCare Live"
MOZILL~1       6 Jul 2009              "Mozilla Firefox"
MSBUILD       30 Jul 2009              "MSBuild"
NCSOFT        25 Sep 2009              "NCSoft"
NEWBLUE       31 Jul 2009              "NewBlue"
NOTEPA~1       6 Jul 2009              "Notepad++"
OUTLOO~1       6 Jul 2009              "Outlook Express"
PANDON~1      20 Sep 2009              "Pando Networks"
POKERS~1      14 Sep 2009              "PokerStars"
REALAL~1      31 Aug 2009              "Real Alternative"
REFERE~1      30 Jul 2009              "Reference Assemblies"
REPLAY~1      30 Jul 2009              "ReplaySeeker"
SKYPE         17 Aug 2009              "Skype"
SONY          30 Jul 2009              "Sony"
SONYSE~1      30 Jul 2009              "Sony Setup"
STEAM          8 Aug 2009              "Steam"
SYSTEM~1      16 Sep 2009              "SystemRequirementsLab"
TEAMSP~1      28 Jul 2009              "Teamspeak2_RC2"
UTORRENT       6 Jul 2009              "uTorrent"
VDOWNL~1       2 Aug 2009              "VDOWNLOADER"
VERYPD~1.0     5 Sep 2009              "VeryPDF PDF2Word v3.0"
VIA            6 Jul 2009              "VIA"
WARCRA~1       6 Jul 2009              "Warcraft III"
WARKEYS        1 Aug 2009              "Warkeys"
WI4DF6~1       6 Jul 2009              "Windows Media Connect 2"
WINDOW~1       6 Jul 2009              "Windows Media Player"
WINDOW~2       1 Oct 2009              "Windows Live Safety Center"
WINDOW~3       6 Jul 2009              "Windows Live"
WINDOW~4       6 Jul 2009              "Windows Live SkyDrive"
WINRAR         6 Jul 2009              "WinRAR"

53 items found:  0 files, 53 directories (1 H/S).

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\"
ADOBE          6 Jul 2009              "Adobe"
DESIGNER       6 Jul 2009              "Designer"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
ESELLE~1      31 Jul 2009              "eSellerate"
INSTAL~1       6 Jul 2009              "InstallShield"
MICROS~1       6 Jul 2009              "Microsoft Shared"
MSSOAP         6 Jul 2009              "MSSoap"
SERVI€OS       6 Jul 2009              "Servi‡os"
SKYPE         17 Aug 2009              "Skype"
SYSTEM         6 Jul 2009              "System"
WINDOW~1       6 Jul 2009              "Windows Live"

11 items found:  0 files, 11 directories.

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\"
1033           6 Jul 2009              "1033"
1046           6 Jul 2009              "1046"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\"
WEBVIEW        6 Jul 2009              "WebView"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\"
IMAGES         6 Jul 2009              "Images"

4 items found:  0 files, 4 directories.

--------------------------------------------------------------------------
           Items in the Windows Directory: 
--------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\ within the last 90 days.  

"C:\WINDOWS\"
$HF_MIG$      20 Aug 2009              "$hf_mig$"
$N18DC~1      20 Aug 2009              "$NtUninstallKB932823-v3$"
$N4AE6~1       2 Oct 2009              "$NtUninstallKB898461$"
$N4CEE~1       1 Oct 2009              "$NtUninstallKB914882$"
$N4EC9~1      30 Jul 2009              "$NtUninstallWIC$"
$N68C8~1       1 Oct 2009              "$NtUninstallKB923845$"
$N6CC0~1       6 Jul 2009              "$NtUninstallKB926239$"
$N89D7~1       6 Jul 2009              "$NtUninstallMSCompPackV1$"
$NTUNI~1       6 Jul 2009              "$NtUninstallKB888111WXPSP2$"
$NTUNI~2       6 Jul 2009              "$NtUninstallWudf01000$"
$NTUNI~3       6 Jul 2009              "$NtUninstallWMFDist11$"
$NTUNI~4       6 Jul 2009              "$NtUninstallwmp11$"
0.log          2 Oct 2009           0  "0.log"
ADDINS         6 Jul 2009              "addins"
APPPATCH       6 Jul 2009              "AppPatch"
ascd_tmp.ini   6 Jul 2009       13327  "Ascd_tmp.ini"
ASSEMBLY      30 Jul 2009              "assembly"
ASUSIN~1       6 Jul 2009              "ASUSInstAll"
as_debug.txt   6 Jul 2009           0  "AS_Debug.txt"
bitsse~1.log   6 Jul 2009        1880  "bitssetup.log"
bootstat.dat   2 Oct 2009        2048  "bootstat.dat"
cmsetacl.log   6 Jul 2009         200  "cmsetacl.log"
comsetup.log   2 Oct 2009       40389  "comsetup.log"
CONFIG         6 Jul 2009              "Config"
CONNEC~1       6 Jul 2009              "Connection Wizard"
control.ini    6 Jul 2009           0  "control.ini"
CSC            6 Jul 2009              "CSC"
CURSORS        6 Jul 2009              "Cursors"
DEBUG          6 Jul 2009              "Debug"
directx.log    6 Jul 2009       32896  "Directx.log"
DOWNLO~1       6 Jul 2009              "Downloaded Program Files"
DRIVER~1       6 Jul 2009              "Driver Cache"
dtcins~1.log   6 Jul 2009         133  "DtcInstall.log"
entpack.ini   17 Sep 2009          34  "entpack.ini"
FONTS          6 Jul 2009              "Fonts"
HELP           6 Jul 2009              "Help"
IE8           20 Aug 2009              "ie8"
ie8.log       20 Aug 2009       56162  "ie8.log"
ie8_main.log  20 Aug 2009       95329  "ie8_main.log"
IME            6 Jul 2009              "ime"
INF            6 Jul 2009              "inf"
INSTAL~1       6 Jul 2009              "Installer"
JAVA           6 Jul 2009              "java"
kb888111.log   6 Jul 2009        4936  "KB888111.log"
kb898461.log   2 Oct 2009        7722  "KB898461.log"
kb926239.log   6 Jul 2009        9921  "KB926239.log"
kb9328~1.log  20 Aug 2009        8365  "KB932823-v3.log"
kb950974.log   2 Oct 2009        4976  "KB950974.log"
kb951748.log   2 Oct 2009        4161  "KB951748.log"
kb952004.log   2 Oct 2009        4429  "KB952004.log"
kb952954.log   2 Oct 2009        5431  "KB952954.log"
kb956802.log   2 Oct 2009        3595  "KB956802.log"
kb959426.log   2 Oct 2009        5346  "KB959426.log"
kb960225.log   2 Oct 2009        4696  "KB960225.log"
kb960803.log   2 Oct 2009        4055  "KB960803.log"
kb960859.log   2 Oct 2009        5246  "KB960859.log"
kb9613~1.log   2 Oct 2009        5129  "KB961371-v2.log"
kb961501.log   2 Oct 2009        4609  "KB961501.log"
kb961503.log   2 Oct 2009        5156  "KB961503.log"
kb967715.log   2 Oct 2009        4251  "KB967715.log"
kb968389.log   2 Oct 2009        3875  "KB968389.log"
kb968537.log   2 Oct 2009        3947  "KB968537.log"
kb971032.log   2 Oct 2009        3370  "KB971032.log"
kb971557.log   2 Oct 2009        4784  "KB971557.log"
kb971633.log   2 Oct 2009        4518  "KB971633.log"
kb971657.log   2 Oct 2009        4881  "KB971657.log"
kb973507.log   2 Oct 2009        4326  "KB973507.log"
kb973815.log   2 Oct 2009        3958  "KB973815.log"
LOGS          18 Jul 2009              "Logs"
MEDIA          6 Jul 2009              "Media"
MICROS~1.NET  30 Jul 2009              "Microsoft.NET"
MSAGENT        6 Jul 2009              "Msagent"
MSAPPS         6 Jul 2009              "msapps"
mscomp~1.log   6 Jul 2009        7399  "MSCompPackV1.log"
msmqinst.log   2 Oct 2009       33722  "msmqinst.log"
MUI            6 Jul 2009              "mui"
netfxocm.log   2 Oct 2009       15157  "netfxocm.log"
nsreg.dat      6 Jul 2009           0  "nsreg.dat"
ntdtcs~1.log   2 Oct 2009       22877  "ntdtcsetup.log"
NVIEW          6 Jul 2009              "nview"
ocgen.log      2 Oct 2009       27526  "ocgen.log"
odbc.ini       6 Jul 2009         421  "ODBC.INI"
odbcinst.ini   6 Jul 2009        4205  "ODBCINST.INI"
oewablog.txt   6 Jul 2009         841  "OEWABLog.txt"
OFFLIN~1       6 Jul 2009              "Offline Web Pages"
PCHEALTH       6 Jul 2009              "pchealth"
pdf2word.ini   5 Sep 2009         358  "pdf2word.INI"
PEERNET        6 Jul 2009              "PeerNet"
PIF           16 Sep 2009              "PIF"
PREFETCH       6 Jul 2009              "Prefetch"
PROVIS~1       6 Jul 2009              "Provisioning"
REGIST~1       6 Jul 2009              "Registration"
regopt.log     6 Jul 2009        1182  "regopt.log"
REPAIR         6 Jul 2009              "repair"
RESOUR~1       6 Jul 2009              "Resources"
schedlgu.txt   1 Oct 2009       32514  "SchedLgU.Txt"
SECURITY       6 Jul 2009              "security"
sessmg~1.log   6 Jul 2009        1022  "sessmgr.setup.log"
setupact.log   2 Oct 2009       96141  "setupact.log"
setupapi.log   2 Oct 2009      497716  "setupapi.log"
setuperr.log   6 Jul 2009           0  "setuperr.log"
setuplog.txt   6 Jul 2009      542893  "setuplog.txt"
SHELLNEW       6 Jul 2009              "ShellNew"
sminst~1.log   6 Jul 2009       10436  "SMinstall.log"
SOFTWA~1       6 Jul 2009              "SoftwareDistribution"
spupdsvc.log  20 Aug 2009        8473  "spupdsvc.log"
sti_tr~1.log   6 Jul 2009           0  "Sti_Trace.log"
SUN            4 Aug 2009              "Sun"
svcpack.log    2 Oct 2009       19572  "svcpack.log"
SYSTEM         6 Jul 2009              "system"
system.ini     6 Jul 2009         231  "system.ini"
SYSTEM32       6 Jul 2009              "system32"
TASKS          6 Jul 2009              "Tasks"
TEMP           6 Jul 2009              "Temp"
tsoc.log       2 Oct 2009       39386  "tsoc.log"
TWAIN_32       6 Jul 2009              "twain_32"
updspapi.log   1 Oct 2009       17986  "updspapi.log"
vb.ini         6 Jul 2009          36  "vb.ini"
vbaddin.ini    6 Jul 2009          37  "vbaddin.ini"
war3unin.dat   6 Jul 2009       86157  "War3Unin.dat"
war3unin.exe   6 Jul 2009      139264  "War3Unin.exe"
war3unin.pif   6 Jul 2009        2829  "War3Unin.pif"
WBEM          20 Aug 2009              "WBEM"
WEB            6 Jul 2009              "Web"
wiadebug.log  26 Sep 2009         216  "wiadebug.log"
wiaservc.log  26 Sep 2009          49  "wiaservc.log"
win.ini        6 Jul 2009         603  "win.ini"
window~1.log   2 Oct 2009     1236355  "WindowsUpdate.log"
window~1.man   6 Jul 2009         749  "WindowsShell.Manifest"
WINSXS         6 Jul 2009              "WinSxS"
wmfdis~1.log   6 Jul 2009       30201  "WMFDist11.log"
wmp11.log      6 Jul 2009       22035  "wmp11.log"
wmsetup.log    2 Oct 2009       55511  "wmsetup.log"
wmsetu~1.log   6 Jul 2009        2096  "wmsetup10.log"
wmsyspr9.prx   6 Jul 2009      316640  "WMSysPr9.prx"
wudf01~1.log   6 Jul 2009        8381  "Wudf01000Inst.log"

136 items found:  78 files (2 H/S), 58 directories (21 H/S).
  Total of file sizes:  3.649.298 bytes      3,48 M

    --------------------------------------------------------------------------
           C:\WINDOWS\Downloaded Program Files: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.  

"C:\WINDOWS\Downloaded Program Files\"
desktop.ini    6 Jul 2009          65  "desktop.ini"
wlscbase.dll   9 Sep 2009      452488  "wlscBase.dll"
wlscbase.inf   9 Sep 2009         321  "wlscBase.inf"

3 items found:  3 files (1 H/S), 0 directories.
  Total of file sizes:  452.874 bytes    442,26 K

    --------------------------------------------------------------------------
           C:\WINDOWS\PCHealth\HelpCtr\Binaries: 
    --------------------------------------------------------------------------

   Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries 

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll   28 Oct 2001       21504  "brpinfo.dll"
hcappres.dll  28 Oct 2001        7168  "HCAppRes.dll"
helpctr.exe    3 Aug 2004      768512  "HelpCtr.exe"
helphost.exe  28 Oct 2001       99840  "HelpHost.exe"
helpsvc.exe    3 Aug 2004      743936  "HelpSvc.exe"
hscsp_w3.cab  17 Jul 2004      324700  "hscsp_w3.cab"
hscupd.exe     3 Aug 2004       18944  "HscUpd.exe"
msconfig.exe   3 Aug 2004      159744  "msconfig.exe"
msinfo.dll     3 Aug 2004      380928  "msinfo.dll"
notiflag.exe  28 Oct 2001       35328  "notiflag.exe"
pchdt_w3.cab   3 Aug 2004     2768982  "pchdt_w3.cab"
pchshell.dll   3 Aug 2004      102400  "pchshell.dll"
pchsvc.dll     3 Aug 2004       38912  "pchsvc.dll"

13 items found:  13 files, 0 directories.
  Total of file sizes:  5.470.898 bytes      5,21 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system within the last 90 days.  

"C:\WINDOWS\system\"
tapi.tlb      25 Sep 2009           1  "tapi.tlb"

1 item found:  1 file, 0 directories.
  Total of file sizes:  1 byte       0,00 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32 within the last 90 days.  

"C:\WINDOWS\system32\"
$winnt$.inf    6 Jul 2009         987  "$winnt$.inf"
1025           6 Jul 2009              "1025"
1028           6 Jul 2009              "1028"
1031           6 Jul 2009              "1031"
1033           6 Jul 2009              "1033"
1037           6 Jul 2009              "1037"
1041           6 Jul 2009              "1041"
1042           6 Jul 2009              "1042"
1046           6 Jul 2009              "1046"
1054           6 Jul 2009              "1054"
18467.exe      2 Oct 2009           0  "18467.exe"
2052           6 Jul 2009              "2052"
3076           6 Jul 2009              "3076"
3COM_DMI       6 Jul 2009              "3com_dmi"
41.exe         2 Oct 2009           0  "41.exe"
6334.exe       1 Oct 2009           0  "6334.exe"
ADOBE         10 Aug 2009              "Adobe"
amcompat.tlb   6 Jul 2009       16832  "amcompat.tlb"
APPMGMT        5 Sep 2009              "appmgmt"
BIFROST       21 Sep 2009              "Bifrost"
BITS           1 Oct 2009              "bits"
CATROOT        6 Jul 2009              "CatRoot"
CATROOT2       6 Jul 2009              "CatRoot2"
CATROO~1       2 Oct 2009              "CatRoot_bak"
cdplay~1.man   6 Jul 2009         749  "cdplayer.exe.manifest"
COM            6 Jul 2009              "Com"
CONFIG         6 Jul 2009              "config"
config.nt      6 Jul 2009        2969  "CONFIG.NT"
deploytk.dll  31 Jul 2009      411368  "deploytk.dll"
detoured.dll  10 Sep 2009        4096  "detoured.dll"
DHCP           6 Jul 2009              "dhcp"
DIRECTX        6 Jul 2009              "DirectX"
divx.dll      13 Jul 2009      685056  "divx.dll"
DLLCACHE       6 Jul 2009              "dllcache"
dpl100.dll    13 Jul 2009       90112  "dpl100.dll"
DRIVERS        6 Jul 2009              "drivers"
DRVSTORE       1 Oct 2009              "DRVSTORE"
emptyr~1.dat   6 Jul 2009       21844  "emptyregdb.dat"
EN-US         30 Jul 2009              "en-us"
EXPORT         6 Jul 2009              "export"
ezsidmv.dat   17 Aug 2009          56  "ezsidmv.dat"
fntcache.dat   2 Oct 2009      112584  "FNTCACHE.DAT"
gamemon.des   15 Sep 2009     3363184  "GameMon.des"
GROUPP~1       1 Oct 2009              "GroupPolicy"
h323log.txt    6 Jul 2009           0  "h323log.txt"
IAS            6 Jul 2009              "ias"
ICSXML         6 Jul 2009              "icsxml"
java.exe      31 Jul 2009      145184  "java.exe"
javacpl.cpl   31 Jul 2009       73728  "javacpl.cpl"
javaw.exe     31 Jul 2009      145184  "javaw.exe"
javaws.exe    31 Jul 2009      149280  "javaws.exe"
jupdat~1.log   2 Oct 2009        3973  "jupdate-1.6.0_16-b01.log"
lhacm.acm     28 Jul 2009       34064  "lhacm.acm"
LOGFILES       6 Jul 2009              "LogFiles"
logonu~1.man   6 Jul 2009         488  "logonui.exe.manifest"
MACROMED       6 Jul 2009              "Macromed"
MICROS~1       6 Jul 2009              "Microsoft"
mrt.exe       28 Aug 2009    24689600  "MRT.exe"
MSDTC          6 Jul 2009              "MsDtc"
MUI            6 Jul 2009              "mui"
ncpacp~1.man   6 Jul 2009         749  "ncpa.cpl.manifest"
NPP            6 Jul 2009              "npp"
nscompat.tlb   6 Jul 2009       23392  "nscompat.tlb"
nvapps.xml     2 Oct 2009       63804  "nvapps.xml"
nwccpl~1.man   6 Jul 2009         749  "nwc.cpl.manifest"
paint.exe     12 Sep 2009       94209  "Paint.exe"
perfc009.dat  30 Jul 2009       65106  "perfc009.dat"
perfc016.dat  30 Jul 2009       73440  "perfc016.dat"
perfh009.dat  30 Jul 2009      425082  "perfh009.dat"
perfh016.dat  30 Jul 2009      457508  "perfh016.dat"
perfst~1.ini  30 Jul 2009     1028686  "PerfStringBackup.INI"
PREINS~1       2 Oct 2009              "PreInstall"
PT-BR         20 Aug 2009              "pt-BR"
RAS            6 Jul 2009              "ras"
REINST~1       6 Jul 2009              "ReinstallBackups"
RESTORE        6 Jul 2009              "Restore"
sapicp~1.man   6 Jul 2009         749  "sapi.cpl.manifest"
SETUP          6 Jul 2009              "Setup"
SHELLEXT       6 Jul 2009              "ShellExt"
SOFTWA~1       1 Oct 2009              "SoftwareDistribution"
SPOOL          6 Jul 2009              "spool"
USMT           6 Jul 2009              "usmt"
WBEM           6 Jul 2009              "wbem"
window~1.man   6 Jul 2009         488  "WindowsLogon.manifest"
WINS           6 Jul 2009              "wins"
winupd~1.exe   1 Oct 2009       45568  "winupdate.exe"
wpa.dbl       30 Sep 2009        2206  "wpa.dbl"
wuaucp~1.man   6 Jul 2009         749  "wuaucpl.cpl.manifest"
x264vfw.dll   29 Jul 2009     2378752  "x264vfw.dll"
XPSVIE~1      30 Jul 2009              "XPSViewer"

90 items found:  40 files (8 H/S), 50 directories (2 H/S).
  Total of file sizes:  34.612.575 bytes     33,01 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\com: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\com within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\components: 
    --------------------------------------------------------------------------
   Locating all files created in C:\WINDOWS\system32\components within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.  

"C:\WINDOWS\system32\drivers\"
DISDN          6 Jul 2009              "disdn"
ETC            6 Jul 2009              "etc"
gbpkm.sys     17 Sep 2009       30344  "gbpkm.sys"
sptd.sys      16 Sep 2009      721904  "sptd.sys"
UMDF           6 Jul 2009              "UMDF"

5 items found:  2 files, 3 directories.
  Total of file sizes:  752.248 bytes    734,62 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers\etc: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\TEMP within the last 90 days.  

"C:\WINDOWS\Temp\"
gdql_o~1.log   2 Oct 2009         270  "gdql_oc_OcHealthMon.log"
peb1a9~1.dat   2 Oct 2009       16384  "Perflib_Perfdata_f0.dat"
pebce8~1.dat   2 Oct 2009       16384  "Perflib_Perfdata_390.dat"
qdiago~1.log   2 Oct 2009         270  "qdiagoc_OcHealthMon.log"

4 items found:  4 files, 0 directories.
  Total of file sizes:  33.308 bytes     32,53 K

************************************************************************************  

Checking for .COM files to Delete. They will only print if deleted! 

   Locating .COM files in the C:\WINDOWS\System32 folder 

"C:\WINDOWS\system32\"
chcp.com      28 Oct 2001        7680  "chcp.com"
command.com   28 Oct 2001       52472  "command.com"
diskcomp.com  28 Oct 2001        9216  "diskcomp.com"
diskcopy.com  28 Oct 2001        7168  "diskcopy.com"
edit.com      28 Oct 2001       70750  "edit.com"
format.com    28 Oct 2001       25600  "format.com"
graftabl.com  28 Oct 2001       26112  "graftabl.com"
graphics.com  28 Oct 2001       19918  "graphics.com"
kb16.com      28 Oct 2001       14950  "kb16.com"
loadfix.com   28 Oct 2001        1153  "loadfix.com"
locate.com    14 Jan 2005       11254  "locate.com"
mode.com      28 Oct 2001       19456  "mode.com"
more.com      28 Oct 2001       15872  "more.com"
tree.com      28 Oct 2001       11264  "tree.com"
win.com       28 Oct 2001       18432  "win.com"

15 items found:  15 files, 0 directories.
  Total of file sizes:  311.297 bytes    304,00 K

************************************************************************************  

Miscellaneous Malware Detections: 
------------------------------------------------------------------------------------  


   **** Delfin Media  {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****  

   **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****   

   **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****  

   **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****  

   **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****  

   **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****  

   **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****  

   **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****  

   **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****  

   **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****  

   **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****  

   **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****  

   **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****  

   **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****  

   **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****  

   **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****  

   **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****  

   **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****  

   **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****  

   **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****  

   **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****  

   **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****  

   **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****  

   **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****  

   **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****  

   **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****  

   **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****  

   **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****  

   **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****  

   **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****  

   **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****  

   **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****  

   **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****  

   **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****  

   **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****  

   **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****  

   **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****  

   **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****  

   **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****  

   **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****  

   **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****  

   **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****  

   **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****  

   **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****  

   **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****  

   **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****  

   **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****  

   **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****  

   **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****  

   **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****  

   **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****  

   **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****  

   **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****  

   **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****  

   **** Troj/Crafted-A  {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****  

   **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****  

   **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****  

   **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****  

   **** W32/Almanahe.a Worm NOT FOUND by this tool! **** 

   **** msctl32.dll SpamBot NOT FOUND by this tool! **** 

   **** KeyLogger NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR BOT-TYPE WORMS: 
--------------------------------------------------------------------------

   **** W32/Sdbot Worm NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: 
--------------------------------------------------------------------------

   **** i386p.* Stealthing Agent NOT FOUND by this tool! **** 

   **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** 

   **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** 

   **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** 

--------------------------------------------------------------------------
       CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: 
--------------------------------------------------------------------------

   **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****  

   **** CmdService adware NOT FOUND by this tool! ****  

   **** Network_Monitor adware NOT FOUND by this tool! ****  

   **** Trojan.Peacomm NOT FOUND by this tool! ****  

   **** Trojan.Peacomm windev NOT FOUND by this tool! ****  

   **** AVPE Haxdoor NOT FOUND by this tool! ****  

   **** MEMLOW Haxdoor NOT FOUND by this tool! ****  

   **** VDMT Haxdoor NOT FOUND by this tool! ****  

   **** YCSVGA Haxdoor NOT FOUND by this tool! ****  

   **** PPTP Haxdoor FOUND by this tool! **** 
        CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport 
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)

   **** DVB Haxdoor  NOT FOUND by this tool! ****  

   **** YVBB Haxdoor NOT FOUND by this tool! ****  

   **** YVPP Haxdoor NOT FOUND by this tool! ****  

   **** NKGFS Haxdoor NOT FOUND by this tool! ****  

   **** XMSK Haxdoor NOT FOUND by this tool! ****  

   **** AVPX Haxdoor NOT FOUND by this tool! ****  

   **** MMXF Haxdoor NOT FOUND by this tool! ****  

   **** DP1112 Vundo Rootkit NOT FOUND by this tool! ****  

   **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****  

   **** I386P Rootkit Driver NOT FOUND by this tool! ****  

   **** ERSSDD Rootkit NOT FOUND by this tool! ****  

   **** GencTurK RootKit NOT FOUND by this tool! ****  

   **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****  

   **** W32/Almanahe.sys NOT FOUND by this tool! ****  

************************************************************************************  

Dumping HKLM Uninstall Programs list 

  DisplayName	REG_SZ         	a-squared Free 4.5
  DisplayName	REG_SZ         	Adobe Flash Player 10 ActiveX
  DisplayName	REG_SZ         	Adobe Flash Player 10 Plugin
  DisplayName	REG_SZ         	Adobe Reader 9.1.2 - Português
  DisplayName	REG_SZ         	Adobe Shockwave Player 11.5
  DisplayName	REG_SZ         	Arquivo do WinRAR
  DisplayName	REG_SZ         	Assistente de Conexão do Windows Live
  DisplayName	REG_SZ         	Atualização para Windows XP (KB898461)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB914882)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB923845)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB932823-v3)
  DisplayName	REG_SZ         	Choice Guard
  DisplayName	REG_SZ         	CircuitMaker 2000 (Professional Edition)
  DisplayName	REG_SZ         	Counter-Strike
  DisplayName	REG_SZ         	Counter-Strike CP
  DisplayName	REG_SZ         	CyberScript v3.2
  DisplayName	REG_SZ         	ExplorerXP (remove only)
  DisplayName	REG_SZ         	Ferramenta de Carregamento do Windows Live
  DisplayName	REG_SZ         	Fraps (remove only)
  DisplayName	REG_SZ         	Free Mp3 Wma Converter V 1.81
  DisplayName	REG_SZ         	Free YouTube to Mp3 Converter version 3.1
  DisplayName	REG_SZ         	Garena
  DisplayName	REG_SZ         	GTOneCare
  DisplayName	REG_SZ         	Heroes of Newerth
  DisplayName	REG_SZ         	High Definition Audio Driver Package - KB888111
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB926239)
  DisplayName	REG_SZ         	Java(TM) 6 Update 16
  DisplayName	REG_SZ         	K-Lite Mega Codec Pack 5.1.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft Application Error Reporting
  DisplayName	REG_SZ         	Microsoft Compression Client Pack 1.0 for Windows XP
  DisplayName	REG_SZ         	Microsoft Office XP Professional com FrontPage
  DisplayName	REG_SZ         	Microsoft Protection Service
  DisplayName	REG_SZ         	Microsoft User-Mode Driver Framework Feature Pack 1.0
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
  DisplayName	REG_SZ         	Microsoft Windows Live OneCare Resources v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live AntiSpyware and AntiVirus
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
  DisplayName	REG_SZ         	mIRC
  DisplayName	REG_SZ         	Mozilla Firefox (3.5.3)
  DisplayName	REG_SZ         	MSVCRT
  DisplayName	REG_SZ         	MSXML 6.0 Parser (KB925673)
  DisplayName	REG_SZ         	NCsoft Launcher
  DisplayName	REG_SZ         	NewBlue 3D Explosions for Vegas
  DisplayName	REG_SZ         	NewBlue 3D Transformations for Vegas
  DisplayName	REG_SZ         	NewBlue Art Blends 2.0 for Vegas
  DisplayName	REG_SZ         	NewBlue Art Effects 2.0 for Vegas
  DisplayName	REG_SZ         	NewBlue Cartoonr for Vegas
  DisplayName	REG_SZ         	NewBlue Film Effects for Vegas
  DisplayName	REG_SZ         	NewBlue Motion Blends 2.0 for Vegas
  DisplayName	REG_SZ         	NewBlue Motion Effects 2.0 for Vegas
  DisplayName	REG_SZ         	NotePad++ 3.6
  DisplayName	REG_SZ         	NVIDIA Drivers
  DisplayName	REG_SZ         	Pando Media Booster
  DisplayName	REG_SZ         	PokerStars
  DisplayName	REG_SZ         	PX Engine
  DisplayName	REG_SZ         	Real Alternative 1.9.0
  DisplayName	REG_SZ         	Segoe UI
  DisplayName	REG_SZ         	Skype web features
  DisplayName	REG_SZ         	Skype™ 4.1
  DisplayName	REG_SZ         	Sony Vegas Pro 8.0
  DisplayName	REG_SZ         	SoundMAX
  DisplayName	REG_SZ         	Steam
  DisplayName	REG_SZ         	sXe Injected
  DisplayName	REG_SZ         	System Requirements Lab
  DisplayName	REG_SZ         	TeamSpeak 2 RC2
  DisplayName	REG_SZ         	Truco LigasOnline 1.1
  DisplayName	REG_SZ         	Uninstall 1.0.0.1
  DisplayName	REG_SZ         	VDownloader  0.83
  DisplayName	REG_SZ         	VeryPDF PDF2Word v3.0
  DisplayName	REG_SZ         	VobSub v2.23 (Remove Only)
  DisplayName	REG_SZ         	Warkeys 1.14.1.0b
  DisplayName	REG_SZ         	WebFldrs XP
  DisplayName	REG_SZ         	Windows Communication Foundation
  DisplayName	REG_SZ         	Windows Imaging Component
  DisplayName	REG_SZ         	Windows Internet Explorer 8
  DisplayName	REG_SZ         	Windows Live Call
  DisplayName	REG_SZ         	Windows Live Communications Platform
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Messenger
  DisplayName	REG_SZ         	Windows Live OneCare
  DisplayName	REG_SZ         	Windows Live OneCare safety scanner
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Presentation Foundation
  DisplayName	REG_SZ         	Windows Workflow Foundation
  DisplayName	REG_SZ         	XML Paper Specification Shared Components Pack 1.0
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates


#####################################################################################################


  -- All DONE! 

  ~ ShadowPuterDude ~

Logfile of HiJackFree v3.0
Scan saved at 19:21:51, on 2/10/2009
Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 8.0 Service Pack 2 (8.0.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\a-squared HiJackFree\a2hijackfree.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Arquivos de programas\Skype\Toolbars\Shared\SkypeNames.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO:  - {5C255C8A-E604-49b4-9D64-90988571CECB} - 
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\paint.exe" -autocheck
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKLM\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Run: [NCsoft Launcher] C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized
O7 - Regedit - Enabled
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\main.ico
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: https://www2.bancobrasil.com.br
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O20 - Winlogon Notify:  GbPluginBb - C:\WINDOWS\
O21 - ShellServiceObjectDelayLoad: PostBootReminder - 
O21 - ShellServiceObjectDelayLoad: CDBurn - 
O21 - ShellServiceObjectDelayLoad: WebCheck - 
O21 - ShellServiceObjectDelayLoad: SysTray - 
O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - 
O22 - SharedTaskScheduler: Pré-carregador Browseui - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: Serviço 'Gateway de camada de aplicativo' - C:\WINDOWS\System32\alg.exe
O23 - Service: Gerenciamento de aplicativo - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Áudio do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo - C:\WINDOWS\system32\svchost.exe
O23 - Service: Localizador de computadores - C:\WINDOWS\system32\svchost.exe
O23 - Service: Área de armazenamento - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Aplicativo de sistema COM+ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Serviços de criptografia - C:\WINDOWS\system32\svchost.exe
O23 - Service: Inicializador de Processo de Servidor DCOM - C:\WINDOWS\system32\svchost
O23 - Service: Cliente DHCP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Gerenciador de discos lógicos - C:\WINDOWS\System32\svchost.exe
O23 - Service: Cliente DNS - C:\WINDOWS\system32\svchost.exe
O23 - Service: Erro ao informar o serviço - C:\WINDOWS\System32\svchost.exe
O23 - Service: Log de eventos - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema de eventos COM+ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilidade com 'Troca rápida de usuário' - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: GarenaPEngine - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp
O23 - Service: Ajuda e suporte - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: Java Quick Starter - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Servidor - C:\WINDOWS\system32\svchost.exe
O23 - Service: Estação de trabalho - C:\WINDOWS\system32\svchost.exe
O23 - Service: Auxiliar NetBIOS TCP/IP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Coordenador de transações distribuídas - C:\WINDOWS\system32\msdtc.exe
O23 - Service: OneCare Firewall - C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: DDE de rede - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de rede - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logon de rede - C:\WINDOWS\system32\lsass.exe
O23 - Service: Conexões de rede - C:\WINDOWS\System32\svchost.exe
O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Reconhecimento de local da rede (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: nProtect GameGuard Service - C:\WINDOWS\system32\GameMon.des
O23 - Service: Fornecedor de suporte de segurança NT LM - C:\WINDOWS\system32\lsass.exe
O23 - Service: Armazenamento removível - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live OneCare Health Monitor - C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe
O23 - Service: OneCare AntiSpyware and AntiVirus - C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: Serviços IPSEC - C:\WINDOWS\system32\lsass.exe
O23 - Service: Armazenamento protegido - C:\WINDOWS\system32\lsass.exe
O23 - Service: Gerenciador de conexão de acesso remoto automático - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gerenciador de conexão de acesso remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gerenciador de sessão de ajuda de área de trabalho remota - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Roteamento e acesso remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Alocador Remote Procedure Call (RPC) - C:\WINDOWS\system32\locator.exe
O23 - Service: Chamada de procedimento remoto (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Gerenciador de contas de segurança - C:\WINDOWS\system32\lsass.exe
O23 - Service: Cartão inteligente - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Agendador de tarefas - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logon secundário - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notificação de eventos de sistema - C:\WINDOWS\system32\svchost.exe
O23 - Service: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS) - C:\WINDOWS\system32\svchost.exe
O23 - Service: Detecção do hardware do shell - C:\WINDOWS\System32\svchost.exe
O23 - Service: Spooler de impressão - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Serviço de restauração do sistema - C:\WINDOWS\system32\svchost.exe
O23 - Service: Serviço de descoberta SSDP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Assistente de aquisição de imagens do Windows (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Logs e alertas de desempenho - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviços de terminal - C:\WINDOWS\System32\svchost
O23 - Service: Temas - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliente de rastreamento de link distribuído - C:\WINDOWS\system32\svchost.exe
O23 - Service: Host de dispositivo Plug and Play universal - C:\WINDOWS\system32\svchost.exe
O23 - Service: Sistema de alimentação ininterrupta - C:\WINDOWS\System32\ups.exe
O23 - Service: Cópia de volume em memória - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Horário do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Cliente da Web - C:\WINDOWS\system32\svchost.exe
O23 - Service: Testador de instrumentação de gerenciam. do Windows - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live OneCare - C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Extensões de driver de instrum. gerenc. do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Adaptador de desempenho WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe
O23 - Service: Atualizações Automáticas - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
O23 - Service: Configuração zero sem fio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviço de Configuração de Rede - C:\WINDOWS\System32\svchost.exe

Share this post


Link to post
Share on other sites

Hi thiagodiniz

Welcome to the forum

As your log files show you are using such Software as "Garena Hack by Dota Utilities", which is gaming client for applying hacks / cracks etc.

If so, that is up to malware fighter to decide,

but as you read in the instruction http://forum.emsisoft.com/Default.aspx?g=posts&t=1930

there is a special clause about using illegal Software keygens /patches/cracks.

You must uninstall / remove all illegal Software before posting reports, otherwise you will not be assisted by malware fighter.

After that update a-squared, rescan and repost all log files into this thread.

My regards

Share this post


Link to post
Share on other sites

i have deleted all of my garena hacks, and here is the new logs;

a-squared Free - Versão 4.5
Última atualização 2/10/2009 18:08:35

Configurações da análise:

Scan type: deep
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Desligado
Análise de ADS: Ligado

Início da análise:	3/10/2009 10:23:51

Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\Bifrost --> klg 	detectado: Trace.Registry.Bifrost!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost --> nck 	detectado: Trace.Registry.Bifrost!A2
c:\documents and settings\administrador\dados de aplicativos\microsoft\internet explorer\quick launch\advanced virus remover.lnk 	detectado: Trace.File.Advanced Virus Remover 2009!A2
c:\documents and settings\administrador\menu iniciar\advanced virus remover.lnk 	detectado: Trace.File.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastD 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastScan 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> LastVFC 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
Value: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\Software\AVR --> VirList 	detectado: Trace.Registry.Advanced Virus Remover 2009!A2
c:\windows\system32\bifrost 	detectado: Trace.Directory.maxx.d.free.fr!A2
c:\windows\system32\bifrost\klog.dat 	detectado: Trace.File.maxx.d.free.fr!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run --> winupdate.exe 	detectado: Trace.Registry.trucount3001.com!A2
c:\windows\system32\winupdate.exe 	detectado: Trace.File.AdvancedVirusRemover!A2
Key: HKEY_USERS\S-1-5-21-1085031214-2111687655-682003330-500\software\AVR 	detectado: Trace.Registry.AdvancedVirusRemover!A2
C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe 	detectado: Riskware.MultiKeygenPatch!IK
C:\Program Files\AdvancedVirusRemover\PAVRM.exe 	detectado: Gen.Trojan!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe 	detectado: Trojan-Downloader.Win32.Banload!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe 	detectado: Trojan-Spy.Win32.PcGhost!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP76\A0010957.exe 	detectado: Gen.Trojan!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011022.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011038.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011054.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011068.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011297.exe 	detectado: Riskware.Client-IRC.Win32.mIRC!IK
C:\WINDOWS\system32\winupdate.exe 	detectado: Trojan-Downloader.Win32.FraudLoad!IK

Analisado

Arquivos: 	96631
Objetos: 	610667
Cookies: 	5
Processos: 	28

Encontrado

Arquivos: 	43
Objetos: 	13
Cookies: 	0
Processos: 	0
Chaves do registro: 	0

Fim da análise:	3/10/2009 11:34:22
Duração da análise:	1:10:31

 
************************************************************************************  
                                  ISeeYouXP v2.0 Beta 14  

                 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude 
                 ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan 
------------------------------------------------------------------------------------  
****  PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE  NOT  BADDIES!  **** 
  ****   PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.   **** 
************************************************************************************  

Windows/Browser/Java Versions: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Microsoft Windows XP Professional
Version:           5.1.2600
Service Pack:      2.0
Windows Directory: C:\WINDOWS
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Internet Explorer
Version:  8.0.6001.18702
Build:    86001
Language: Inglˆs (Estados Unidos)
Path:     C:\Arquivos de programas\Internet Explorer

Sun Microsystems Java Runtime 
Version: 1.6.0_16 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Boot State: Normal boot

Scan done at 11:37:22,54, s b 03/10/2009 

------------------------------------------------------------------------------------  

ISeeYouXP installation folder and files 

"C:\ISeeYouXP\"
bootst~1.vbs  28 May 2007         359  "bootstate.vbs"
change.log     8 Jun 2008        5012  "change.log"
chodefix.bat  18 Apr 2007        5387  "chodefix.bat"
fixchode.reg  18 Apr 2007         528  "fixChode.reg"
fixexp~1.bat  24 Feb 2007         487  "FixExplorerPolicies.bat"
getunk~1.bat  12 Aug 2006        1478  "GetUnKeys.bat"
grep.exe      24 Dec 2004      160768  "grep.exe"
hideit.bat    17 Oct 2007        1072  "HideIT.bat"
ieinfo.vbs    28 May 2007         514  "ieinfo.vbs"
iesecu~1.bat  28 Oct 2007          72  "IESecurityZones.bat"
iesecu~1.vbs   8 Nov 2007        2399  "IESecurityZones.vbs"
iseeyo~1.bat   8 Jun 2008      211377  "ISeeYouXP.bat"
libico~1.dll  16 Mar 2004      898048  "libiconv2.dll"
libintl3.dll   9 Oct 2004      101888  "libintl3.dll"
locate.com    14 Jan 2005       11254  "locate.com"
md5sum.exe     5 Aug 2007       49152  "md5sum.exe"
msconf~1.bat  24 Feb 2007         578  "MSConfigFix.bat"
osinfo.vbs    28 May 2007         598  "osinfo.vbs"
pcbutts.txt   25 Mar 2007        5167  "PCBUTTS.TXT"
pcre.dll      14 Nov 2004      183313  "pcre.dll"
pv.exe         3 Mar 2006       73728  "pv.exe"
regedi~1.bat  30 Mar 2007         650  "RegEditFix.bat"
regfix.bat    18 Apr 2007         145  "Regfix.bat"
servic~1.vbs  28 May 2007         672  "servicesinfo.vbs"
showit.bat    17 Oct 2007        1013  "ShowIT.bat"
swreg.exe      5 Apr 2007      139776  "swreg.exe"
system~1.bat  28 Feb 2007         369  "SystemRestoreFix.bat"
taskmg~1.bat  24 Feb 2007         288  "TaskMgrFix.bat"

28 items found:  28 files, 0 directories.
  Total of file sizes:  1.856.092 bytes      1,77 M

------------------------------------------------------------------------------------  

System Environment Variables  

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=LITE
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\LITE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
USERDOMAIN=LITE
USERNAME=Administrador
USERPROFILE=C:\Documents and Settings\Administrador
windir=C:\WINDOWS

------------------------------------------------------------------------------------ 

Showing any Pocket Killbox backup files 

No matches found.

------------------------------------------------------------------------------------ 

Displaying BOOT.INI: 

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

------------------------------------------------------------------------------------ 

Displaying SYSTEM.INI: 

; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON

------------------------------------------------------------------------------------ 

Displaying WIN.INI: 

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
wpl=MPEGVideo

------------------------------------------------------------------------------------ 

Displaying AUTOEXEC.BAT: 


------------------------------------------------------------------------------------ 

Displaying CONFIG.SYS: 


------------------------------------------------------------------------------------ 

Displaying Running Processes: 

 PROCESS            PID  PRIO     PATH 
smss.exe             580 Normal   C:\WINDOWS\System32\smss.exe 
csrss.exe            628 Normal   C:\WINDOWS\system32\csrss.exe 
winlogon.exe         668 High     C:\WINDOWS\system32\winlogon.exe 
services.exe         712 Normal   C:\WINDOWS\system32\services.exe 
lsass.exe            724 Normal   C:\WINDOWS\system32\lsass.exe 
GbpSv.exe            880 Normal   C:\ARQUIV~1\GbPlugin\GbpSv.exe 
svchost.exe          912 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe          980 Normal   C:\WINDOWS\system32\svchost.exe 
MsMpEng.exe         1072 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe 
svchost.exe         1116 Normal   C:\WINDOWS\System32\svchost.exe 
svchost.exe         1272 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe         1440 Normal   C:\WINDOWS\system32\svchost.exe 
Explorer.EXE        1468 Normal   C:\WINDOWS\Explorer.EXE 
spoolsv.exe         1604 Normal   C:\WINDOWS\system32\spoolsv.exe 
smax4pnp.exe        1756 Normal   C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe 
Smax4.exe           1768 Normal   C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe 
winssnotify.exe     1828 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe 
jusched.exe         1836 Normal   C:\Arquivos de programas\Java\jre6\bin\jusched.exe 
ctfmon.exe          1936 Normal   C:\WINDOWS\system32\ctfmon.exe 
a2service.exe       1352 Normal   C:\Arquivos de programas\a-squared Free\a2service.exe 
jqs.exe             1464 Idle     C:\Arquivos de programas\Java\jre6\bin\jqs.exe 
nvsvc32.exe         1740 Normal   C:\WINDOWS\system32\nvsvc32.exe 
OcHealthMon.exe      404 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe 
msfwsvc.exe         1088 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe 
winss.exe           1316 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe 
alg.exe             2928 Normal   C:\WINDOWS\System32\alg.exe 
msnmsgr.exe          248 Normal   C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe 
wlcomm.exe          2664 Normal   C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe 
cmd.exe             2980 Normal   C:\WINDOWS\system32\cmd.exe 
ntvdm.exe           2228 Normal   C:\WINDOWS\system32\ntvdm.exe 
wmiprvse.exe        1944 Normal   C:\WINDOWS\system32\wbem\wmiprvse.exe 
pv.exe              1844 Normal   C:\ISEEYO~1\pv.exe 

------------------------------------------------------------------------------------ 

Displaying Windows Services: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Name:           a2free
Display Name:   a-squared Free Service
  Description: Scans the PC for unwanted software and provides protection from malicious code
  Path Name:   "C:\Arquivos de programas\a-squared Free\a2service.exe"
  Start Mode:  Auto
  State:       Running

Name:           ALG
Display Name:   Servi‡o 'Gateway de camada de aplicativo'
  Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows.
  Path Name:   C:\WINDOWS\System32\alg.exe
  Start Mode:  Manual
  State:       Running

Name:           AppMgmt
Display Name:   Gerenciamento de aplicativo
  Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           aspnet_state
Display Name:   ASP.NET State Service
  Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  Start Mode:  Manual
  State:       Stopped

Name:           AudioSrv
Display Name:   µudio do Windows
  Description: Gerencia dispositivos de  udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de  udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           BITS
Display Name:   Servi‡o de transferˆncia inteligente de plano de fundo
  Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Browser
Display Name:   Localizador de computadores
  Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser  atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ClipSrv
Display Name:   µrea de armazenamento
  Description: Permite que o 'Visualizador da  rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da  rea de armazenamento' nÆo poder  compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\clipsrv.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           clr_optimization_v2.0.50727_32
Display Name:   .NET Runtime Optimization Service v2.0.50727_X86
  Description: Microsoft .NET Framework NGEN
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  Start Mode:  Manual
  State:       Stopped

Name:           COMSysApp
Display Name:   Aplicativo de sistema COM+
  Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar  adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar  ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Start Mode:  Manual
  State:       Stopped

Name:           CryptSvc
Display Name:   Servi‡os de criptografia
  Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           DcomLaunch
Display Name:   Inicializador de Processo de Servidor DCOM
  Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM.
  Path Name:   C:\WINDOWS\system32\svchost -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           Dhcp
Display Name:   Cliente DHCP
  Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           dmadmin
Display Name:   Servi‡o administrativo do gerenciador de disco l¢gico
  Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra.
  Path Name:   C:\WINDOWS\System32\dmadmin.exe /com
  Start Mode:  Manual
  State:       Stopped

Name:           dmserver
Display Name:   Gerenciador de discos l¢gicos
  Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Dnscache
Display Name:   Cliente DNS
  Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder  resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           ERSvc
Display Name:   Erro ao informar o servi‡o
  Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Eventlog
Display Name:   Log de eventos
  Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           EventSystem
Display Name:   Sistema de eventos COM+
  Description: D  suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser  fechado e nÆo poder  fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir  falhar ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           FastUserSwitchingCompatibility
Display Name:   Compatibilidade com 'Troca r pida de usu rio'
  Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           FontCache3.0.0.0
Display Name:   Windows Presentation Foundation Font Cache 3.0.0.0
  Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
  Path Name:   c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
  Start Mode:  Manual
  State:       Stopped

Name:           GbpSv
Display Name:   Gbp Service
  Description: Service for G-Buster Browser Defense
  Path Name:   C:\ARQUIV~1\GbPlugin\GbpSv.exe
  Start Mode:  Auto
  State:       Running

Name:           helpsvc
Display Name:   Ajuda e suporte
  Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar  dispon¡vel. Se esse servi‡o for desativado, haver  falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HidServ
Display Name:   HID Input Service
  Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HTTPFilter
Display Name:   HTTP SSL
  Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HTTPFilter
  Start Mode:  Manual
  State:       Stopped

Name:           idsvc
Display Name:   Windows CardSpace
  Description: Securely enables the creation, management, and disclosure of digital identities.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           JavaQuickStarterService
Display Name:   Java Quick Starter
  Description: Prefetches JRE files for faster startup of Java applets and applications
  Path Name:   "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf"
  Start Mode:  Auto
  State:       Running

Name:           lanmanserver
Display Name:   Servidor
  Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           lanmanworkstation
Display Name:   Esta‡Æo de trabalho
  Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           LmHosts
Display Name:   Auxiliar NetBIOS TCP/IP
  Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           MSDTC
Display Name:   Coordenador de transa‡äes distribu¡das
  Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. 
  Path Name:   C:\WINDOWS\system32\msdtc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           msfwsvc
Display Name:   OneCare Firewall
  Description: OneCare Firewall
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           MSIServer
Display Name:   Windows Installer
  Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\msiexec.exe /V
  Start Mode:  Manual
  State:       Stopped

Name:           NetDDE
Display Name:   DDE de rede
  Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           NetDDEdsdm
Display Name:   DSDM de DDE de rede
  Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. 
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           Netlogon
Display Name:   Logon de rede
  Description: D  suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Netman
Display Name:   Conexäes de rede
  Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           NetTcpPortSharing
Display Name:   Net.Tcp Port Sharing Service
  Description: Provides ability to share TCP ports over the net.tcp protocol.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
  Start Mode:  Disabled
  State:       Stopped

Name:           Nla
Display Name:   Reconhecimento de local da rede (NLA)
  Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           npggsvc
Display Name:   nProtect GameGuard Service
  Description: nProtect GameGuard Service
  Path Name:   C:\WINDOWS\system32\GameMon.des -service
  Start Mode:  Manual
  State:       Stopped

Name:           NtLmSsp
Display Name:   Fornecedor de suporte de seguran‡a NT LM
  Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           NtmsSvc
Display Name:   Armazenamento remov¡vel
  Description: 
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           NVSvc
Display Name:   NVIDIA Display Driver Service
  Description: Provides system and desktop level support to the NVIDIA display driver
  Path Name:   C:\WINDOWS\system32\nvsvc32.exe
  Start Mode:  Auto
  State:       Running

Name:           OcHealthMon
Display Name:   Windows Live OneCare Health Monitor
  Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped.
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe"
  Start Mode:  Auto
  State:       Running

Name:           OneCareMP
Display Name:   OneCare AntiSpyware and AntiVirus
  Description: Helps protect users from spyware and other potentially unwanted software
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
  Start Mode:  Auto
  State:       Running

Name:           PlugPlay
Display Name:   Plug and Play
  Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar  inst vel.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           PolicyAgent
Display Name:   Servi‡os IPSEC
  Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           ProtectedStorage
Display Name:   Armazenamento protegido
  Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           RasAuto
Display Name:   Gerenciador de conexÆo de acesso remoto autom tico
  Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           RasMan
Display Name:   Gerenciador de conexÆo de acesso remoto
  Description: Cria uma conexÆo de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           RDSessMgr
Display Name:   Gerenciador de sessÆo de ajuda de  rea de trabalho remota
  Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar  indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'.
  Path Name:   C:\WINDOWS\system32\sessmgr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RemoteAccess
Display Name:   Roteamento e acesso remoto
  Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           RemoteRegistry
Display Name:   Registro remoto
  Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder  ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           RpcLocator
Display Name:   Alocador Remote Procedure Call (RPC)
  Description: Gerencia o banco de dados do servi‡o de nomes RPC.
  Path Name:   C:\WINDOWS\system32\locator.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RpcSs
Display Name:   Chamada de procedimento remoto (RPC)
  Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados.
  Path Name:   C:\WINDOWS\system32\svchost -k rpcss
  Start Mode:  Auto
  State:       Running

Name:           RSVP
Display Name:   QoS RSVP
  Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle.
  Path Name:   C:\WINDOWS\system32\rsvp.exe
  Start Mode:  Manual
  State:       Stopped

Name:           SamSs
Display Name:   Gerenciador de contas de seguran‡a
  Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           SCardSvr
Display Name:   CartÆo inteligente
  Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder  ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\SCardSvr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Schedule
Display Name:   Agendador de tarefas
  Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           seclogon
Display Name:   Logon secund rio
  Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar  dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SENS
Display Name:   Notifica‡Æo de eventos de sistema
  Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia.  Notifica assinantes do Sistema de evento COM+ destes eventos.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SharedAccess
Display Name:   Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS)
  Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ShellHWDetection
Display Name:   Detec‡Æo do hardware do shell
  Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Spooler
Display Name:   Spooler de impressÆo
  Description: Carrega arquivos na mem¢ria para impressÆo posterior.
  Path Name:   C:\WINDOWS\system32\spoolsv.exe
  Start Mode:  Auto
  State:       Running

Name:           srservice
Display Name:   Servi‡o de restaura‡Æo do sistema
  Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades'
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SSDPSRV
Display Name:   Servi‡o de descoberta SSDP
  Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           stisvc
Display Name:   Assistente de aquisi‡Æo de imagens do Windows (WIA)
  Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras
  Path Name:   C:\WINDOWS\system32\svchost.exe -k imgsvc
  Start Mode:  Manual
  State:       Stopped

Name:           SwPrv
Display Name:   MS Software Shadow Copy Provider
  Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4}
  Start Mode:  Manual
  State:       Stopped

Name:           SysmonLog
Display Name:   Logs e alertas de desempenho
  Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\smlogsvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           TapiSrv
Display Name:   Telefonia
  Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           TermService
Display Name:   Servi‡os de terminal
  Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as  reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da  rea de trabalho remota (inclusive a  rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server.
  Path Name:   C:\WINDOWS\System32\svchost -k DComLaunch
  Start Mode:  Manual
  State:       Running

Name:           Themes
Display Name:   Temas
  Description: Fornece gerenciamento de temas para experiˆncia do usu rio.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           TlntSvr
Display Name:   Telnet
  Description: Permite que  um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder  nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\tlntsvr.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           TrkWks
Display Name:   Cliente de rastreamento de link distribu¡do
  Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           upnphost
Display Name:   Host de dispositivo Plug and Play universal
  Description: Oferece suporte para hospedar dispositivos Plug and Play universais.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           UPS
Display Name:   Sistema de alimenta‡Æo ininterrupta
  Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador.
  Path Name:   C:\WINDOWS\System32\ups.exe
  Start Mode:  Manual
  State:       Stopped

Name:           VSS
Display Name:   C¢pia de volume em mem¢ria
  Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\vssvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           W32Time
Display Name:   Hor rio do Windows
  Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar  dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados.

  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WebClient
Display Name:   Cliente da Web
  Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           winmgmt
Display Name:   Testador de instrumenta‡Æo de gerenciam. do Windows
  Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar  corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           winss
Display Name:   Windows Live OneCare
  Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats.
  Path Name:   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
  Start Mode:  Auto
  State:       Running

Name:           WmdmPmSN
Display Name:   Portable Media Serial Number Service
  Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Wmi
Display Name:   Extensäes de driver de instrum. gerenc. do Windows
  Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           WmiApSrv
Display Name:   Adaptador de desempenho WMI
  Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI.
  Path Name:   C:\WINDOWS\system32\wbem\wmiapsrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           WMPNetworkSvc
Display Name:   Servi‡o de Compartilhamento de Rede do Windows Media Player
  Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play
  Path Name:   "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           wuauserv
Display Name:   Atualiza‡äes Autom ticas
  Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser  capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WudfSvc
Display Name:   Windows Driver Foundation - User-mode Driver Framework
  Description: Manages user-mode driver host processes
  Path Name:   C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
  Start Mode:  Manual
  State:       Stopped

Name:           WZCSVC
Display Name:   Configura‡Æo zero sem fio
  Description: Fornece configura‡Æo autom tica para os adaptadores 802.11
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           xmlprov
Display Name:   Servi‡o de Configura‡Æo de Rede
  Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped


------------------------------------------------------------------------------------ 

Displaying LOG for Microsoft Windows Malicious Software Removal Tool: 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 13:51:38 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 15:19:56 2009

Extended Scan Results
----------------
Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
-> Sysclean ERROR: Internal error, code = 8050800C

Results Summary:
----------------
Found TrojanDownloader:Win32/Renos (detected generically)

Return code: 6
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009

Removal Tool Finished On Fri Oct 02 16:32:45 2009

---------------------------------------------------------------------------- 
   Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys 
       if Hidden = 0 then Hidden Files and Folders are not shown 
       if SuperHidden = 1 is the desired default value. 
       if ShowSuperHidden = 0 then System Files are not shown 
       if HideFileExt = 1 then File Extension are not shown 
   We want their values to be (from top to bottom) 1,1,1,0 
---------------------------------------------------------------------------- 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
  Hidden	REG_DWORD      	1 (0x1)
  SuperHidden	REG_DWORD      	1 (0x1)
  ShowSuperHidden	REG_DWORD      	1 (0x1)
  HideFileExt	REG_DWORD      	0 (0x0)

************************************************************************************  

Examining Select Windows Registry Keys 
------------------------------------------------------------------------------------ 

   -------------------------------------------------------------------------- 
       Items Found in ZoneMap\Domains: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

   ---------------------------------------------------------------------------- 
       Current User ZoneMap ProtocolDefaults 
   ---------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
  <NO NAME>	REG_SZ         	
  http	REG_DWORD      	3 (0x3)
  https	REG_DWORD      	3 (0x3)
  ftp	REG_DWORD      	3 (0x3)
  file	REG_DWORD      	3 (0x3)
  @ivt	REG_DWORD      	1 (0x1)
  shell	REG_DWORD      	0 (0x0)

   ---------------------------------------------------------------------------- 
           Default URL Prefix Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
  <NO NAME>	REG_SZ         	http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
  ftp	REG_SZ         	ftp://
  gopher	REG_SZ         	gopher://
  home	REG_SZ         	http://
  mosaic	REG_SZ         	http://
  www	REG_SZ         	http://

   -------------------------------------------------------------------------- 
           Startup Items Disabled via MSCONFIG: 
   -------------------------------------------------------------------------- 


   -------------------------------------------------------------------------- 
           Select AutoRun Registry Keys: 
   -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
  uTorrent	REG_SZ         	"C:\Arquivos de programas\uTorrent\uTorrent.exe"
  Skype	REG_SZ         	"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
  DAEMON Tools Lite	REG_SZ         	"C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
  NCsoft Launcher	REG_SZ         	C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized
  Advanced Virus Remover	REG_SZ         	C:\Program Files\AdvancedVirusRemover\PAVRM.exe


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  nwiz	REG_SZ         	nwiz.exe /install
  NvMediaCenter	REG_SZ         	RunDLL32.exe NvMCTray.dll,NvTaskbarInit
  High Definition Audio Property Page Shortcut	REG_SZ         	HDAShCut.exe
  SoundMAXPnP	REG_SZ         	C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
  SoundMAX	REG_SZ         	"C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
  Adobe Reader Speed Launcher	REG_SZ         	"C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  mspaint	REG_SZ         	"C:\WINDOWS\system32\paint.exe" -autocheck
  winupdate.exe	REG_SZ         	C:\WINDOWS\system32\winupdate.exe
  OneCareUI	REG_SZ         	"C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"
  SunJavaUpdateSched	REG_SZ         	"C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
  NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex


HKEY_USERS\.default\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-19\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-20\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

   -------------------------------------------------------------------------- 
           WinLogon Notify Registry Key: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  MaxWait	REG_DWORD      	258 (0x102)
  DllName	REG_SZ         	C:\Arquivos de programas\GbPlugin\gbieh.dll
  Startup	REG_SZ         	GbPluginEventStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	crypt32.dll
  Logoff	REG_SZ         	ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	cryptnet.dll
  Logoff	REG_SZ         	CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
  DLLName	REG_SZ         	cscdll.dll
  Logon	REG_SZ         	WinlogonLogonEvent
  Logoff	REG_SZ         	WinlogonLogoffEvent
  ScreenSaver	REG_SZ         	WinlogonScreenSaverEvent
  Startup	REG_SZ         	WinlogonStartupEvent
  Shutdown	REG_SZ         	WinlogonShutdownEvent
  StartShell	REG_SZ         	WinlogonStartShellEvent
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	SCardStartCertProp
  Logoff	REG_SZ         	SCardStopCertProp
  Lock	REG_SZ         	SCardSuspendCertProp
  Unlock	REG_SZ         	SCardResumeCertProp
  Enabled	REG_DWORD      	1 (0x1)
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  StartShell	REG_SZ         	SchedStartShell
  Logoff	REG_SZ         	SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
  Logoff	REG_SZ         	WLEventLogoff
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)
  DllName	REG_EXPAND_SZ  	sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
  DLLName	REG_SZ         	WlNotify.dll
  Lock	REG_SZ         	SensLockEvent
  Logon	REG_SZ         	SensLogonEvent
  Logoff	REG_SZ         	SensLogoffEvent
  Safe	REG_DWORD      	1 (0x1)
  MaxWait	REG_DWORD      	600 (0x258)
  StartScreenSaver	REG_SZ         	SensStartScreenSaverEvent
  StopScreenSaver	REG_SZ         	SensStopScreenSaverEvent
  Startup	REG_SZ         	SensStartupEvent
  Shutdown	REG_SZ         	SensShutdownEvent
  StartShell	REG_SZ         	SensStartShellEvent
  PostShell	REG_SZ         	SensPostShellEvent
  Disconnect	REG_SZ         	SensDisconnectEvent
  Reconnect	REG_SZ         	SensReconnectEvent
  Unlock	REG_SZ         	SensUnlockEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  Logoff	REG_SZ         	TSEventLogoff
  Logon	REG_SZ         	TSEventLogon
  PostShell	REG_SZ         	TSEventPostShell
  Shutdown	REG_SZ         	TSEventShutdown
  StartShell	REG_SZ         	TSEventStartShell
  Startup	REG_SZ         	TSEventStartup
  MaxWait	REG_DWORD      	600 (0x258)
  Reconnect	REG_SZ         	TSEventReconnect
  Disconnect	REG_SZ         	TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	RegisterTicketExpiredNotificationEvent
  Logoff	REG_SZ         	UnregisterTicketExpiredNotificationEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

   -------------------------------------------------------------------------- 
           Shared Task Scheduler Registry Items: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1}	REG_SZ         	Pré-carregador Browseui
  {8C7461EF-2B13-11d2-BE35-3078302C2030}	REG_SZ         	Daemon de cache de categorias de componente

   -------------------------------------------------------------------------- 
           Scheduled Tasks: 
   -------------------------------------------------------------------------- 

O volume na unidade C nÆo tem nome.
O n£mero de s‚rie do volume ‚ 50E8-DE77

Pasta de C:\WINDOWS\tasks

05/09/2009  08:48    <DIR>          .
05/09/2009  08:48    <DIR>          ..
28/10/2001  11:07                65 desktop.ini
03/10/2009  09:35                 6 SA.DAT
              2 arquivo(s)             71 bytes

    Total de arquivos na lista:
              2 arquivo(s)             71 bytes
              2 pasta(s) 114.403.422.208 bytes dispon¡veis
   HR     C:\WINDOWS\tasks\desktop.ini
A   H      C:\WINDOWS\tasks\SA.DAT

   ---------------------------------------------------------------------------- 
           ShellExecuteHooks Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
  {AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	
  {E37CB5F0-51F5-4395-A808-5FA49E399F83}	REG_SZ         	GbPlugin ShlObj

   ---------------------------------------------------------------------------- 
           ShellServiceObjectDelayLoad Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
  PostBootReminder	REG_SZ         	{7849596a-48ea-486e-8937-a2a3009f31a9}
  CDBurn	REG_SZ         	{fbeb8a05-beee-4442-804e-409d6c4515e9}
  WebCheck	REG_SZ         	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
  SysTray	REG_SZ         	{35CEC8A3-2BE6-11D2-8773-92E220524153}
  WPDShServiceObj	REG_SZ         	{AAA288BA-9A4C-45B0-95D7-94D524869DB5}

   ---------------------------------------------------------------------------- 
           ModuleUsage Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll
  .Owner	REG_SZ         	{5ED80217-570B-4DA9-BF44-BE107C0EC166}
  {5ED80217-570B-4DA9-BF44-BE107C0EC166}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           BHO Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
  <NO NAME>	REG_SZ         	AcroIEHelperStub
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}
  <NO NAME>	REG_SZ         	G-Buster Browser Defense

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
  <NO NAME>	REG_SZ         	JQSIEStartDetectorImpl
  NoExplorer	REG_DWORD      	1 (0x1)

    -------------------------------------------------------------------------- 
           Select Policy Keys: 
    -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)
  NoSetActiveDesktop	REG_DWORD      	1 (0x1)
  NoActiveDesktopChanges	REG_DWORD      	1 (0x1)


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
  DisableTaskMgr	REG_DWORD      	0 (0x0)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
  NoDesktopCleanupWizard	REG_DWORD      	1 (0x1)
  NoSetActiveDesktop	REG_DWORD      	1 (0x1)
  NoActiveDesktopChanges	REG_DWORD      	1 (0x1)


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
  dontdisplaylastusername	REG_DWORD      	0 (0x0)
  legalnoticecaption	REG_SZ         	
  legalnoticetext	REG_SZ         	
  shutdownwithoutlogon	REG_DWORD      	1 (0x1)
  undockwithoutlogon	REG_DWORD      	1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	145 (0x91)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)

************************************************************************************ 

Checking File System for suspicious Files 

-------------------------------------------------------------------------- 
   Items in the Root Directory: 
-------------------------------------------------------------------------- 

   Locating all files created in C:\ 

"C:\"
ARQUIV~1       6 Jul 2009              "Arquivos de programas"
autoexec.bat   6 Jul 2009           0  "AUTOEXEC.BAT"
boot.ini       6 Jul 2009         211  "boot.ini"
bootfont.bin  28 Oct 2001        4952  "Bootfont.bin"
config.sys     6 Jul 2009           0  "CONFIG.SYS"
DOCUME~1       6 Jul 2009              "Documents and Settings"
FRAPS         30 Jul 2009              "Fraps"
GOOGLE~1      21 Sep 2009              "GoogleAppEngine"
io.sys         6 Jul 2009           0  "IO.SYS"
ISEEYO~1       2 Oct 2009              "ISeeYouXP"
msdos.sys      6 Jul 2009           0  "MSDOS.SYS"
ntdetect.com   3 Aug 2004       47564  "NTDETECT.COM"
ntldr          3 Aug 2004      251168  "ntldr"
pagefile.sys   3 Oct 2009  1610612736  "pagefile.sys"
PROGRA~1      14 Jul 2009              "Program Files"
RECYCLER       6 Jul 2009              "RECYCLER"
SYSTEM~1       6 Jul 2009              "System Volume Information"
TMP            5 Sep 2009              "tmp"
WINDOWS        6 Jul 2009              "WINDOWS"

19 items found:  9 files (7 H/S), 10 directories (2 H/S).
  Total of file sizes:  1.610.916.631 bytes      1,50 G

-------------------------------------------------------------------------- 
   Locating all Backup files on C: 
-------------------------------------------------------------------------- 

   Locating all *.BAK* files 

"C:\Arquivos de programas\Analog Devices\SoundMAX\"
smaxlo~1.bak   6 Jul 2009        3322  "SMax.log.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"
sfs4rw~1.bak  10 Sep 2008     1188096  "sfs4rw.dll.bak"
vegas8~1.bak  10 Sep 2008    11515136  "vegas80.exe.bak"

"C:\WINDOWS\Debug\UserMode\"
userenv.bak   18 Sep 2009      309204  "userenv.bak"

"C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\"
mchamm~1.bak   6 Aug 2008     1317888  "mchammer.dll.bak"
sffrgp~1.bak  10 Sep 2008     1298688  "sffrgpnv.dll.bak"
sfppac~1.bak  10 Sep 2008     1665280  "sfppack1.dll.bak"
sfppac~2.bak  10 Sep 2008     1845504  "sfppack2.dll.bak"
sfppac~3.bak  10 Sep 2008     1561856  "sfppack3.dll.bak"
sfresf~1.bak   6 Aug 2008     1282048  "sfresfilter.dll.bak"
sftrkf~1.bak  10 Sep 2008     1531648  "sftrkfx1.dll.bak"
sfxpfx~1.bak  10 Sep 2008     1287936  "sfxpfx1.dll.bak"
sfxpfx~2.bak  10 Sep 2008     1291520  "sfxpfx2.dll.bak"
sfxpfx~3.bak  10 Sep 2008     1425664  "sfxpfx3.dll.bak"
xpviny~1.bak   6 Aug 2008     1340928  "xpvinyl.dll.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\"
spcons~1.bak  10 Sep 2008     1981952  "spconsoleopt.dll.bak"
spgenc~1.bak  10 Sep 2008     1696256  "spgenctrlopt.dll.bak"
spmack~1.bak  10 Sep 2008     1759744  "spmackiectrlopt.dll.bak"
tranzp~1.bak  10 Sep 2008      855552  "tranzport.dll.bak"

"C:\WINDOWS\Debug\Setup\Backup\"
hdaudi~1.bak   3 Oct 2009           0  "HDAUDIO_Backup.bak"
intppm~1.bak   3 Oct 2009           4  "INTPPM_Backup.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\"
ac3plu~1.bak  10 Sep 2008     2015488  "ac3plug.dll.bak"
ac3plu~2.bak  10 Sep 2008     1188096  "ac3plugrw.dll.bak"

"C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         141  "brndlog.bak"

"C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
profes~1.bak  31 Jul 2009      181272  "Professional_32_1046.dat.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"

"C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\"
data.bak      10 Feb 2001        1106  "DATA.BAK"

"C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

32 items found:  32 files, 0 directories.
  Total of file sizes:  42.432.683 bytes     40,46 M

-------------------------------------------------------------------------- 
   Locating all copies of Internet Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\Arquivos de programas\Internet Explorer\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\ie8\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

"C:\WINDOWS\system32\dllcache\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\"
iexplore.exe  13 Apr 2008       93184  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

5 items found:  5 files, 0 directories.
  Total of file sizes:  1.557.184 bytes      1,48 M

-------------------------------------------------------------------------- 
   Locating all copies of beep.sy_ on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

No matches found.

-------------------------------------------------------------------------- 
   Locating all copies of beep.sys on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\WINDOWS\system32\drivers\"
beep.sys      28 Oct 2001        4224  "beep.sys"

1 item found:  1 file, 0 directories.
  Total of file sizes:  4.224 bytes      4,13 K

-------------------------------------------------------------------------- 
   Locating all copies of Windows Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Windows Explorer 

"C:\WINDOWS\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\"
explorer.exe  13 Apr 2008     1035776  "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

3 items found:  3 files, 0 directories.
  Total of file sizes:  3.104.256 bytes      2,96 M

--------------------------------------------------------------------------
   Items in Document and Settings: 
--------------------------------------------------------------------------

    Listing contents of C:\Documents and Settings 

"C:\Documents and Settings\"
ADMINI~1       6 Jul 2009              "Administrador"
ALLUSE~1       6 Jul 2009              "All Users"
DEFAUL~1       6 Jul 2009              "Default User"
LOCALS~1       6 Jul 2009              "LocalService"
NETWOR~1       6 Jul 2009              "NetworkService"

5 items found:  0 files, 5 directories (3 H/S).

    --------------------------------------------------------------------------
           Desktop Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. 

"C:\Documents and Settings\Administrador\Desktop\"
amplif~1.pdf  14 Sep 2009      118950  "Amplificador em Cascata.pdf"
backup.reg    27 Sep 2009    11647698  "backup.reg"
C__~1         22 Sep 2009              "C++"
cnpq.doc      19 Sep 2009       41472  "CNPQ.doc"
codigo~1.txt  23 Sep 2009          10  "codigo orquidea.txt"
counte~1.lnk  24 Sep 2009        1683  "Counter Strike 1.6 Non Steam.lnk"
c__exe~1.lnk  23 Sep 2009         762  "c++.exe.lnk"
DATASH~1      30 Sep 2009              "datasheet"
eletrn~1.rar  30 Aug 2009   101890014  "Eletr“nica - Dispositivos Eletr“nicos e Teoria de Circuitos - Robert L. Boylestad.rar"
exercc~1.doc  18 Sep 2009      423936  "EXERCÖCIO SOBRE O FILME RASTROS DE àDIO.doc"
garena.lnk    11 Sep 2009         710  "Garena.lnk"
heroes~1.lnk  18 Jul 2009        1660  "Heroes of Newerth.lnk"
LOGS           2 Oct 2009              "LOGS"
MANOEL         3 Sep 2009              "manoel"
mozill~1.lnk   6 Jul 2009        1692  "Mozilla Firefox.lnk"
orquidea.mht  26 Aug 2009     1305854  "ORQUIDEA.mht"
VIRUS          2 Oct 2009              "VIRUS"
window~1.lnk   6 Jul 2009        1871  "Windows Live Messenger .lnk"

18 items found:  13 files, 5 directories.
  Total of file sizes:  115.436.312 bytes    110,09 M

   Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. 

"C:\Documents and Settings\All Users\Desktop\"
adober~1.lnk   6 Jul 2009        1769  "Adobe Reader 9.lnk"
mozill~1.lnk   6 Jul 2009        1674  "Mozilla Firefox.lnk"
pokers~1.lnk  14 Sep 2009         792  "PokerStars.lnk"
steam.lnk      1 Oct 2009        2255  "Steam.lnk"
trucol~1.lnk  10 Sep 2009         802  "Truco LigasOnline.lnk"

5 items found:  5 files, 0 directories.
  Total of file sizes:  7.292 bytes      7,12 K

    --------------------------------------------------------------------------
           Start Menu Items: 
    --------------------------------------------------------------------------

   Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           Application Data Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           C:\Documents and Settings\Administrador\Local Settings\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. 

    --------------------------------------------------------------------------
           Items in Templates Folder: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Templates 

No matches found.

--------------------------------------------------------------------------
           Items in Program Files: 
--------------------------------------------------------------------------

   Locating all files created in C:\Arquivos de programas\ within the last 90 days. 

"C:\Arquivos de programas\"
A-SQUA~1       2 Oct 2009              "a-squared HiJackFree"
A-SQUA~2       2 Oct 2009              "a-squared Free"
ADOBE          6 Jul 2009              "Adobe"
ANALOG~1       6 Jul 2009              "Analog Devices"
ARQUIV~1       6 Jul 2009              "Arquivos comuns"
CODEBL~1      22 Sep 2009              "CodeBlocks"
CSPIRA~1      24 Sep 2009              "cspiratao"
DAEMON~1      16 Sep 2009              "DAEMON Tools Lite"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
EXPLOR~1       2 Oct 2009              "ExplorerXP"
FREEAU~1      10 Sep 2009              "Free Audio Pack"
GABEST         4 Sep 2009              "Gabest"
GARENA        11 Sep 2009              "Garena"
GBPLUGIN       4 Aug 2009              "GbPlugin"
HEROES~1      18 Jul 2009              "Heroes of Newerth"
INSTAL~1       6 Jul 2009              "InstallShield Installation Information"
INTERN~1       6 Jul 2009              "Internet Explorer"
JAVA           4 Aug 2009              "Java"
K-LITE~1       6 Jul 2009              "K-Lite Codec Pack"
LIGASO~1      10 Sep 2009              "LigasOnline"
MICROS~1       6 Jul 2009              "Microsoft"
MICROS~2       6 Jul 2009              "Microsoft Office"
MICROS~3       1 Oct 2009              "Microsoft Windows OneCare Live"
MOZILL~1       6 Jul 2009              "Mozilla Firefox"
MSBUILD       30 Jul 2009              "MSBuild"
NCSOFT        25 Sep 2009              "NCSoft"
NOTEPA~1       6 Jul 2009              "Notepad++"
OUTLOO~1       6 Jul 2009              "Outlook Express"
PANDON~1      20 Sep 2009              "Pando Networks"
POKERS~1      14 Sep 2009              "PokerStars"
REALAL~1      31 Aug 2009              "Real Alternative"
REFERE~1      30 Jul 2009              "Reference Assemblies"
REPLAY~1      30 Jul 2009              "ReplaySeeker"
SKYPE         17 Aug 2009              "Skype"
SONY          30 Jul 2009              "Sony"
SONYSE~1      30 Jul 2009              "Sony Setup"
STEAM          8 Aug 2009              "Steam"
SYSTEM~1      16 Sep 2009              "SystemRequirementsLab"
TEAMSP~1      28 Jul 2009              "Teamspeak2_RC2"
UTORRENT       6 Jul 2009              "uTorrent"
VDOWNL~1       2 Aug 2009              "VDOWNLOADER"
VERYPD~1.0     5 Sep 2009              "VeryPDF PDF2Word v3.0"
VIA            6 Jul 2009              "VIA"
WARCRA~1       6 Jul 2009              "Warcraft III"
WARKEYS        1 Aug 2009              "Warkeys"
WI4DF6~1       6 Jul 2009              "Windows Media Connect 2"
WINDOW~1       6 Jul 2009              "Windows Media Player"
WINDOW~2       1 Oct 2009              "Windows Live Safety Center"
WINDOW~3       6 Jul 2009              "Windows Live"
WINDOW~4       6 Jul 2009              "Windows Live SkyDrive"
WINRAR         6 Jul 2009              "WinRAR"

51 items found:  0 files, 51 directories (1 H/S).

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\"
ADOBE          6 Jul 2009              "Adobe"
DESIGNER       6 Jul 2009              "Designer"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
ESELLE~1      31 Jul 2009              "eSellerate"
INSTAL~1       6 Jul 2009              "InstallShield"
MICROS~1       6 Jul 2009              "Microsoft Shared"
MSSOAP         6 Jul 2009              "MSSoap"
SERVI€OS       6 Jul 2009              "Servi‡os"
SKYPE         17 Aug 2009              "Skype"
SYSTEM         6 Jul 2009              "System"
WINDOW~1       6 Jul 2009              "Windows Live"

11 items found:  0 files, 11 directories.

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\"
1033           6 Jul 2009              "1033"
1046           6 Jul 2009              "1046"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\"
WEBVIEW        6 Jul 2009              "WebView"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\"
IMAGES         6 Jul 2009              "Images"

4 items found:  0 files, 4 directories.

--------------------------------------------------------------------------
           Items in the Windows Directory: 
--------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\ within the last 90 days.  

"C:\WINDOWS\"
$HF_MIG$      20 Aug 2009              "$hf_mig$"
$N18DC~1      20 Aug 2009              "$NtUninstallKB932823-v3$"
$N4AE6~1       2 Oct 2009              "$NtUninstallKB898461$"
$N4CEE~1       1 Oct 2009              "$NtUninstallKB914882$"
$N4EC9~1      30 Jul 2009              "$NtUninstallWIC$"
$N68C8~1       1 Oct 2009              "$NtUninstallKB923845$"
$N6CC0~1       6 Jul 2009              "$NtUninstallKB926239$"
$N89D7~1       6 Jul 2009              "$NtUninstallMSCompPackV1$"
$NTUNI~1       6 Jul 2009              "$NtUninstallKB888111WXPSP2$"
$NTUNI~2       6 Jul 2009              "$NtUninstallWudf01000$"
$NTUNI~3       6 Jul 2009              "$NtUninstallWMFDist11$"
$NTUNI~4       6 Jul 2009              "$NtUninstallwmp11$"
0.log          3 Oct 2009           0  "0.log"
ADDINS         6 Jul 2009              "addins"
APPPATCH       6 Jul 2009              "AppPatch"
ascd_tmp.ini   6 Jul 2009       13327  "Ascd_tmp.ini"
ASSEMBLY      30 Jul 2009              "assembly"
ASUSIN~1       6 Jul 2009              "ASUSInstAll"
as_debug.txt   6 Jul 2009           0  "AS_Debug.txt"
bitsse~1.log   6 Jul 2009        1880  "bitssetup.log"
bootstat.dat   3 Oct 2009        2048  "bootstat.dat"
cmsetacl.log   6 Jul 2009         200  "cmsetacl.log"
comsetup.log   2 Oct 2009       40389  "comsetup.log"
CONFIG         6 Jul 2009              "Config"
CONNEC~1       6 Jul 2009              "Connection Wizard"
control.ini    6 Jul 2009           0  "control.ini"
CSC            6 Jul 2009              "CSC"
CURSORS        6 Jul 2009              "Cursors"
DEBUG          6 Jul 2009              "Debug"
directx.log    6 Jul 2009       32896  "Directx.log"
DOWNLO~1       6 Jul 2009              "Downloaded Program Files"
DRIVER~1       6 Jul 2009              "Driver Cache"
dtcins~1.log   6 Jul 2009         133  "DtcInstall.log"
entpack.ini   17 Sep 2009          34  "entpack.ini"
FONTS          6 Jul 2009              "Fonts"
HELP           6 Jul 2009              "Help"
IE8           20 Aug 2009              "ie8"
ie8.log       20 Aug 2009       56162  "ie8.log"
ie8_main.log  20 Aug 2009       95329  "ie8_main.log"
IME            6 Jul 2009              "ime"
INF            6 Jul 2009              "inf"
INSTAL~1       6 Jul 2009              "Installer"
JAVA           6 Jul 2009              "java"
kb888111.log   6 Jul 2009        4936  "KB888111.log"
kb898461.log   2 Oct 2009        7722  "KB898461.log"
kb926239.log   6 Jul 2009        9921  "KB926239.log"
kb9328~1.log  20 Aug 2009        8365  "KB932823-v3.log"
kb950974.log   3 Oct 2009        9541  "KB950974.log"
kb951748.log   3 Oct 2009        8731  "KB951748.log"
kb952004.log   3 Oct 2009        9001  "KB952004.log"
kb952954.log   3 Oct 2009        9995  "KB952954.log"
kb956802.log   3 Oct 2009        8165  "KB956802.log"
kb959426.log   3 Oct 2009        9917  "KB959426.log"
kb960225.log   3 Oct 2009        9265  "KB960225.log"
kb960803.log   3 Oct 2009        8624  "KB960803.log"
kb960859.log   3 Oct 2009        9814  "KB960859.log"
kb9613~1.log   3 Oct 2009        9764  "KB961371-v2.log"
kb961501.log   3 Oct 2009        9178  "KB961501.log"
kb961503.log   3 Oct 2009        9720  "KB961503.log"
kb967715.log   3 Oct 2009        8822  "KB967715.log"
kb968389.log   2 Oct 2009        3875  "KB968389.log"
kb968537.log   3 Oct 2009        8600  "KB968537.log"
kb970238.log   3 Oct 2009       11942  "KB970238.log"
kb971032.log   3 Oct 2009        7777  "KB971032.log"
kb971557.log   3 Oct 2009        9351  "KB971557.log"
kb971633.log   3 Oct 2009        9088  "KB971633.log"
kb971657.log   3 Oct 2009        9446  "KB971657.log"
kb973507.log   3 Oct 2009        8891  "KB973507.log"
kb973815.log   3 Oct 2009        8523  "KB973815.log"
LASTGOOD       3 Oct 2009              "LastGood"
LOGS          18 Jul 2009              "Logs"
MEDIA          6 Jul 2009              "Media"
MICROS~1.NET  30 Jul 2009              "Microsoft.NET"
MSAGENT        6 Jul 2009              "Msagent"
MSAPPS         6 Jul 2009              "msapps"
mscomp~1.log   6 Jul 2009        7399  "MSCompPackV1.log"
msmqinst.log   2 Oct 2009       33722  "msmqinst.log"
MUI            6 Jul 2009              "mui"
netfxocm.log   2 Oct 2009       15157  "netfxocm.log"
nsreg.dat      6 Jul 2009           0  "nsreg.dat"
ntdtcs~1.log   2 Oct 2009       22877  "ntdtcsetup.log"
NVIEW          6 Jul 2009              "nview"
ocgen.log      2 Oct 2009       27526  "ocgen.log"
odbc.ini       6 Jul 2009         421  "ODBC.INI"
odbcinst.ini   6 Jul 2009        4205  "ODBCINST.INI"
oewablog.txt   6 Jul 2009         841  "OEWABLog.txt"
OFFLIN~1       6 Jul 2009              "Offline Web Pages"
PCHEALTH       6 Jul 2009              "pchealth"
pdf2word.ini   5 Sep 2009         358  "pdf2word.INI"
PEERNET        6 Jul 2009              "PeerNet"
PIF           16 Sep 2009              "PIF"
PREFETCH       6 Jul 2009              "Prefetch"
PROVIS~1       6 Jul 2009              "Provisioning"
REGIST~1       6 Jul 2009              "Registration"
regopt.log     6 Jul 2009        1182  "regopt.log"
REPAIR         6 Jul 2009              "repair"
RESOUR~1       6 Jul 2009              "Resources"
schedlgu.txt   2 Oct 2009       32514  "SchedLgU.Txt"
SECURITY       6 Jul 2009              "security"
sessmg~1.log   6 Jul 2009        1022  "sessmgr.setup.log"
setupact.log   2 Oct 2009       96141  "setupact.log"
setupapi.log   3 Oct 2009      499895  "setupapi.log"
setuperr.log   6 Jul 2009           0  "setuperr.log"
setuplog.txt   6 Jul 2009      542893  "setuplog.txt"
SHELLNEW       6 Jul 2009              "ShellNew"
sminst~1.log   6 Jul 2009       10436  "SMinstall.log"
SOFTWA~1       6 Jul 2009              "SoftwareDistribution"
spupdsvc.log  20 Aug 2009        8473  "spupdsvc.log"
sti_tr~1.log   6 Jul 2009           0  "Sti_Trace.log"
SUN            4 Aug 2009              "Sun"
svcpack.log    3 Oct 2009       48448  "svcpack.log"
SYSTEM         6 Jul 2009              "system"
system.ini     6 Jul 2009         231  "system.ini"
SYSTEM32       6 Jul 2009              "system32"
TASKS          6 Jul 2009              "Tasks"
TEMP           6 Jul 2009              "Temp"
tsoc.log       2 Oct 2009       39386  "tsoc.log"
TWAIN_32       6 Jul 2009              "twain_32"
updspapi.log   1 Oct 2009       17986  "updspapi.log"
vb.ini         6 Jul 2009          36  "vb.ini"
vbaddin.ini    6 Jul 2009          37  "vbaddin.ini"
war3unin.dat   6 Jul 2009       86157  "War3Unin.dat"
war3unin.exe   6 Jul 2009      139264  "War3Unin.exe"
war3unin.pif   6 Jul 2009        2829  "War3Unin.pif"
WBEM          20 Aug 2009              "WBEM"
WEB            6 Jul 2009              "Web"
wiadebug.log  26 Sep 2009         216  "wiadebug.log"
wiaservc.log  26 Sep 2009          49  "wiaservc.log"
win.ini        6 Jul 2009         603  "win.ini"
window~1.log   3 Oct 2009     1704556  "WindowsUpdate.log"
window~1.man   6 Jul 2009         749  "WindowsShell.Manifest"
WINSXS         6 Jul 2009              "WinSxS"
wmfdis~1.log   6 Jul 2009       30201  "WMFDist11.log"
wmp11.log      6 Jul 2009       22035  "wmp11.log"
wmsetup.log    3 Oct 2009       55922  "wmsetup.log"
wmsetu~1.log   6 Jul 2009        2096  "wmsetup10.log"
wmsyspr9.prx   6 Jul 2009      316640  "WMSysPr9.prx"
wudf01~1.log   6 Jul 2009        8381  "Wudf01000Inst.log"

138 items found:  79 files (2 H/S), 59 directories (21 H/S).
  Total of file sizes:  4.252.256 bytes      4,05 M

    --------------------------------------------------------------------------
           C:\WINDOWS\Downloaded Program Files: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.  

"C:\WINDOWS\Downloaded Program Files\"
desktop.ini    6 Jul 2009          65  "desktop.ini"
wlscbase.dll   9 Sep 2009      452488  "wlscBase.dll"
wlscbase.inf   9 Sep 2009         321  "wlscBase.inf"

3 items found:  3 files (1 H/S), 0 directories.
  Total of file sizes:  452.874 bytes    442,26 K

    --------------------------------------------------------------------------
           C:\WINDOWS\PCHealth\HelpCtr\Binaries: 
    --------------------------------------------------------------------------

   Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries 

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll   28 Oct 2001       21504  "brpinfo.dll"
hcappres.dll  28 Oct 2001        7168  "HCAppRes.dll"
helpctr.exe    3 Aug 2004      768512  "HelpCtr.exe"
helphost.exe  28 Oct 2001       99840  "HelpHost.exe"
helpsvc.exe    3 Aug 2004      743936  "HelpSvc.exe"
hscsp_w3.cab  17 Jul 2004      324700  "hscsp_w3.cab"
hscupd.exe     3 Aug 2004       18944  "HscUpd.exe"
msconfig.exe   3 Aug 2004      159744  "msconfig.exe"
msinfo.dll     3 Aug 2004      380928  "msinfo.dll"
notiflag.exe  28 Oct 2001       35328  "notiflag.exe"
pchdt_w3.cab   3 Aug 2004     2768982  "pchdt_w3.cab"
pchshell.dll   3 Aug 2004      102400  "pchshell.dll"
pchsvc.dll     3 Aug 2004       38912  "pchsvc.dll"

13 items found:  13 files, 0 directories.
  Total of file sizes:  5.470.898 bytes      5,21 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system within the last 90 days.  

"C:\WINDOWS\system\"
tapi.tlb      25 Sep 2009           1  "tapi.tlb"

1 item found:  1 file, 0 directories.
  Total of file sizes:  1 byte       0,00 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32 within the last 90 days.  

"C:\WINDOWS\system32\"
$winnt$.inf    6 Jul 2009         987  "$winnt$.inf"
1025           6 Jul 2009              "1025"
1028           6 Jul 2009              "1028"
1031           6 Jul 2009              "1031"
1033           6 Jul 2009              "1033"
1037           6 Jul 2009              "1037"
1041           6 Jul 2009              "1041"
1042           6 Jul 2009              "1042"
1046           6 Jul 2009              "1046"
1054           6 Jul 2009              "1054"
18467.exe      2 Oct 2009           0  "18467.exe"
2052           6 Jul 2009              "2052"
3076           6 Jul 2009              "3076"
3COM_DMI       6 Jul 2009              "3com_dmi"
41.exe         3 Oct 2009           0  "41.exe"
6334.exe       1 Oct 2009           0  "6334.exe"
ADOBE         10 Aug 2009              "Adobe"
amcompat.tlb   6 Jul 2009       16832  "amcompat.tlb"
APPMGMT        5 Sep 2009              "appmgmt"
BIFROST       21 Sep 2009              "Bifrost"
BITS           1 Oct 2009              "bits"
CATROOT        6 Jul 2009              "CatRoot"
CATROOT2       6 Jul 2009              "CatRoot2"
CATROO~1       2 Oct 2009              "CatRoot_bak"
cdplay~1.man   6 Jul 2009         749  "cdplayer.exe.manifest"
COM            6 Jul 2009              "Com"
CONFIG         6 Jul 2009              "config"
config.nt      6 Jul 2009        2969  "CONFIG.NT"
deploytk.dll  31 Jul 2009      411368  "deploytk.dll"
detoured.dll  10 Sep 2009        4096  "detoured.dll"
DHCP           6 Jul 2009              "dhcp"
DIRECTX        6 Jul 2009              "DirectX"
divx.dll      13 Jul 2009      685056  "divx.dll"
DLLCACHE       6 Jul 2009              "dllcache"
dpl100.dll    13 Jul 2009       90112  "dpl100.dll"
DRIVERS        6 Jul 2009              "drivers"
DRVSTORE       1 Oct 2009              "DRVSTORE"
emptyr~1.dat   6 Jul 2009       21844  "emptyregdb.dat"
EN-US         30 Jul 2009              "en-us"
EXPORT         6 Jul 2009              "export"
ezsidmv.dat   17 Aug 2009          56  "ezsidmv.dat"
fntcache.dat   2 Oct 2009      112584  "FNTCACHE.DAT"
gamemon.des   15 Sep 2009     3363184  "GameMon.des"
GROUPP~1       1 Oct 2009              "GroupPolicy"
h323log.txt    6 Jul 2009           0  "h323log.txt"
IAS            6 Jul 2009              "ias"
ICSXML         6 Jul 2009              "icsxml"
java.exe      31 Jul 2009      145184  "java.exe"
javacpl.cpl   31 Jul 2009       73728  "javacpl.cpl"
javaw.exe     31 Jul 2009      145184  "javaw.exe"
javaws.exe    31 Jul 2009      149280  "javaws.exe"
jupdat~1.log   2 Oct 2009        3973  "jupdate-1.6.0_16-b01.log"
lhacm.acm     28 Jul 2009       34064  "lhacm.acm"
LOGFILES       6 Jul 2009              "LogFiles"
logonu~1.man   6 Jul 2009         488  "logonui.exe.manifest"
MACROMED       6 Jul 2009              "Macromed"
MICROS~1       6 Jul 2009              "Microsoft"
mrt.exe       28 Aug 2009    24689600  "MRT.exe"
MSDTC          6 Jul 2009              "MsDtc"
MUI            6 Jul 2009              "mui"
ncpacp~1.man   6 Jul 2009         749  "ncpa.cpl.manifest"
NPP            6 Jul 2009              "npp"
nscompat.tlb   6 Jul 2009       23392  "nscompat.tlb"
nvapps.xml     3 Oct 2009       63804  "nvapps.xml"
nwccpl~1.man   6 Jul 2009         749  "nwc.cpl.manifest"
paint.exe     12 Sep 2009       94209  "Paint.exe"
perfc009.dat  30 Jul 2009       65106  "perfc009.dat"
perfc016.dat  30 Jul 2009       73440  "perfc016.dat"
perfh009.dat  30 Jul 2009      425082  "perfh009.dat"
perfh016.dat  30 Jul 2009      457508  "perfh016.dat"
perfst~1.ini  30 Jul 2009     1028686  "PerfStringBackup.INI"
PREINS~1       2 Oct 2009              "PreInstall"
PT-BR         20 Aug 2009              "pt-BR"
RAS            6 Jul 2009              "ras"
REINST~1       6 Jul 2009              "ReinstallBackups"
RESTORE        6 Jul 2009              "Restore"
sapicp~1.man   6 Jul 2009         749  "sapi.cpl.manifest"
SETUP          6 Jul 2009              "Setup"
SHELLEXT       6 Jul 2009              "ShellExt"
SOFTWA~1       1 Oct 2009              "SoftwareDistribution"
SPOOL          6 Jul 2009              "spool"
USMT           6 Jul 2009              "usmt"
WBEM           6 Jul 2009              "wbem"
window~1.man   6 Jul 2009         488  "WindowsLogon.manifest"
WINS           6 Jul 2009              "wins"
winupd~1.exe   1 Oct 2009       45568  "winupdate.exe"
wpa.dbl       30 Sep 2009        2206  "wpa.dbl"
wuaucp~1.man   6 Jul 2009         749  "wuaucpl.cpl.manifest"
x264vfw.dll   29 Jul 2009     2378752  "x264vfw.dll"
XPSVIE~1      30 Jul 2009              "XPSViewer"

90 items found:  40 files (8 H/S), 50 directories (2 H/S).
  Total of file sizes:  34.612.575 bytes     33,01 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\com: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\com within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\components: 
    --------------------------------------------------------------------------
   Locating all files created in C:\WINDOWS\system32\components within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.  

"C:\WINDOWS\system32\drivers\"
DISDN          6 Jul 2009              "disdn"
ETC            6 Jul 2009              "etc"
gbpkm.sys     17 Sep 2009       30344  "gbpkm.sys"
sptd.sys      16 Sep 2009      721904  "sptd.sys"
UMDF           6 Jul 2009              "UMDF"

5 items found:  2 files, 3 directories.
  Total of file sizes:  752.248 bytes    734,62 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers\etc: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\TEMP within the last 90 days.  

"C:\WINDOWS\Temp\"
gdql_o~1.log   3 Oct 2009         268  "gdql_oc_OcHealthMon.log"
perfli~1.dat   3 Oct 2009       16384  "Perflib_Perfdata_5b8.dat"
perfli~3.dat   3 Oct 2009       16384  "Perflib_Perfdata_524.dat"
qdiago~1.log   3 Oct 2009         266  "qdiagoc_OcHealthMon.log"

4 items found:  4 files, 0 directories.
  Total of file sizes:  33.302 bytes     32,52 K

************************************************************************************  

Checking for .COM files to Delete. They will only print if deleted! 

   Locating .COM files in the C:\WINDOWS\System32 folder 

"C:\WINDOWS\system32\"
chcp.com      28 Oct 2001        7680  "chcp.com"
command.com   28 Oct 2001       52472  "command.com"
diskcomp.com  28 Oct 2001        9216  "diskcomp.com"
diskcopy.com  28 Oct 2001        7168  "diskcopy.com"
edit.com      28 Oct 2001       70750  "edit.com"
format.com    28 Oct 2001       25600  "format.com"
graftabl.com  28 Oct 2001       26112  "graftabl.com"
graphics.com  28 Oct 2001       19918  "graphics.com"
kb16.com      28 Oct 2001       14950  "kb16.com"
loadfix.com   28 Oct 2001        1153  "loadfix.com"
locate.com    14 Jan 2005       11254  "locate.com"
mode.com      28 Oct 2001       19456  "mode.com"
more.com      28 Oct 2001       15872  "more.com"
tree.com      28 Oct 2001       11264  "tree.com"
win.com       28 Oct 2001       18432  "win.com"

15 items found:  15 files, 0 directories.
  Total of file sizes:  311.297 bytes    304,00 K

************************************************************************************  

Miscellaneous Malware Detections: 
------------------------------------------------------------------------------------  


   **** Delfin Media  {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****  

   **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****   

   **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****  

   **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****  

   **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****  

   **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****  

   **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****  

   **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****  

   **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****  

   **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****  

   **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****  

   **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****  

   **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****  

   **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****  

   **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****  

   **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****  

   **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****  

   **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****  

   **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****  

   **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****  

   **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****  

   **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****  

   **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****  

   **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****  

   **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****  

   **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****  

   **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****  

   **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****  

   **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****  

   **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****  

   **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****  

   **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****  

   **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****  

   **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****  

   **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****  

   **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****  

   **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****  

   **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****  

   **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****  

   **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****  

   **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****  

   **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****  

   **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****  

   **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****  

   **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****  

   **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****  

   **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****  

   **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****  

   **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****  

   **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****  

   **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****  

   **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****  

   **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****  

   **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****  

   **** Troj/Crafted-A  {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****  

   **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****  

   **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****  

   **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****  

   **** W32/Almanahe.a Worm NOT FOUND by this tool! **** 

   **** msctl32.dll SpamBot NOT FOUND by this tool! **** 

   **** KeyLogger NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR BOT-TYPE WORMS: 
--------------------------------------------------------------------------

   **** W32/Sdbot Worm NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: 
--------------------------------------------------------------------------

   **** i386p.* Stealthing Agent NOT FOUND by this tool! **** 

   **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** 

   **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** 

   **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** 

--------------------------------------------------------------------------
       CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: 
--------------------------------------------------------------------------

   **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****  

   **** CmdService adware NOT FOUND by this tool! ****  

   **** Network_Monitor adware NOT FOUND by this tool! ****  

   **** Trojan.Peacomm NOT FOUND by this tool! ****  

   **** Trojan.Peacomm windev NOT FOUND by this tool! ****  

   **** AVPE Haxdoor NOT FOUND by this tool! ****  

   **** MEMLOW Haxdoor NOT FOUND by this tool! ****  

   **** VDMT Haxdoor NOT FOUND by this tool! ****  

   **** YCSVGA Haxdoor NOT FOUND by this tool! ****  

   **** PPTP Haxdoor FOUND by this tool! **** 
        CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport 
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)

   **** DVB Haxdoor  NOT FOUND by this tool! ****  

   **** YVBB Haxdoor NOT FOUND by this tool! ****  

   **** YVPP Haxdoor NOT FOUND by this tool! ****  

   **** NKGFS Haxdoor NOT FOUND by this tool! ****  

   **** XMSK Haxdoor NOT FOUND by this tool! ****  

   **** AVPX Haxdoor NOT FOUND by this tool! ****  

   **** MMXF Haxdoor NOT FOUND by this tool! ****  

   **** DP1112 Vundo Rootkit NOT FOUND by this tool! ****  

   **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****  

   **** I386P Rootkit Driver NOT FOUND by this tool! ****  

   **** ERSSDD Rootkit NOT FOUND by this tool! ****  

   **** GencTurK RootKit NOT FOUND by this tool! ****  

   **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****  

   **** W32/Almanahe.sys NOT FOUND by this tool! ****  

************************************************************************************  

Dumping HKLM Uninstall Programs list 

  DisplayName	REG_SZ         	a-squared Free 4.5
  DisplayName	REG_SZ         	Adobe Flash Player 10 ActiveX
  DisplayName	REG_SZ         	Adobe Flash Player 10 Plugin
  DisplayName	REG_SZ         	Adobe Reader 9.1.2 - Português
  DisplayName	REG_SZ         	Adobe Shockwave Player 11.5
  DisplayName	REG_SZ         	Arquivo do WinRAR
  DisplayName	REG_SZ         	Assistente de Conexão do Windows Live
  DisplayName	REG_SZ         	Atualização para Windows XP (KB898461)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB914882)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB923845)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB932823-v3)
  DisplayName	REG_SZ         	Choice Guard
  DisplayName	REG_SZ         	CircuitMaker 2000 (Professional Edition)
  DisplayName	REG_SZ         	Counter-Strike
  DisplayName	REG_SZ         	Counter-Strike CP
  DisplayName	REG_SZ         	ExplorerXP (remove only)
  DisplayName	REG_SZ         	Ferramenta de Carregamento do Windows Live
  DisplayName	REG_SZ         	Fraps (remove only)
  DisplayName	REG_SZ         	Free Mp3 Wma Converter V 1.81
  DisplayName	REG_SZ         	Free YouTube to Mp3 Converter version 3.1
  DisplayName	REG_SZ         	Garena
  DisplayName	REG_SZ         	GTOneCare
  DisplayName	REG_SZ         	Heroes of Newerth
  DisplayName	REG_SZ         	High Definition Audio Driver Package - KB888111
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB926239)
  DisplayName	REG_SZ         	Java(TM) 6 Update 16
  DisplayName	REG_SZ         	K-Lite Mega Codec Pack 5.1.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft Application Error Reporting
  DisplayName	REG_SZ         	Microsoft Compression Client Pack 1.0 for Windows XP
  DisplayName	REG_SZ         	Microsoft Office XP Professional com FrontPage
  DisplayName	REG_SZ         	Microsoft Protection Service
  DisplayName	REG_SZ         	Microsoft User-Mode Driver Framework Feature Pack 1.0
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
  DisplayName	REG_SZ         	Microsoft Windows Live OneCare Resources v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live AntiSpyware and AntiVirus
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
  DisplayName	REG_SZ         	mIRC
  DisplayName	REG_SZ         	Mozilla Firefox (3.5.3)
  DisplayName	REG_SZ         	MSVCRT
  DisplayName	REG_SZ         	MSXML 6.0 Parser (KB925673)
  DisplayName	REG_SZ         	NCsoft Launcher
  DisplayName	REG_SZ         	NotePad++ 3.6
  DisplayName	REG_SZ         	NVIDIA Drivers
  DisplayName	REG_SZ         	Pando Media Booster
  DisplayName	REG_SZ         	PokerStars
  DisplayName	REG_SZ         	PX Engine
  DisplayName	REG_SZ         	Real Alternative 1.9.0
  DisplayName	REG_SZ         	Segoe UI
  DisplayName	REG_SZ         	Skype web features
  DisplayName	REG_SZ         	Skype™ 4.1
  DisplayName	REG_SZ         	Sony Vegas Pro 8.0
  DisplayName	REG_SZ         	SoundMAX
  DisplayName	REG_SZ         	Steam
  DisplayName	REG_SZ         	sXe Injected
  DisplayName	REG_SZ         	System Requirements Lab
  DisplayName	REG_SZ         	TeamSpeak 2 RC2
  DisplayName	REG_SZ         	Truco LigasOnline 1.1
  DisplayName	REG_SZ         	Uninstall 1.0.0.1
  DisplayName	REG_SZ         	VDownloader  0.83
  DisplayName	REG_SZ         	VeryPDF PDF2Word v3.0
  DisplayName	REG_SZ         	VobSub v2.23 (Remove Only)
  DisplayName	REG_SZ         	Warkeys 1.14.1.0b
  DisplayName	REG_SZ         	WebFldrs XP
  DisplayName	REG_SZ         	Windows Communication Foundation
  DisplayName	REG_SZ         	Windows Imaging Component
  DisplayName	REG_SZ         	Windows Internet Explorer 8
  DisplayName	REG_SZ         	Windows Live Call
  DisplayName	REG_SZ         	Windows Live Communications Platform
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Messenger
  DisplayName	REG_SZ         	Windows Live OneCare
  DisplayName	REG_SZ         	Windows Live OneCare safety scanner
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Presentation Foundation
  DisplayName	REG_SZ         	Windows Workflow Foundation
  DisplayName	REG_SZ         	XML Paper Specification Shared Components Pack 1.0
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates


#####################################################################################################


  -- All DONE! 

  ~ ShadowPuterDude ~

Logfile of HiJackFree v3.0
Scan saved at 11:39:24, on 3/10/2009
Platform: Windows XP Service Pack 2 (Windows NT 5.1.2600)
MSIE: Internet Explorer v 8.0 Service Pack 2 (8.0.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\ARQUIV~1\GbPlugin\GbpSv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe
C:\Arquivos de programas\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\a-squared Free\a2service.exe
C:\Arquivos de programas\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\System32\alg.exe
C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe
C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe
C:\Arquivos de programas\a-squared HiJackFree\a2hijackfree.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Links
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO:  - {5C255C8A-E604-49b4-9D64-90988571CECB} - 
O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GbIehObj Class - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mspaint] "C:\WINDOWS\system32\paint.exe" -autocheck
O4 - HKLM\..\Run: [winupdate.exe] C:\WINDOWS\system32\winupdate.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [uTorrent] "C:\Arquivos de programas\uTorrent\uTorrent.exe"
O4 - HKLM\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\Run: [DAEMON Tools Lite] "C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKLM\..\Run: [NCsoft Launcher] C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKLM\..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe
O7 - Regedit - Enabled
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Arquivos de programas\PokerStars\main.ico
O14 - IERESET.INF: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O14 - IERESET.INF: SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
O15 - Trusted Zone: https://www2.bancobrasil.com.br
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O20 - Winlogon Notify:  GbPluginBb - C:\WINDOWS\
O21 - ShellServiceObjectDelayLoad: PostBootReminder - 
O21 - ShellServiceObjectDelayLoad: CDBurn - 
O21 - ShellServiceObjectDelayLoad: WebCheck - 
O21 - ShellServiceObjectDelayLoad: SysTray - 
O21 - ShellServiceObjectDelayLoad: WPDShServiceObj - 
O22 - SharedTaskScheduler: Pré-carregador Browseui - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service - C:\Arquivos de programas\a-squared Free\a2service.exe
O23 - Service: Serviço 'Gateway de camada de aplicativo' - C:\WINDOWS\System32\alg.exe
O23 - Service: Gerenciamento de aplicativo - C:\WINDOWS\system32\svchost.exe
O23 - Service: ASP.NET State Service - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
O23 - Service: Áudio do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviço de transferência inteligente de plano de fundo - C:\WINDOWS\system32\svchost.exe
O23 - Service: Localizador de computadores - C:\WINDOWS\system32\svchost.exe
O23 - Service: Área de armazenamento - C:\WINDOWS\system32\clipsrv.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
O23 - Service: Aplicativo de sistema COM+ - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Serviços de criptografia - C:\WINDOWS\system32\svchost.exe
O23 - Service: Inicializador de Processo de Servidor DCOM - C:\WINDOWS\system32\svchost
O23 - Service: Cliente DHCP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Serviço administrativo do gerenciador de disco lógico - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Gerenciador de discos lógicos - C:\WINDOWS\System32\svchost.exe
O23 - Service: Cliente DNS - C:\WINDOWS\system32\svchost.exe
O23 - Service: Erro ao informar o serviço - C:\WINDOWS\System32\svchost.exe
O23 - Service: Log de eventos - C:\WINDOWS\system32\services.exe
O23 - Service: Sistema de eventos COM+ - C:\WINDOWS\system32\svchost.exe
O23 - Service: Compatibilidade com 'Troca rápida de usuário' - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 - c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
O23 - Service: GarenaPEngine - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp
O23 - Service: Ajuda e suporte - C:\WINDOWS\System32\svchost.exe
O23 - Service: HID Input Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows CardSpace - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
O23 - Service: Java Quick Starter - C:\Arquivos de programas\Java\jre6\bin\jqs.exe
O23 - Service: Servidor - C:\WINDOWS\system32\svchost.exe
O23 - Service: Estação de trabalho - C:\WINDOWS\system32\svchost.exe
O23 - Service: Auxiliar NetBIOS TCP/IP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Coordenador de transações distribuídas - C:\WINDOWS\system32\msdtc.exe
O23 - Service: OneCare Firewall - C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
O23 - Service: Windows Installer - C:\WINDOWS\system32\msiexec.exe
O23 - Service: DDE de rede - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM de DDE de rede - C:\WINDOWS\system32\netdde.exe
O23 - Service: Logon de rede - C:\WINDOWS\system32\lsass.exe
O23 - Service: Conexões de rede - C:\WINDOWS\System32\svchost.exe
O23 - Service: Net.Tcp Port Sharing Service - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
O23 - Service: Reconhecimento de local da rede (NLA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: nProtect GameGuard Service - C:\WINDOWS\system32\GameMon.des
O23 - Service: Fornecedor de suporte de segurança NT LM - C:\WINDOWS\system32\lsass.exe
O23 - Service: Armazenamento removível - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Display Driver Service - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Windows Live OneCare Health Monitor - C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe
O23 - Service: OneCare AntiSpyware and AntiVirus - C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
O23 - Service: Plug and Play - C:\WINDOWS\system32\services.exe
O23 - Service: Serviços IPSEC - C:\WINDOWS\system32\lsass.exe
O23 - Service: Armazenamento protegido - C:\WINDOWS\system32\lsass.exe
O23 - Service: Gerenciador de conexão de acesso remoto automático - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gerenciador de conexão de acesso remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Gerenciador de sessão de ajuda de área de trabalho remota - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Roteamento e acesso remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Registro remoto - C:\WINDOWS\system32\svchost.exe
O23 - Service: Alocador Remote Procedure Call (RPC) - C:\WINDOWS\system32\locator.exe
O23 - Service: Chamada de procedimento remoto (RPC) - C:\WINDOWS\system32\svchost
O23 - Service: QoS RSVP - C:\WINDOWS\system32\rsvp.exe
O23 - Service: Gerenciador de contas de segurança - C:\WINDOWS\system32\lsass.exe
O23 - Service: Cartão inteligente - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Agendador de tarefas - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logon secundário - C:\WINDOWS\System32\svchost.exe
O23 - Service: Notificação de eventos de sistema - C:\WINDOWS\system32\svchost.exe
O23 - Service: Firewall do Windows/Compartilhamento de Conexão com a Internet (ICS) - C:\WINDOWS\system32\svchost.exe
O23 - Service: Detecção do hardware do shell - C:\WINDOWS\System32\svchost.exe
O23 - Service: Spooler de impressão - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: Serviço de restauração do sistema - C:\WINDOWS\system32\svchost.exe
O23 - Service: Serviço de descoberta SSDP - C:\WINDOWS\system32\svchost.exe
O23 - Service: Assistente de aquisição de imagens do Windows (WIA) - C:\WINDOWS\system32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider - C:\WINDOWS\system32\dllhost.exe
O23 - Service: Logs e alertas de desempenho - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telefonia - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviços de terminal - C:\WINDOWS\System32\svchost
O23 - Service: Temas - C:\WINDOWS\System32\svchost.exe
O23 - Service: Telnet - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: Cliente de rastreamento de link distribuído - C:\WINDOWS\system32\svchost.exe
O23 - Service: Host de dispositivo Plug and Play universal - C:\WINDOWS\system32\svchost.exe
O23 - Service: Sistema de alimentação ininterrupta - C:\WINDOWS\System32\ups.exe
O23 - Service: Cópia de volume em memória - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Horário do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Cliente da Web - C:\WINDOWS\system32\svchost.exe
O23 - Service: Testador de instrumentação de gerenciam. do Windows - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Live OneCare - C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
O23 - Service: Portable Media Serial Number Service - C:\WINDOWS\System32\svchost.exe
O23 - Service: Extensões de driver de instrum. gerenc. do Windows - C:\WINDOWS\System32\svchost.exe
O23 - Service: Adaptador de desempenho WMI - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Serviço de Compartilhamento de Rede do Windows Media Player - C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe
O23 - Service: Atualizações Automáticas - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework - C:\WINDOWS\system32\svchost.exe
O23 - Service: Configuração zero sem fio - C:\WINDOWS\System32\svchost.exe
O23 - Service: Serviço de Configuração de Rede - C:\WINDOWS\System32\svchost.exe

Share this post


Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2

Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    See HERE for help
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.

-----------------------------------------------------------

Post fresh logs for:

  • ComboFix (C:\combofix.txt)
  • a-squared Free
  • ISeeYouXP

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now!

Share this post


Link to post
Share on other sites

Hi, this ComboFix tool helped me a lot, i think the worst virus has been deleted, because when i turn on my pc, the "advanced virus remover (virus)" dont keep showing messages, i can now open my musics and a lot of programs i couldn't.

Here are the new logs:

ComboFix 09-10-01.05 - Administrador 03/10/2009 16:17:25.5.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.55.1046.18.1023.665 [GMT -3:00]
Executando de: C:\Documents and Settings\Administrador\Desktop\VIRUS\ComboFix.exe
.
[i] ADS - drivers: deleted 204 bytes in 1 streams. [/i]

((((((((((((((((   Arquivos/Ficheiros criados de 2009-09-03 to 2009-10-03  ))))))))))))))))))))))))))))
.

2009-10-03 17:31:55 . 2009-10-03 19:17:28	6736	----a-w-	C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2009-10-03 12:38:09 . 2008-10-16 17:06:48	268648	----a-w-	C:\WINDOWS\system32\mucltui.dll
2009-10-03 12:38:09 . 2008-10-16 17:06:48	208744	----a-w-	C:\WINDOWS\system32\muweb.dll
2009-10-02 22:16:29 . 2005-01-14 05:41:48	11254	----a-w-	C:\WINDOWS\system32\locate.com
2009-10-02 20:30:54 . 2009-10-03 14:05:26	0	d-----w-	C:\WINDOWS\system32\CatRoot_bak
2009-10-02 20:29:54 . 2009-10-02 20:29:55	0	d-----w-	C:\ISeeYouXP
2009-10-02 20:29:42 . 2009-10-02 20:29:42	0	d-----w-	C:\Arquivos de programas\ExplorerXP
2009-10-02 20:25:11 . 2009-10-02 22:13:06	0	d-----w-	C:\Arquivos de programas\a-squared Free
2009-10-02 20:14:07 . 2009-10-02 20:36:43	0	d-----w-	C:\Arquivos de programas\a-squared HiJackFree
2009-10-02 01:15:02 . 2008-03-21 16:38:42	91328	----a-w-	C:\WINDOWS\system32\drivers\msfwdrv.sys
2009-10-02 01:15:01 . 2008-03-21 16:38:44	116416	----a-w-	C:\WINDOWS\system32\drivers\msfwhlpr.sys
2009-10-02 01:14:11 . 2009-10-02 01:15:02	0	dc----w-	C:\WINDOWS\system32\DRVSTORE
2009-10-02 01:14:11 . 2008-05-15 19:15:16	53168	----a-w-	C:\WINDOWS\system32\drivers\MpFilter.sys
2009-10-02 01:13:43 . 2009-10-02 01:13:43	0	d-----w-	C:\WINDOWS\system32\bits
2009-10-02 01:13:31 . 2007-05-24 13:23:16	8192	------w-	C:\WINDOWS\system32\dllcache\bitsprx2.dll
2009-10-02 01:13:31 . 2007-05-24 13:23:16	7168	------w-	C:\WINDOWS\system32\dllcache\bitsprx4.dll
2009-10-02 01:13:31 . 2007-05-24 13:23:16	7168	------w-	C:\WINDOWS\system32\dllcache\bitsprx3.dll
2009-10-02 01:13:31 . 2007-05-24 13:23:16	7168	------w-	C:\WINDOWS\system32\bitsprx4.dll
2009-10-02 01:13:31 . 2007-05-24 13:23:16	408064	------w-	C:\WINDOWS\system32\dllcache\qmgr.dll
2009-10-02 01:13:31 . 2007-05-24 13:23:16	18944	------w-	C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2009-10-02 01:01:03 . 2009-10-03 12:41:15	0	d-----w-	C:\Arquivos de programas\Microsoft Windows OneCare Live
2009-10-01 23:59:38 . 2009-10-02 16:48:57	0	d-----w-	C:\Arquivos de programas\Windows Live Safety Center
2009-10-01 22:50:52 . 2009-10-01 22:50:52	0	d--h--w-	C:\WINDOWS\system32\GroupPolicy
2009-09-25 16:50:40 . 2009-09-25 16:53:18	0	d-----w-	C:\Arquivos de programas\NCSoft
2009-09-25 16:50:17 . 2009-09-25 16:50:17	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield
2009-09-25 16:38:29 . 2009-09-25 16:50:34	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\GetRightToGo
2009-09-24 20:38:55 . 2009-09-26 17:47:19	0	d-----w-	C:\Arquivos de programas\cspiratao
2009-09-23 20:40:30 . 2009-09-23 21:56:33	0	d---a-w-	C:\Documents and Settings\All Users\Dados de aplicativos\TEMP
2009-09-22 20:49:19 . 2009-09-29 20:21:36	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\codeblocks
2009-09-22 20:48:52 . 2009-09-22 20:49:11	0	d-----w-	C:\Arquivos de programas\CodeBlocks
2009-09-21 22:43:16 . 2009-09-22 20:07:03	0	d-----w-	C:\GoogleAppEngine
2009-09-21 20:50:53 . 2009-09-21 20:51:50	0	d-----w-	C:\Documents and Settings\Administrador\.idlerc
2009-09-20 15:14:56 . 2009-09-21 00:30:13	0	d-----w-	C:\Documents and Settings\All Users\Dados de aplicativos\PMB Files
2009-09-20 15:13:25 . 2009-09-20 15:13:25	0	d-----w-	C:\Arquivos de programas\Pando Networks
2009-09-18 16:47:12 . 2005-01-01 09:43:08	4682	----a-w-	C:\WINDOWS\system32\npptNT2.sys
2009-09-16 20:49:45 . 2009-09-16 20:49:45	0	d-----w-	C:\Documents and Settings\All Users\Dados de aplicativos\DAEMON Tools Lite
2009-09-16 20:49:13 . 2009-09-16 20:49:29	0	d-----w-	C:\Arquivos de programas\DAEMON Tools Lite
2009-09-16 20:28:35 . 2009-09-16 20:28:35	721904	----a-w-	C:\WINDOWS\system32\drivers\sptd.sys
2009-09-16 20:28:29 . 2009-09-16 20:52:23	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools Lite
2009-09-16 20:24:59 . 2009-09-16 20:24:59	0	d--h--w-	C:\WINDOWS\PIF
2009-09-16 16:08:26 . 2009-09-16 16:19:55	0	d-----w-	C:\Arquivos de programas\SystemRequirementsLab
2009-09-16 16:08:21 . 2009-09-16 16:22:40	0	d-----w-	C:\Documents and Settings\Administrador\SystemRequirementsLab
2009-09-15 21:44:51 . 2000-08-19 23:29:32	268048	----a-w-	C:\WINDOWS\system32\dxtmeta2.dll
2009-09-14 18:57:30 . 2009-09-20 16:30:34	0	d-----w-	C:\Arquivos de programas\PokerStars
2009-09-14 17:04:17 . 2009-09-14 17:04:17	0	d-sh--w-	C:\Documents and Settings\Administrador\IECompatCache
2009-09-11 12:58:55 . 2009-10-01 00:10:44	0	d-----w-	C:\Arquivos de programas\Garena
2009-09-10 23:54:26 . 2009-09-12 18:12:59	94209	----a-w-	C:\WINDOWS\system32\Paint.exe
2009-09-10 23:09:10 . 2009-09-10 23:09:10	0	d-----w-	C:\Arquivos de programas\LigasOnline
2009-09-05 12:21:25 . 2009-09-05 12:21:29	0	d-----w-	C:\Arquivos de programas\VeryPDF PDF2Word v3.0
2009-09-05 11:45:18 . 2009-09-05 11:45:18	0	d-----w-	C:\tmp
2009-09-05 11:45:18 . 2009-09-05 11:45:18	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\YCanPDF
2009-09-04 19:00:17 . 2009-09-04 19:00:17	0	d-----w-	C:\Arquivos de programas\Gabest

.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-03 17:46:05 . 2009-08-17 23:46:01	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\Skype
2009-10-03 17:45:56 . 2009-07-06 16:45:13	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\uTorrent
2009-10-03 17:45:05 . 2009-10-03 17:45:05	0	d-----w-	C:\Arquivos de programas\microsoft frontpage
2009-10-03 12:35:57 . 2009-08-17 23:46:44	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\skypePM
2009-10-02 19:26:21 . 2009-08-04 16:12:32	0	d-----w-	C:\Arquivos de programas\Java
2009-10-01 22:18:59 . 2009-08-08 14:12:56	0	d-----w-	C:\Arquivos de programas\Steam
2009-09-29 17:55:59 . 2009-07-06 16:49:04	0	d-----w-	C:\Arquivos de programas\Warcraft III
2009-09-26 23:42:33 . 2009-07-18 12:41:04	0	d-----w-	C:\Arquivos de programas\Heroes of Newerth
2009-09-25 16:50:40 . 2009-07-06 16:24:59	0	d--h--w-	C:\Arquivos de programas\InstallShield Installation Information
2009-09-24 20:19:42 . 2009-08-04 16:21:52	0	d-----w-	C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin
2009-09-24 20:19:36 . 2009-08-04 16:21:52	0	d-----w-	C:\Arquivos de programas\GbPlugin
2009-09-20 16:30:34 . 2009-08-31 20:02:28	0	d-----w-	C:\Arquivos de programas\Real Alternative
2009-09-17 19:33:52 . 2009-08-04 16:22:03	30344	----a-w-	C:\WINDOWS\system32\drivers\gbpkm.sys
2009-09-11 00:12:27 . 2009-07-13 19:53:36	4096	----a-w-	C:\WINDOWS\system32\detoured.dll
2009-09-10 13:48:01 . 2009-09-10 13:47:57	0	d-----w-	C:\Arquivos de programas\Free Audio Pack
2009-09-06 11:03:02 . 2009-08-06 22:53:14	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\teamspeak2
2009-09-04 18:51:32 . 2009-07-06 18:58:37	0	d-----w-	C:\Arquivos de programas\K-Lite Codec Pack
2009-08-31 20:03:41 . 2009-08-31 20:03:07	0	d-----w-	C:\Documents and Settings\Administrador\Dados de aplicativos\Media Player Classic
2009-08-17 23:46:44 . 2009-08-17 23:46:44	56	---ha-w-	C:\WINDOWS\system32\ezsidmv.dat
2009-08-17 23:45:49 . 2009-08-17 23:43:58	0	d-----r-	C:\Arquivos de programas\Skype
2009-08-17 23:44:01 . 2009-08-17 23:44:01	0	d-----w-	C:\Arquivos de programas\Arquivos comuns\Skype
2009-08-17 23:43:57 . 2009-08-17 23:43:54	0	d-----w-	C:\Documents and Settings\All Users\Dados de aplicativos\Skype
2009-08-09 22:53:09 . 2009-08-09 22:53:09	0	d-----w-	C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA
2009-08-06 22:53:14 . 2009-07-28 16:59:25	0	d-----w-	C:\Arquivos de programas\Teamspeak2_RC2
2009-08-06 15:43:33 . 2009-08-06 15:43:28	0	d-----w-	C:\Arquivos de programas\Arquivos comuns\DVDVideoSoft
2009-08-06 15:43:28 . 2009-08-06 15:43:28	0	d-----w-	C:\Arquivos de programas\DVDVideoSoft
2009-07-31 18:23:10 . 2009-08-04 16:12:46	411368	----a-w-	C:\WINDOWS\system32\deploytk.dll
2009-07-30 14:50:39 . 2001-10-28 14:07:18	73440	----a-w-	C:\WINDOWS\system32\perfc016.dat
2009-07-30 14:50:39 . 2001-10-28 14:07:18	457508	----a-w-	C:\WINDOWS\system32\perfh016.dat
2009-07-29 06:35:54 . 2009-09-04 18:50:56	2378752	----a-w-	C:\WINDOWS\system32\x264vfw.dll
2009-07-14 00:15:52 . 2009-09-04 18:50:55	90112	----a-w-	C:\WINDOWS\system32\dpl100.dll
2009-07-14 00:15:48 . 2003-04-30 19:34:46	685056	----a-w-	C:\WINDOWS\system32\divx.dll
2009-07-06 19:42:21 . 2009-07-06 16:56:52	86157	----a-w-	C:\WINDOWS\War3Unin.dat
2009-07-06 19:39:09 . 2009-07-06 16:56:52	2829	----a-w-	C:\WINDOWS\War3Unin.pif
2009-07-06 19:39:09 . 2009-07-06 16:56:52	139264	----a-w-	C:\WINDOWS\War3Unin.exe
2009-07-06 16:39:43 . 2009-07-06 16:39:43	0	----a-w-	C:\WINDOWS\nsreg.dat
2009-07-06 16:02:22 . 2009-07-06 16:02:22	21844	----a-w-	C:\WINDOWS\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2008-06-20 11:59:02 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3qfe\tcpip.sys
[-] 2008-06-20 11:51:12 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp3gdr\tcpip.sys
[-] 2008-06-20 10:45:13 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394 (xpsp_sp2_gdr.080620-1245)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2gdr\tcpip.sys
[-] 2008-06-20 10:44:42 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394 (xpsp_sp2_qfe.080620-1259)] . . C:\WINDOWS\SoftwareDistribution\Download\abc8d424bc7438e463cef8a2ec1c00e4\sp2qfe\tcpip.sys
[-] 2008-04-13 19:20:16 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512 (xpsp.080413-0852)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\tcpip.sys
[-] 2007-03-11 13:18:31 . 6A603809F598332DBEDD535BDBCE313E . 359040 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\drivers\tcpip.sys

[-] 2008-04-14 02:21:24 . 3DBE0D011E911AADFB6ED17EDC525066 . 13824 . . [5.1.2600.5512 (xpsp.080413-2108)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\wscntfy.exe

[-] 2008-04-14 02:20:40 . 698F9583D1EB213B09F12DD5826A46E2 . 1571840 . . [5.1.2600.5512 (xpsp.080413-2111)] . . C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\sfcfiles.dll
[-] 2007-03-11 02:21:13 . B23D1FC94C037AE5F0E05A78B52596A4 . 1548288 . . [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll

C:\WINDOWS\system32\wscntfy.exe ... está faltando !!
.
(((((((((((((((((((((((((((((   [email protected]_17.38.56   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-03 19:17:54 . 2009-10-03 19:17:54	16384              C:\WINDOWS\Temp\Perflib_Perfdata_798.dat
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2009-07-06 16:45:40 288048]
"Skype"="C:\Arquivos de programas\Skype\Phone\Skype.exe" [2009-07-16 16:20:16 25604904]
"DAEMON Tools Lite"="C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" [2009-04-23 13:51:38 691656]
"NCsoft Launcher"="C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe" [2009-09-25 16:51:23 38184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11:06 925696]
"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 20:10:28 35696]
"mspaint"="C:\WINDOWS\system32\paint.exe" [2009-09-12 18:12:59 94209]
"OneCareUI"="C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 15:15:38 65240]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-07-31 18:23:21 149280]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-25 06:31:10 7618560]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-07-25 06:31:16 1519616]
"NvMediaCenter"="NvMCTray.dll" - C:\WINDOWS\system32\nvmctray.dll [2006-07-25 06:31:12 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - C:\WINDOWS\system32\HdAShCut.exe [2004-10-27 18:21:30 61952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GbPluginBb"="C:\ARQUIV~1\GBPLUGIN\gbieh.dll" [2009-09-17 19:32:38 313224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:45:32 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-03-08 07:32:48 128512]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\
My_AutoWarkey_Script.lnk - C:\Arquivos de programas\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-5-3 244736]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2009-09-17 19:32:38	313224	----a-w-	C:\Arquivos de programas\GbPlugin\gbieh.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Arquivos de programas\\Garena\\Garena.exe"=
"C:\\Arquivos de programas\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"=
"C:\\Arquivos de programas\\Steam\\steamapps\\ashtar_sheran\\counter-strike\\hl.exe"=
"C:\\Arquivos de programas\\Pando Networks\\Media Booster\\PMB.exe"=
"C:\\Arquivos de programas\\cspiratao\\hl.exe"=
"C:\\Arquivos de programas\\cspiratao\\HLServer\\hlds.exe"=
"C:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"C:\\Arquivos de programas\\Warcraft III\\Warcraft III.exe"=
"C:\\Arquivos de programas\\Skype\\Phone\\Skype.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57943:TCP"= 57943:TCP:Pando Media Booster
"57943:UDP"= 57943:UDP:Pando Media Booster

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [4/8/2009 13:22:03 30344]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [4/8/2009 13:22:02 53640]
R2 OcHealthMon;Windows Live OneCare Health Monitor;C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe [9/7/2009 12:15:32 26104]
S3 GarenaPEngine;GarenaPEngine;\??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp --> C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\APED.tmp [?]
S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service --> C:\WINDOWS\system32\GameMon.des -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://baixaki.com.br/
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: com.br\www2.bancobrasil
FF - ProfilePath - C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - 
FF - component: C:\Arquivos de programas\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll
FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Arquivos de programas\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: C:\Arquivos de programas\Mozilla Firefox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");
.

a-squared Free - Versão 4.5
Última atualização 4/10/2009 09:21:30

Configurações da análise:

Scan type: deep
Objetos: Memória, Rastros, Cookies, C:\
Análise de arquivos: Ligado
Heurística: Desligado
Análise de ADS: Ligado

Início da análise:	4/10/2009 10:08:23

C:\Documents and Settings\Administrador\Meus documentos\Downloads\Sony Vegas Pro 8.0c Build 260+Keygen[H33T]-MasterUploader\Keygen\Keygen.exe 	detectado: Riskware.MultiKeygenPatch!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001849.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001912.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0001945.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP14\A0002948.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002960.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002967.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0002995.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP15\A0004073.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004097.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004109.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP16\A0004146.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004159.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP17\A0004202.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP19\A0004302.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004310.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004314.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004343.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004418.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004427.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP20\A0004464.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004474.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004503.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP21\A0004525.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004726.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004775.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004778.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP25\A0004866.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004898.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004926.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004928.exe 	detectado: Trojan-Downloader.Win32.Banload!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0004930.exe 	detectado: MonitoringTool!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP26\A0005018.exe 	detectado: BehavesLike!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP33\A0005225.exe 	detectado: Trojan-Downloader.Win32.Delf!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP57\A0008649.exe 	detectado: Trojan-Spy.Win32.PcGhost!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011022.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011038.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011054.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011068.exe 	detectado: Trojan-Dropper.Win32.Renos!IK
C:\System Volume Information\_restore{9A856660-AD4B-4671-BBFC-019287F6760B}\RP77\A0011297.exe 	detectado: Riskware.Client-IRC.Win32.mIRC!IK

Analisado

Arquivos: 	98902
Objetos: 	611780
Cookies: 	4
Processos: 	26

Encontrado

Arquivos: 	40
Objetos: 	0
Cookies: 	0
Processos: 	0
Chaves do registro: 	0

Fim da análise:	4/10/2009 11:20:55
Duração da análise:	1:12:32

 
************************************************************************************  
                                  ISeeYouXP v2.0 Beta 14  

                 ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude 
                 ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan 
------------------------------------------------------------------------------------  
****  PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE  NOT  BADDIES!  **** 
  ****   PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION.   **** 
************************************************************************************  

Windows/Browser/Java Versions: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Microsoft Windows XP Professional
Version:           5.1.2600
Service Pack:      2.0
Windows Directory: C:\WINDOWS
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Internet Explorer
Version:  8.0.6001.18702
Build:    86001
Language: Inglˆs (Estados Unidos)
Path:     C:\Arquivos de programas\Internet Explorer

Sun Microsystems Java Runtime 
Version: 1.6.0_16 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Boot State: Normal boot

Scan done at 11:23:26,76, dom 04/10/2009 

------------------------------------------------------------------------------------  

ISeeYouXP installation folder and files 

"C:\ISeeYouXP\"
bootst~1.vbs  28 May 2007         359  "bootstate.vbs"
change.log     8 Jun 2008        5012  "change.log"
chodefix.bat  18 Apr 2007        5387  "chodefix.bat"
fixchode.reg  18 Apr 2007         528  "fixChode.reg"
fixexp~1.bat  24 Feb 2007         487  "FixExplorerPolicies.bat"
getunk~1.bat  12 Aug 2006        1478  "GetUnKeys.bat"
grep.exe      24 Dec 2004      160768  "grep.exe"
hideit.bat    17 Oct 2007        1072  "HideIT.bat"
ieinfo.vbs    28 May 2007         514  "ieinfo.vbs"
iesecu~1.bat  28 Oct 2007          72  "IESecurityZones.bat"
iesecu~1.vbs   8 Nov 2007        2399  "IESecurityZones.vbs"
iseeyo~1.bat   8 Jun 2008      211377  "ISeeYouXP.bat"
libico~1.dll  16 Mar 2004      898048  "libiconv2.dll"
libintl3.dll   9 Oct 2004      101888  "libintl3.dll"
locate.com    14 Jan 2005       11254  "locate.com"
md5sum.exe     5 Aug 2007       49152  "md5sum.exe"
msconf~1.bat  24 Feb 2007         578  "MSConfigFix.bat"
osinfo.vbs    28 May 2007         598  "osinfo.vbs"
pcbutts.txt   25 Mar 2007        5167  "PCBUTTS.TXT"
pcre.dll      14 Nov 2004      183313  "pcre.dll"
pv.exe         3 Mar 2006       73728  "pv.exe"
regedi~1.bat  30 Mar 2007         650  "RegEditFix.bat"
regfix.bat    18 Apr 2007         145  "Regfix.bat"
servic~1.vbs  28 May 2007         672  "servicesinfo.vbs"
showit.bat    17 Oct 2007        1013  "ShowIT.bat"
swreg.exe      5 Apr 2007      139776  "swreg.exe"
system~1.bat  28 Feb 2007         369  "SystemRestoreFix.bat"
taskmg~1.bat  24 Feb 2007         288  "TaskMgrFix.bat"

28 items found:  28 files, 0 directories.
  Total of file sizes:  1.856.092 bytes      1,77 M

------------------------------------------------------------------------------------  

System Environment Variables  

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrador\Dados de aplicativos
CLIENTNAME=Console
CommonProgramFiles=C:\Arquivos de programas\Arquivos comuns
COMPUTERNAME=LITE
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrador
LOGONSERVER=\\LITE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Arquivos de programas
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp
USERDOMAIN=LITE
USERNAME=Administrador
USERPROFILE=C:\Documents and Settings\Administrador
windir=C:\WINDOWS

------------------------------------------------------------------------------------ 

Showing any Pocket Killbox backup files 

No matches found.

------------------------------------------------------------------------------------ 

Displaying BOOT.INI: 

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

------------------------------------------------------------------------------------ 

Displaying SYSTEM.INI: 

; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=app850.FON
EGA80WOA.FON=EGA80850.FON
EGA40WOA.FON=EGA40850.FON
CGA80WOA.FON=CGA80850.FON
CGA40WOA.FON=CGA40850.FON

------------------------------------------------------------------------------------ 

Displaying WIN.INI: 

; for 16-bit app support
[fonts]
[extensions]
[mci extensions]
[files]
[Mail]
MAPI=1
CMC=1
CMCDLLNAME=mapi.dll
CMCDLLNAME32=mapi32.dll
MAPIX=1
MAPIXVER=1.0.0.1
OLEMessaging=1
[MCI Extensions.BAK]
aif=MPEGVideo
aifc=MPEGVideo
aiff=MPEGVideo
asf=MPEGVideo
asx=MPEGVideo
au=MPEGVideo
m1v=MPEGVideo
m3u=MPEGVideo
mp2=MPEGVideo
mp2v=MPEGVideo
mp3=MPEGVideo
mpa=MPEGVideo
mpe=MPEGVideo
mpeg=MPEGVideo
mpg=MPEGVideo
mpv2=MPEGVideo
snd=MPEGVideo
wax=MPEGVideo
wm=MPEGVideo
wma=MPEGVideo
wmv=MPEGVideo
wmx=MPEGVideo
wvx=MPEGVideo
m2v=MPEGVideo
mod=MPEGVideo
wpl=MPEGVideo

------------------------------------------------------------------------------------ 

Displaying AUTOEXEC.BAT: 


------------------------------------------------------------------------------------ 

Displaying CONFIG.SYS: 


------------------------------------------------------------------------------------ 

Displaying Running Processes: 

 PROCESS            PID  PRIO     PATH 
smss.exe             580 Normal   C:\WINDOWS\System32\smss.exe 
csrss.exe            632 Normal   C:\WINDOWS\system32\csrss.exe 
winlogon.exe         672 High     C:\WINDOWS\system32\winlogon.exe 
services.exe         716 Normal   C:\WINDOWS\system32\services.exe 
lsass.exe            728 Normal   C:\WINDOWS\system32\lsass.exe 
GbpSv.exe            896 Normal   C:\ARQUIV~1\GbPlugin\GbpSv.exe 
svchost.exe          932 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe          996 Normal   C:\WINDOWS\system32\svchost.exe 
MsMpEng.exe         1088 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe 
svchost.exe         1136 Normal   C:\WINDOWS\System32\svchost.exe 
svchost.exe         1276 Normal   C:\WINDOWS\system32\svchost.exe 
svchost.exe         1452 Normal   C:\WINDOWS\system32\svchost.exe 
spoolsv.exe         1604 Normal   C:\WINDOWS\system32\spoolsv.exe 
smax4pnp.exe        1848 Normal   C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe 
winssnotify.exe     1924 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe 
jusched.exe         1932 Normal   C:\Arquivos de programas\Java\jre6\bin\jusched.exe 
ctfmon.exe           464 Normal   C:\WINDOWS\system32\ctfmon.exe 
a2service.exe        240 Normal   C:\Arquivos de programas\a-squared Free\a2service.exe 
jqs.exe              336 Idle     C:\Arquivos de programas\Java\jre6\bin\jqs.exe 
nvsvc32.exe          408 Normal   C:\WINDOWS\system32\nvsvc32.exe 
OcHealthMon.exe     1332 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe 
msfwsvc.exe         1620 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe 
winss.exe           2340 Normal   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe 
alg.exe             2908 Normal   C:\WINDOWS\System32\alg.exe 
explorer.exe        3108 Normal   C:\WINDOWS\explorer.exe 
cmd.exe             3880 Normal   C:\WINDOWS\system32\cmd.exe 
ntvdm.exe            444 Normal   C:\WINDOWS\system32\ntvdm.exe 
wmiprvse.exe         532 Normal   C:\WINDOWS\system32\wbem\wmiprvse.exe 
pv.exe              3120 Normal   C:\ISEEYO~1\pv.exe 

------------------------------------------------------------------------------------ 

Displaying Windows Services: 
Microsoft (R) Windows Script Host VersÆo 5.6
Copyright (C) 1996-2001 Microsoft Corporation. Todos os direitos reservados.

Name:           a2free
Display Name:   a-squared Free Service
  Description: Scans the PC for unwanted software and provides protection from malicious code
  Path Name:   "C:\Arquivos de programas\a-squared Free\a2service.exe"
  Start Mode:  Auto
  State:       Running

Name:           ALG
Display Name:   Servi‡o 'Gateway de camada de aplicativo'
  Description: Fornece suporte a plug-ins de protocolos de terceiros para o Compartilhamento de ConexÆo com a Internet e o Firewall do Windows.
  Path Name:   C:\WINDOWS\System32\alg.exe
  Start Mode:  Manual
  State:       Running

Name:           AppMgmt
Display Name:   Gerenciamento de aplicativo
  Description: Fornece servi‡os de instala‡Æo de software como 'Atribuir', 'Publicar' e 'Remover'.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           aspnet_state
Display Name:   ASP.NET State Service
  Description: Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  Start Mode:  Manual
  State:       Stopped

Name:           AudioSrv
Display Name:   µudio do Windows
  Description: Gerencia dispositivos de  udio para programas baseados em Windows. Se este servi‡o for interrompido, os dispositivos de  udio e efeitos nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           BITS
Display Name:   Servi‡o de transferˆncia inteligente de plano de fundo
  Description: Transfere dados entre clientes e servidores em segundo plano. Se o BITS estiver desabilitado, recursos como o Windows Update nÆo funcionarÆo corretamente.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Browser
Display Name:   Localizador de computadores
  Description: Mant‚m uma lista atualizada de computadores na rede e fornece a computadores designados navegadores. Se este servi‡o for interrompido, esta lista nÆo ser  atualizada ou mantida. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           CiSvc
Display Name:   CiSvc
  Description: 
  Path Name:   C:\WINDOWS\system32\cisvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           ClipSrv
Display Name:   µrea de armazenamento
  Description: Permite que o 'Visualizador da  rea de armazenamento' armazene informa‡äes e compartilhe-as com computadores remotos. Se o servi‡o for parado, o 'Visualizador da  rea de armazenamento' nÆo poder  compartilhar informa‡äes com computadores remotos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\clipsrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           clr_optimization_v2.0.50727_32
Display Name:   .NET Runtime Optimization Service v2.0.50727_X86
  Description: Microsoft .NET Framework NGEN
  Path Name:   C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
  Start Mode:  Manual
  State:       Stopped

Name:           COMSysApp
Display Name:   Aplicativo de sistema COM+
  Description: Gerencia a configura‡Æo e o controle dos componentes baseados no modelo de objeto componente (COM)+. Se o servi‡o parar, a maioria dos componentes baseados no COM+ nÆo funcionar  adequadamente. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele falhar  ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
  Start Mode:  Manual
  State:       Stopped

Name:           CryptSvc
Display Name:   CryptSvc
  Description: Fornece trˆs servi‡os de gerenciamento: servi‡o de banco de dados de cat logo, que confirma as assinaturas dos arquivos do Windows; servi‡o de raiz protegida, que adiciona e remove certificados de autoridades de certifica‡Æo raiz deste computador, e o servi‡o de chave, que ajuda a registrar este computador para certificados. Se este servi‡o for interrompido, esses servi‡os de gerenciamento nÆo funcionarÆo adequadamente. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente deixarÆo de ser iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           DcomLaunch
Display Name:   Inicializador de Processo de Servidor DCOM
  Description: Fornece funcionalidade de inicializa‡Æo para servi‡os DCOM.
  Path Name:   C:\WINDOWS\system32\svchost -k DcomLaunch
  Start Mode:  Auto
  State:       Running

Name:           Dhcp
Display Name:   Cliente DHCP
  Description: Gerencia a configura‡Æo de rede registrando e atualizando endere‡os IP e nomes DNS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           dmadmin
Display Name:   Servi‡o administrativo do gerenciador de disco l¢gico
  Description: Configura volumes e unidades de disco r¡gido. O servi‡o ‚ executado apenas para processos de configura‡Æo e depois p ra.
  Path Name:   C:\WINDOWS\System32\dmadmin.exe /com
  Start Mode:  Manual
  State:       Stopped

Name:           dmserver
Display Name:   Gerenciador de discos l¢gicos
  Description: Detecta e monitora novas unidades de disco r¡gido e envia as informa‡äes de volume de disco para o servi‡o administrativo de gerenciador de discos l¢gicos para configura‡Æo. Se este servi‡o for parado, o status de disco dinƒmico e as informa‡äes de configura‡Æo podem se tornar obsoletos. Se este servi‡o for desativado, os servi‡os que dependerem dele explicittamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Dnscache
Display Name:   Cliente DNS
  Description: Resolve e armazena em cache nomes Domain Name System (DNS) para este computador. Se este servi‡o for parado, o computador nÆo poder  resolver nomes DNS nem localizador controladores de dom¡nio do Active Directory. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k NetworkService
  Start Mode:  Auto
  State:       Running

Name:           ERSvc
Display Name:   Erro ao informar o servi‡o
  Description: Permite informar erros de servi‡os e aplicativos executados em ambientes nÆo padrÆo.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Eventlog
Display Name:   Log de eventos
  Description: Registra mensagens de eventos emitidas por Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           EventSystem
Display Name:   Sistema de eventos COM+
  Description: D  suporte para o servi‡o de notifica‡Æo de eventos do sistema (SENS), o qual fornece distribui‡Æo autom tica dos eventos para inscrever componentes do modelo de objeto componente (COM). Se o servi‡o for interrompido, o SENS ser  fechado e nÆo poder  fornecer notifica‡äes de logon e logoff. Se o servi‡o for desativado, qualquer servi‡o explicitamente dependente dele ir  falhar ao ser iniciado.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           FastUserSwitchingCompatibility
Display Name:   Compatibilidade com 'Troca r pida de usu rio'
  Description: Fornece gerenciamento de aplicativos que exigem assistˆncia em um ambiente de v rios usu rios.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           FontCache3.0.0.0
Display Name:   Windows Presentation Foundation Font Cache 3.0.0.0
  Description: Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
  Path Name:   c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
  Start Mode:  Manual
  State:       Stopped

Name:           GbpSv
Display Name:   Gbp Service
  Description: Service for G-Buster Browser Defense
  Path Name:   C:\ARQUIV~1\GbPlugin\GbpSv.exe
  Start Mode:  Auto
  State:       Running

Name:           helpsvc
Display Name:   Ajuda e suporte
  Description: Permite que o 'Centro de ajuda e suporte' seja executado neste computador. Se esse servi‡o for interrompido, o 'Centro de ajuda e suporte' nÆo estar  dispon¡vel. Se esse servi‡o for desativado, haver  falha na inicializa‡Æo de todos os servi‡os que dependem dele de forma expl¡cita.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HidServ
Display Name:   HID Input Service
  Description: Permite acesso de entrada gen‚rica a dispositivos de interface humana (Human Interface Devices, HID), que ativam e mantˆm o uso de botäes ativados predefinidos em teclados, controles remotos e outros dispositivos de multim¡dia. Se este servi‡o for parado, os botäes ativados controlados pelo servi‡o deixarÆo de funcionar. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           HTTPFilter
Display Name:   HTTP SSL
  Description: Este servi‡o implementa o protocolo de transferˆncia segura de hipertexto (HTTPS) para o servi‡o HTTP, usando a camada de soquete seguro (SSL). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k HTTPFilter
  Start Mode:  Manual
  State:       Stopped

Name:           idsvc
Display Name:   Windows CardSpace
  Description: Securely enables the creation, management, and disclosure of digital identities.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           JavaQuickStarterService
Display Name:   Java Quick Starter
  Description: Prefetches JRE files for faster startup of Java applets and applications
  Path Name:   "C:\Arquivos de programas\Java\jre6\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\jqs.conf"
  Start Mode:  Auto
  State:       Running

Name:           lanmanserver
Display Name:   Servidor
  Description: Oferece suporte a compartilhamento na rede de arquivo, impressÆo e pipes nomeados para este computador. Se este servi‡o for interrompido, quaisquer servi‡os que dele dependam diretamente nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           lanmanworkstation
Display Name:   Esta‡Æo de trabalho
  Description: Cria e mant‚m conexäes de rede de cliente com servidores remotos. Se este servi‡o for interrompido, essas conexäes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam nÆo serÆo inicializados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           LmHosts
Display Name:   Auxiliar NetBIOS TCP/IP
  Description: Ativa o suporte a NetBIOS atrav‚s do servi‡o TCP/IP (NetBT) e da resolu‡Æo de nomes NetBIOS.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           MSDTC
Display Name:   Coordenador de transa‡äes distribu¡das
  Description: Coordena transa‡äes que abrangem m£ltiplos gerenciadores de recursos, tais como bancos de dados, filas de mensagens e sistemas de arquivos. Se este servi‡o for interrompido, essas transa‡äes nÆo ocorrerÆo. Se este servi‡o for desativado, os servi‡os que dependem explicitamente dele falharÆo ao serem iniciados. 
  Path Name:   C:\WINDOWS\system32\msdtc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           msfwsvc
Display Name:   OneCare Firewall
  Description: OneCare Firewall
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe"
  Start Mode:  Auto
  State:       Running

Name:           MSIServer
Display Name:   Windows Installer
  Description: Adiciona, modifica e remove aplicativos fornecidos como um pacote do Windows Installer (*.msi). Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\msiexec.exe /V
  Start Mode:  Manual
  State:       Stopped

Name:           NetDDE
Display Name:   DDE de rede
  Description: Fornece transporte e seguran‡a de rede para Dynamic Data Exchange (DDE) para programas executados no mesmo computador ou em computadores diferentes. Se este servi‡o for parado, o transporte e seguran‡a DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           NetDDEdsdm
Display Name:   DSDM de DDE de rede
  Description: Gerencia compartilhamentos de rede do tipo DDE (Dynamic Data Exchange). Se este servi‡o for parado, os compartilhamentos de rede DDE nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados. 
  Path Name:   C:\WINDOWS\system32\netdde.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           Netlogon
Display Name:   Logon de rede
  Description: D  suporte … autentica‡Æo de passagem de eventos de logon de contas para os computadores de um dom¡nio.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Netman
Display Name:   Conexäes de rede
  Description: Gerencia objetos da pasta de conexäes de rede e Dial-Up, na qual vocˆ pode exibir conexäes remotas e de rede local.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           NetTcpPortSharing
Display Name:   Net.Tcp Port Sharing Service
  Description: Provides ability to share TCP ports over the net.tcp protocol.
  Path Name:   "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
  Start Mode:  Disabled
  State:       Stopped

Name:           Nla
Display Name:   Reconhecimento de local da rede (NLA)
  Description: Re£ne e armazena informa‡äes sobre configura‡äes e locais da rede, bem como notifica os aplicativos quando essas informa‡äes sÆo alteradas.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           npggsvc
Display Name:   nProtect GameGuard Service
  Description: nProtect GameGuard Service
  Path Name:   C:\WINDOWS\system32\GameMon.des -service
  Start Mode:  Manual
  State:       Stopped

Name:           NtLmSsp
Display Name:   Fornecedor de suporte de seguran‡a NT LM
  Description: Fornece seguran‡a a programas de chamada de procedimento remoto (remote procedure call, RPC) que usam transportes que nÆo pipes nomeados.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Manual
  State:       Stopped

Name:           NtmsSvc
Display Name:   Armazenamento remov¡vel
  Description: 
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           NVSvc
Display Name:   NVIDIA Display Driver Service
  Description: Provides system and desktop level support to the NVIDIA display driver
  Path Name:   C:\WINDOWS\system32\nvsvc32.exe
  Start Mode:  Auto
  State:       Running

Name:           OcHealthMon
Display Name:   Windows Live OneCare Health Monitor
  Description: Helps recover the Windows Live OneCare service and improve service health. This services provides a backup mechanism to the Windows Live OneCare service and will attempt to recover it, if it is detected to be stopped.
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\OcHealthMon.exe"
  Start Mode:  Auto
  State:       Running

Name:           OneCareMP
Display Name:   OneCare AntiSpyware and AntiVirus
  Description: Helps protect users from spyware and other potentially unwanted software
  Path Name:   "C:\Arquivos de programas\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe"
  Start Mode:  Auto
  State:       Running

Name:           PlugPlay
Display Name:   Plug and Play
  Description: Permite que um computador reconhe‡a e se adapte a altera‡äes de hardware com pouca ou nenhuma interven‡Æo do usu rio. Se este servi‡o for parado ou desativado, o sistema se tornar  inst vel.
  Path Name:   C:\WINDOWS\system32\services.exe
  Start Mode:  Auto
  State:       Running

Name:           PolicyAgent
Display Name:   Servi‡os IPSEC
  Description: Gerencia a diretiva de seguran‡a IP e inicia o ISAKMP/Oakley (IKE) e o driver de seguran‡a IP.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           ProtectedStorage
Display Name:   Armazenamento protegido
  Description: Fornece o armazenamento protegido para dados sens¡veis, como chaves privadas, para evitar o acesso de servi‡os, processos ou usu rios sem autoriza‡Æo.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           RasAuto
Display Name:   Gerenciador de conexÆo de acesso remoto autom tico
  Description: Cria uma conexÆo a uma rede remota sempre que um programa faz referˆncia a um nome ou endere‡o remoto DNS ou NetBios.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           RasMan
Display Name:   Gerenciador de conexÆo de acesso remoto
  Description: Cria uma conexÆo de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           RDSessMgr
Display Name:   Gerenciador de sessÆo de ajuda de  rea de trabalho remota
  Description: Gerencia e controla a 'Assistˆncia remota'. Se esse servi‡o for interrompido, a 'Assistˆncia remota' ficar  indispon¡vel. Antes de interromper esse servi‡o, consulte a guia 'Dependˆncias' da caixa de di logo 'Propriedades'.
  Path Name:   C:\WINDOWS\system32\sessmgr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RemoteAccess
Display Name:   Roteamento e acesso remoto
  Description: Oferece servi‡os de roteamento a empresas em ambientes de rede local e de longa distƒncia.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Disabled
  State:       Stopped

Name:           RemoteRegistry
Display Name:   Registro remoto
  Description: Permite que usu rios remotos modifiquem configura‡äes do Registro neste computador. Se este servi‡o for parado, o Registro s¢ poder  ser modificado por usu rios deste computador. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           RpcLocator
Display Name:   Alocador Remote Procedure Call (RPC)
  Description: Gerencia o banco de dados do servi‡o de nomes RPC.
  Path Name:   C:\WINDOWS\system32\locator.exe
  Start Mode:  Manual
  State:       Stopped

Name:           RpcSs
Display Name:   Chamada de procedimento remoto (RPC)
  Description: Fornece o mapeador de ponto de extremidade e outros servi‡os RPC variados.
  Path Name:   C:\WINDOWS\system32\svchost -k rpcss
  Start Mode:  Auto
  State:       Running

Name:           RSVP
Display Name:   QoS RSVP
  Description: Fornece a funcionalidade de sinaliza‡Æo de rede e configura‡Æo do controle do tr fego local para programas compat¡veis com QoS e miniaplicativos de controle.
  Path Name:   C:\WINDOWS\system32\rsvp.exe
  Start Mode:  Manual
  State:       Stopped

Name:           SamSs
Display Name:   Gerenciador de contas de seguran‡a
  Description: Armazena informa‡äes sobre seguran‡a para contas de usu rio local.
  Path Name:   C:\WINDOWS\system32\lsass.exe
  Start Mode:  Auto
  State:       Running

Name:           SCardSvr
Display Name:   CartÆo inteligente
  Description: Gerencia o acesso a leitores de cartÆo inteligente por este computador. Se este servi‡o for parado, o computador nÆo poder  ler cartäes inteligentes. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\SCardSvr.exe
  Start Mode:  Manual
  State:       Stopped

Name:           Schedule
Display Name:   Agendador de tarefas
  Description: Permite que um usu rio configure e agende tarefas automatizadas no computador. Se este servi‡o for interrompido, essas tarefas nÆo serÆo executadas nos hor rios agendados. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           seclogon
Display Name:   Secondary Logon
  Description: Ativa a inicializa‡Æo de processos sob credenciais alternadas. Se este servi‡o for interrompido, este tipo de acesso por logon nÆo estar  dispon¡vel. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SENS
Display Name:   Notifica‡Æo de eventos de sistema
  Description: Rastreia eventos do sistema como eventos de logon do Windows, rede e energia.  Notifica assinantes do Sistema de evento COM+ destes eventos.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SharedAccess
Display Name:   Firewall do Windows/Compartilhamento de ConexÆo com a Internet (ICS)
  Description: Fornece servi‡os de conversÆo de endere‡os de rede, endere‡amento e resolu‡Æo de nomes e/ou preven‡Æo de invasÆo para uma rede dom‚stica ou de pequena empresa.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           ShellHWDetection
Display Name:   Detec‡Æo do hardware do shell
  Description: Fornece notifica‡äes de eventos de hardware 'Reprodu‡Æo autom tica'.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           Spooler
Display Name:   Spooler de impressÆo
  Description: Carrega arquivos na mem¢ria para impressÆo posterior.
  Path Name:   C:\WINDOWS\system32\spoolsv.exe
  Start Mode:  Auto
  State:       Running

Name:           srservice
Display Name:   Servi‡o de restaura‡Æo do sistema
  Description: Executa fun‡äes de restaura‡Æo do sistema. Para interromper o servi‡o, desative a 'Restaura‡Æo do sistema' na guia 'Restaura‡Æo do sistema' em 'Meu computador' -> 'Propriedades'
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           SSDPSRV
Display Name:   Servi‡o de descoberta SSDP
  Description: Ativa a descoberta de dispositivos UPnP na rede dom‚stica.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           stisvc
Display Name:   Assistente de aquisi‡Æo de imagens do Windows (WIA)
  Description: Fornece servi‡os de aquisi‡Æo de imagens para scanners e cƒmeras
  Path Name:   C:\WINDOWS\system32\svchost.exe -k imgsvc
  Start Mode:  Manual
  State:       Stopped

Name:           SwPrv
Display Name:   MS Software Shadow Copy Provider
  Description: Gerencia c¢pias de sombra de volume baseadas em software obtidas pelo servi‡o de c¢pias de sombra de volume. Se o servi‡o for interrompido, as c¢pias de sombra baseadas em software nÆo poderÆo ser gerenciadas. Se o servi‡o for desativado, os servi‡os que dependerem dele diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\dllhost.exe /Processid:{CC818B09-A739-4424-9B8F-27A052D7B1C4}
  Start Mode:  Manual
  State:       Stopped

Name:           SysmonLog
Display Name:   Logs e alertas de desempenho
  Description: Coleta dados de desempenho de computadores locais ou remotos com base em parƒmetros de agendamento pr‚-configurados; em seguida, grava os dados em um log ou dispara um alerta. Se este servi‡o for parado, as informa‡äes de desempenho nÆo serÆo coletadas. Se este servi‡o for desativado, os servi‡os que dependerem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\smlogsvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           TapiSrv
Display Name:   Telefonia
  Description: Fornece suporte … telefonia API (TAPI) para programas que controlam dispositivos de telefonia e conexäes de voz baseadas em IP no computador local e, atrav‚s da rede local, em servidores que tamb‚m estÆo executando o servi‡o.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Running

Name:           TermService
Display Name:   Servi‡os de terminal
  Description: Permite que v rios usu rios sejam conectados interativamente a um computador e que as  reas de trabalho e os aplicativos sejam exibidos a computadores remotos. A base da  rea de trabalho remota (inclusive a  rea de trabalho remota para administradores), da op‡Æo de alternar-se rapidamente entre usu rios, da assistˆncia remota e do Terminal Server.
  Path Name:   C:\WINDOWS\System32\svchost -k DComLaunch
  Start Mode:  Manual
  State:       Running

Name:           Themes
Display Name:   Temas
  Description: Fornece gerenciamento de temas para experiˆncia do usu rio.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           TlntSvr
Display Name:   Telnet
  Description: Permite que  um usu rio remoto fa‡a logon neste computador e execute programas. Fornece suporte a v rios clientes Telnet TCP/IP, inclusive computadores baseados em UNIX e Windows. Se este servi‡o for parado, o acesso de usu rios remotos a programas poder  nÆo estar dispon¡vel. Se este servi‡o for desativado, os servi‡os que dependem dele explicitamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\tlntsvr.exe
  Start Mode:  Disabled
  State:       Stopped

Name:           TrkWks
Display Name:   Cliente de rastreamento de link distribu¡do
  Description: Mant‚m v¡nculos entre arquivos NTFS em um computador ou entre computadores em um dom¡nio de rede.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           upnphost
Display Name:   Host de dispositivo Plug and Play universal
  Description: Oferece suporte para hospedar dispositivos Plug and Play universais.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Manual
  State:       Running

Name:           UPS
Display Name:   Sistema de alimenta‡Æo ininterrupta
  Description: Gerencia o sistema de alimenta‡Æo ininterrupto (no-break) conectado ao computador.
  Path Name:   C:\WINDOWS\System32\ups.exe
  Start Mode:  Manual
  State:       Stopped

Name:           VSS
Display Name:   C¢pia de volume em mem¢ria
  Description: Gerencia e implementa c¢pias de volume em mem¢ria usados para o backup e outros prop¢sitos. Se este servi‡o for interrompido, as c¢pias em mem¢ria nÆo estarÆo dispon¡veis para backup e o backup pode falhar. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\System32\vssvc.exe
  Start Mode:  Manual
  State:       Stopped

Name:           W32Time
Display Name:   Hor rio do Windows
  Description: Mant‚m sincroniza‡Æo de data e hora em todos os clientes e servidores da rede. Se este servi‡o for interrompido, a sincroniza‡Æo nÆo ficar  dispon¡vel. Se este servi‡o for desativado, os servi‡os que dele dependem explicitamente nÆo serÆo iniciados.

  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WebClient
Display Name:   Cliente da Web
  Description: Permite que programas baseados em Windows criem, acessem e modifiquem arquivos baseados na Internet. Se este servi‡o for interrompido, essas fun‡äes nÆo estarÆo dispon¡veis. Se este servi‡o for desativado, quaisquer servi‡os que dele dependam diretamente nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k LocalService
  Start Mode:  Auto
  State:       Running

Name:           winmgmt
Display Name:   Testador de instrumenta‡Æo de gerenciam. do Windows
  Description: Fornece uma interface comum e um modelo de objeto para o acesso a informa‡äes de gerenciamento sobre o sistema operacional, dispositivos, aplicativos e servi‡os. Se esse servi‡o for parado, a maioria dos itens de software baseados no Windows nÆo funcionar  corretamente. Se este servi‡o for desativado, os servi‡os que dependerem explicitamente dele nÆo serÆo iniciados.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           winss
Display Name:   Windows Live OneCare
  Description: Helps manage PC security and overall health by providing virus and spyware monitoring, firewall, backup, and other services. If this service is stopped, this computer might be at risk from viruses and other threats.
  Path Name:   C:\Arquivos de programas\Microsoft Windows OneCare Live\winss.exe
  Start Mode:  Auto
  State:       Running

Name:           WmdmPmSN
Display Name:   Portable Media Serial Number Service
  Description: Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           Wmi
Display Name:   Extensäes de driver de instrum. gerenc. do Windows
  Description: Fornece informa‡äes sobre gerenciamento de sistemas para drivers e de drivers.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped

Name:           WmiApSrv
Display Name:   Adaptador de desempenho WMI
  Description: Fornece informa‡äes da biblioteca de desempenho dos provedores HiPerf WMI.
  Path Name:   C:\WINDOWS\system32\wbem\wmiapsrv.exe
  Start Mode:  Manual
  State:       Stopped

Name:           WMPNetworkSvc
Display Name:   Servi‡o de Compartilhamento de Rede do Windows Media Player
  Description: Compartilha bibliotecas do Windows Media Player com outros players e dispositivos de m¡dia da rede por meio de Universal Plug and Play
  Path Name:   "C:\Arquivos de programas\Windows Media Player\WMPNetwk.exe"
  Start Mode:  Manual
  State:       Stopped

Name:           wscsvc
Display Name:   wscsvc
  Description: 
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Stopped

Name:           wuauserv
Display Name:   Atualiza‡äes Autom ticas
  Description: Ativa o download e instala‡Æo das atualiza‡äes do Windows. Se este servi‡o for desabilitado, o computador nÆo ser  capaz de usar o recurso de Atualiza‡äes Autom ticas nem o site do Windows Update na web.
  Path Name:   C:\WINDOWS\system32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           WudfSvc
Display Name:   Windows Driver Foundation - User-mode Driver Framework
  Description: Manages user-mode driver host processes
  Path Name:   C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
  Start Mode:  Manual
  State:       Stopped

Name:           WZCSVC
Display Name:   Configura‡Æo zero sem fio
  Description: Fornece configura‡Æo autom tica para os adaptadores 802.11
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Auto
  State:       Running

Name:           xmlprov
Display Name:   Servi‡o de Configura‡Æo de Rede
  Description: Gerencia arquivos de configura‡Æo XML por dom¡nio para configura‡Æo autom tica de rede.
  Path Name:   C:\WINDOWS\System32\svchost.exe -k netsvcs
  Start Mode:  Manual
  State:       Stopped


------------------------------------------------------------------------------------ 

Displaying LOG for Microsoft Windows Malicious Software Removal Tool: 

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 13:51:38 2009

Extended Scan Results
----------------
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v2.14, September 2009
Started On Fri Oct 02 15:19:56 2009

Extended Scan Results
----------------
Found potential malware: TrojanDownloader:Win32/Renos in process://pid:184
->Scan ERROR: resource file://C:\pagefile.sys (code 0x00000020 (32))
-> Sysclean ERROR: Internal error, code = 8050800C

Results Summary:
----------------
Found TrojanDownloader:Win32/Renos (detected generically)

Return code: 6
Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 02 16:43:36 2009

Removal Tool Finished On Fri Oct 02 16:32:45 2009

---------------------------------------------------------------------------- 
   Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys 
       if Hidden = 0 then Hidden Files and Folders are not shown 
       if SuperHidden = 1 is the desired default value. 
       if ShowSuperHidden = 0 then System Files are not shown 
       if HideFileExt = 1 then File Extension are not shown 
   We want their values to be (from top to bottom) 1,1,1,0 
---------------------------------------------------------------------------- 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
  Hidden	REG_DWORD      	1 (0x1)
  SuperHidden	REG_DWORD      	1 (0x1)
  ShowSuperHidden	REG_DWORD      	1 (0x1)
  HideFileExt	REG_DWORD      	0 (0x0)

************************************************************************************  

Examining Select Windows Registry Keys 
------------------------------------------------------------------------------------ 

   -------------------------------------------------------------------------- 
       Items Found in ZoneMap\Domains: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\msn.com

   ---------------------------------------------------------------------------- 
       Current User ZoneMap ProtocolDefaults 
   ---------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
  <NO NAME>	REG_SZ         	
  http	REG_DWORD      	3 (0x3)
  https	REG_DWORD      	3 (0x3)
  ftp	REG_DWORD      	3 (0x3)
  file	REG_DWORD      	3 (0x3)
  @ivt	REG_DWORD      	1 (0x1)
  shell	REG_DWORD      	0 (0x0)

   ---------------------------------------------------------------------------- 
           Default URL Prefix Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\DefaultPrefix
  <NO NAME>	REG_SZ         	http://

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\url\Prefixes
  ftp	REG_SZ         	ftp://
  gopher	REG_SZ         	gopher://
  home	REG_SZ         	http://
  mosaic	REG_SZ         	http://
  www	REG_SZ         	http://

   -------------------------------------------------------------------------- 
           Startup Items Disabled via MSCONFIG: 
   -------------------------------------------------------------------------- 


   -------------------------------------------------------------------------- 
           Select AutoRun Registry Keys: 
   -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
  uTorrent	REG_SZ         	"C:\Arquivos de programas\uTorrent\uTorrent.exe"
  Skype	REG_SZ         	"C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized
  DAEMON Tools Lite	REG_SZ         	"C:\Arquivos de programas\DAEMON Tools Lite\daemon.exe" -autorun
  NCsoft Launcher	REG_SZ         	C:\Arquivos de programas\NCSoft\Launcher\NCLauncher.exe /Minimized
  ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
  nwiz	REG_SZ         	nwiz.exe /install
  NvMediaCenter	REG_SZ         	RunDLL32.exe NvMCTray.dll,NvTaskbarInit
  High Definition Audio Property Page Shortcut	REG_SZ         	HDAShCut.exe
  SoundMAXPnP	REG_SZ         	C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
  Adobe Reader Speed Launcher	REG_SZ         	"C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"
  mspaint	REG_SZ         	"C:\WINDOWS\system32\paint.exe" -autocheck
  OneCareUI	REG_SZ         	"C:\Arquivos de programas\Microsoft Windows OneCare Live\winssnotify.exe"
  SunJavaUpdateSched	REG_SZ         	"C:\Arquivos de programas\Java\jre6\bin\jusched.exe"
  NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce


HKEY_USERS\.default\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run
  CTFMON.EXE	REG_SZ         	C:\WINDOWS\system32\CTFMON.EXE


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce
  nltide_3	REG_EXPAND_SZ  	rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N


Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!


   -------------------------------------------------------------------------- 
           WinLogon Notify Registry Key: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  MaxWait	REG_DWORD      	258 (0x102)
  DllName	REG_SZ         	C:\Arquivos de programas\GbPlugin\gbieh.dll
  Startup	REG_SZ         	GbPluginEventStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	crypt32.dll
  Logoff	REG_SZ         	ChainWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
  Asynchronous	REG_DWORD      	0 (0x0)
  Impersonate	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	cryptnet.dll
  Logoff	REG_SZ         	CryptnetWlxLogoffEvent

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
  DLLName	REG_SZ         	cscdll.dll
  Logon	REG_SZ         	WinlogonLogonEvent
  Logoff	REG_SZ         	WinlogonLogoffEvent
  ScreenSaver	REG_SZ         	WinlogonScreenSaverEvent
  Startup	REG_SZ         	WinlogonStartupEvent
  Shutdown	REG_SZ         	WinlogonShutdownEvent
  StartShell	REG_SZ         	WinlogonStartShellEvent
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	SCardStartCertProp
  Logoff	REG_SZ         	SCardStopCertProp
  Lock	REG_SZ         	SCardSuspendCertProp
  Unlock	REG_SZ         	SCardResumeCertProp
  Enabled	REG_DWORD      	1 (0x1)
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  StartShell	REG_SZ         	SchedStartShell
  Logoff	REG_SZ         	SchedEventLogOff

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
  Logoff	REG_SZ         	WLEventLogoff
  Impersonate	REG_DWORD      	0 (0x0)
  Asynchronous	REG_DWORD      	1 (0x1)
  DllName	REG_EXPAND_SZ  	sclgntfy.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
  DLLName	REG_SZ         	WlNotify.dll
  Lock	REG_SZ         	SensLockEvent
  Logon	REG_SZ         	SensLogonEvent
  Logoff	REG_SZ         	SensLogoffEvent
  Safe	REG_DWORD      	1 (0x1)
  MaxWait	REG_DWORD      	600 (0x258)
  StartScreenSaver	REG_SZ         	SensStartScreenSaverEvent
  StopScreenSaver	REG_SZ         	SensStopScreenSaverEvent
  Startup	REG_SZ         	SensStartupEvent
  Shutdown	REG_SZ         	SensShutdownEvent
  StartShell	REG_SZ         	SensStartShellEvent
  PostShell	REG_SZ         	SensPostShellEvent
  Disconnect	REG_SZ         	SensDisconnectEvent
  Reconnect	REG_SZ         	SensReconnectEvent
  Unlock	REG_SZ         	SensUnlockEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
  Asynchronous	REG_DWORD      	0 (0x0)
  DllName	REG_EXPAND_SZ  	wlnotify.dll
  Impersonate	REG_DWORD      	0 (0x0)
  Logoff	REG_SZ         	TSEventLogoff
  Logon	REG_SZ         	TSEventLogon
  PostShell	REG_SZ         	TSEventPostShell
  Shutdown	REG_SZ         	TSEventShutdown
  StartShell	REG_SZ         	TSEventStartShell
  Startup	REG_SZ         	TSEventStartup
  MaxWait	REG_DWORD      	600 (0x258)
  Reconnect	REG_SZ         	TSEventReconnect
  Disconnect	REG_SZ         	TSEventDisconnect

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
  DLLName	REG_SZ         	wlnotify.dll
  Logon	REG_SZ         	RegisterTicketExpiredNotificationEvent
  Logoff	REG_SZ         	UnregisterTicketExpiredNotificationEvent
  Impersonate	REG_DWORD      	1 (0x1)
  Asynchronous	REG_DWORD      	1 (0x1)

   -------------------------------------------------------------------------- 
           Shared Task Scheduler Registry Items: 
   -------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
  {438755C2-A8BA-11D1-B96B-00A0C90312E1}	REG_SZ         	Pré-carregador Browseui
  {8C7461EF-2B13-11d2-BE35-3078302C2030}	REG_SZ         	Daemon de cache de categorias de componente

   -------------------------------------------------------------------------- 
           Scheduled Tasks: 
   -------------------------------------------------------------------------- 

O volume na unidade C não tem nome.
O número de série do volume é 50E8-DE77

Pasta de C:\WINDOWS\tasks

05/09/2009  08:48    <DIR>          .
05/09/2009  08:48    <DIR>          ..
28/10/2001  11:07                65 desktop.ini
04/10/2009  09:10                 6 SA.DAT
              2 arquivo(s)             71 bytes

    Total de arquivos na lista:
              2 arquivo(s)             71 bytes
              2 pasta(s) 114.102.489.088 bytes disponíveis
   HR     C:\WINDOWS\tasks\desktop.ini
A   H      C:\WINDOWS\tasks\SA.DAT

   ---------------------------------------------------------------------------- 
           ShellExecuteHooks Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
  {AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	
  {E37CB5F0-51F5-4395-A808-5FA49E399F83}	REG_SZ         	GbPlugin ShlObj

   ---------------------------------------------------------------------------- 
           ShellServiceObjectDelayLoad Registry Keys 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
  PostBootReminder	REG_SZ         	{7849596a-48ea-486e-8937-a2a3009f31a9}
  CDBurn	REG_SZ         	{fbeb8a05-beee-4442-804e-409d6c4515e9}
  WebCheck	REG_SZ         	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}
  SysTray	REG_SZ         	{35CEC8A3-2BE6-11D2-8773-92E220524153}
  WPDShServiceObj	REG_SZ         	{AAA288BA-9A4C-45B0-95D7-94D524869DB5}

   ---------------------------------------------------------------------------- 
           ModuleUsage Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll
  .Owner	REG_SZ         	{5ED80217-570B-4DA9-BF44-BE107C0EC166}
  {5ED80217-570B-4DA9-BF44-BE107C0EC166}	REG_SZ         	

   ---------------------------------------------------------------------------- 
           BHO Registry Keys: 
   ---------------------------------------------------------------------------- 



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
  <NO NAME>	REG_SZ         	AcroIEHelperStub
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
  <NO NAME>	REG_SZ         	

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{C41A1C0E-EA6C-11D4-B1B8-444553540000}
  <NO NAME>	REG_SZ         	G-Buster Browser Defense

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
  NoExplorer	REG_DWORD      	1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
  <NO NAME>	REG_SZ         	JQSIEStartDetectorImpl
  NoExplorer	REG_DWORD      	1 (0x1)

    -------------------------------------------------------------------------- 
           Select Policy Keys: 
    -------------------------------------------------------------------------- 



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	323 (0x143)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)
  NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff)
  NoDrives	REG_DWORD      	0 (0x0)

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system


HKEY_CURRENT_USER\software\policies\microsoft\internet explorer

HKEY_CURRENT_USER\software\policies\microsoft\internet explorer\Control Panel


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
  NoDesktopCleanupWizard	REG_DWORD      	1 (0x1)
  NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff)
  NoDriveTypeAutoRun	REG_DWORD      	323 (0x143)
  NoDrives	REG_DWORD      	0 (0x0)

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system
  dontdisplaylastusername	REG_DWORD      	0 (0x0)
  legalnoticecaption	REG_SZ         	
  legalnoticetext	REG_SZ         	
  shutdownwithoutlogon	REG_DWORD      	1 (0x1)
  undockwithoutlogon	REG_DWORD      	1 (0x1)
  DisableRegistryTools	REG_DWORD      	0 (0x0)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	323 (0x143)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)
  NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff)

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
  NoDriveTypeAutoRun	REG_DWORD      	323 (0x143)
  ForceClassicControlPanel	REG_DWORD      	1 (0x1)
  NoStartBanner	REG_DWORD      	1 (0x1)
  NoLowDiskSpaceChecks	REG_DWORD      	1 (0x1)
  NoRecentDocsMenu	REG_DWORD      	1 (0x1)
  NoRecentDocsHistory	REG_DWORD      	1 (0x1)
  NoResolveTrack	REG_DWORD      	1 (0x1)
  LinkResolveIgnoreLinkInfo	REG_DWORD      	1 (0x1)
  NoResolveSearch	REG_DWORD      	1 (0x1)
  NoDriveAutoRun	REG_DWORD      	67108863 (0x3ffffff)

HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system

************************************************************************************ 

Checking File System for suspicious Files 

-------------------------------------------------------------------------- 
   Items in the Root Directory: 
-------------------------------------------------------------------------- 

   Locating all files created in C:\ 

"C:\"
ARQUIV~1       6 Jul 2009              "Arquivos de programas"
autoexec.bat   6 Jul 2009           0  "AUTOEXEC.BAT"
boot.bak       6 Jul 2009         211  "Boot.bak"
boot.ini       3 Oct 2009         281  "boot.ini"
bootfont.bin  28 Oct 2001        4952  "Bootfont.bin"
CMDCONS        3 Oct 2009              "cmdcons"
cmldr          3 Aug 2004      261856  "cmldr"
COMBOFIX       3 Oct 2009              "ComboFix"
config.sys     6 Jul 2009           0  "CONFIG.SYS"
DOCUME~1       6 Jul 2009              "Documents and Settings"
FRAPS         30 Jul 2009              "Fraps"
GOOGLE~1      21 Sep 2009              "GoogleAppEngine"
io.sys         6 Jul 2009           0  "IO.SYS"
ISEEYO~1       2 Oct 2009              "ISeeYouXP"
msdos.sys      6 Jul 2009           0  "MSDOS.SYS"
ntdetect.com   3 Aug 2004       47564  "NTDETECT.COM"
ntldr          3 Aug 2004      251168  "ntldr"
pagefile.sys   4 Oct 2009  1610612736  "pagefile.sys"
PROGRA~1      14 Jul 2009              "Program Files"
QOOBOX         3 Oct 2009              "Qoobox"
RECYCLER       3 Oct 2009              "RECYCLER"
SYSTEM~1       6 Jul 2009              "System Volume Information"
TMP            5 Sep 2009              "tmp"
WINDOWS        6 Jul 2009              "WINDOWS"

24 items found:  11 files (7 H/S), 13 directories (3 H/S).
  Total of file sizes:  1.611.178.768 bytes      1,50 G

-------------------------------------------------------------------------- 
   Locating all Backup files on C: 
-------------------------------------------------------------------------- 

   Locating all *.BAK* files 

"C:\"
boot.bak       6 Jul 2009         211  "Boot.bak"

"C:\Arquivos de programas\Analog Devices\SoundMAX\"
smaxlo~1.bak   6 Jul 2009        3322  "SMax.log.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"
sfs4rw~1.bak  10 Sep 2008     1188096  "sfs4rw.dll.bak"
vegas8~1.bak  10 Sep 2008    11515136  "vegas80.exe.bak"

"C:\WINDOWS\Debug\UserMode\"
userenv.bak   18 Sep 2009      309204  "userenv.bak"

"C:\Arquivos de programas\Sony\Shared Plug-Ins\Audio\"
mchamm~1.bak   6 Aug 2008     1317888  "mchammer.dll.bak"
sffrgp~1.bak  10 Sep 2008     1298688  "sffrgpnv.dll.bak"
sfppac~1.bak  10 Sep 2008     1665280  "sfppack1.dll.bak"
sfppac~2.bak  10 Sep 2008     1845504  "sfppack2.dll.bak"
sfppac~3.bak  10 Sep 2008     1561856  "sfppack3.dll.bak"
sfresf~1.bak   6 Aug 2008     1282048  "sfresfilter.dll.bak"
sftrkf~1.bak  10 Sep 2008     1531648  "sftrkfx1.dll.bak"
sfxpfx~1.bak  10 Sep 2008     1287936  "sfxpfx1.dll.bak"
sfxpfx~2.bak  10 Sep 2008     1291520  "sfxpfx2.dll.bak"
sfxpfx~3.bak  10 Sep 2008     1425664  "sfxpfx3.dll.bak"
xpviny~1.bak   6 Aug 2008     1340928  "xpvinyl.dll.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\External Control Drivers\"
spcons~1.bak  10 Sep 2008     1981952  "spconsoleopt.dll.bak"
spgenc~1.bak  10 Sep 2008     1696256  "spgenctrlopt.dll.bak"
spmack~1.bak  10 Sep 2008     1759744  "spmackiectrlopt.dll.bak"
tranzp~1.bak  10 Sep 2008      855552  "tranzport.dll.bak"

"C:\WINDOWS\Debug\Setup\Backup\"
hdaudi~1.bak   3 Oct 2009           0  "HDAUDIO_Backup.bak"
intppm~1.bak   3 Oct 2009           4  "INTPPM_Backup.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\"
ac3plu~1.bak  10 Sep 2008     2015488  "ac3plug.dll.bak"
ac3plu~2.bak  10 Sep 2008     1188096  "ac3plugrw.dll.bak"

"C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         141  "brndlog.bak"

"C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

"C:\WINDOWS\pchealth\helpctr\Config\Cache\"
profes~1.bak  31 Jul 2009      181272  "Professional_32_1046.dat.bak"

"C:\Arquivos de programas\Sony\Vegas Pro 8.0\FileIO Plug-Ins\ac3plug\ac3market\"
sfconf~1.bak  10 Sep 2008      408832  "sfconfigmgr.dll.bak"
sfmark~1.bak  10 Sep 2008     1535232  "sfmarket2.dll.bak"

"C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft\Office\Data\"
data.bak      10 Feb 2001        1106  "DATA.BAK"

"C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\mo0gflgs.default\"
prefsj~1.bak   3 Oct 2009        3470  "prefs.js.BAK"

"C:\WINDOWS\system32\config\systemprofile\Dados de aplicativos\Microsoft\Internet Explorer\"
brndlog.bak    6 Jul 2009         113  "brndlog.bak"

34 items found:  34 files, 0 directories.
  Total of file sizes:  42.436.364 bytes     40,47 M

-------------------------------------------------------------------------- 
   Locating all copies of Internet Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\ComboFix\"
iexplore.exe  20 Apr 2009       31232  "iexplore.exe"

"C:\Arquivos de programas\Internet Explorer\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\ie8\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

"C:\WINDOWS\system32\dllcache\"
iexplore.exe   8 Mar 2009      638816  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\"
iexplore.exe  13 Apr 2008       93184  "iexplore.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
iexplore.exe   3 Aug 2004       93184  "iexplore.exe"

6 items found:  6 files, 0 directories.
  Total of file sizes:  1.588.416 bytes      1,51 M

-------------------------------------------------------------------------- 
   Locating all copies of beep.sy_ on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

No matches found.

-------------------------------------------------------------------------- 
   Locating all copies of beep.sys on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Internet Explorer 

"C:\WINDOWS\ERDNT\cache\"
beep.sys      28 Oct 2001        4224  "beep.sys"

"C:\WINDOWS\system32\drivers\"
beep.sys      28 Oct 2001        4224  "beep.sys"

2 items found:  2 files, 0 directories.
  Total of file sizes:  8.448 bytes      8,25 K

-------------------------------------------------------------------------- 
   Locating all copies of Windows Explorer on C: 
-------------------------------------------------------------------------- 

   Locating all copies of Windows Explorer 

"C:\WINDOWS\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

"C:\WINDOWS\ERDNT\cache\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\f7670e43b3c19680acdc044a1fbe993f\"
explorer.exe  13 Apr 2008     1035776  "explorer.exe"

"C:\WINDOWS\SoftwareDistribution\Download\be339b07d210ea88f2393519d2e5e7cf\backup\"
explorer.exe   3 Aug 2004     1034240  "explorer.exe"

4 items found:  4 files, 0 directories.
  Total of file sizes:  4.138.496 bytes      3,95 M

--------------------------------------------------------------------------
   Items in Document and Settings: 
--------------------------------------------------------------------------

    Listing contents of C:\Documents and Settings 
OŠ÷‹h¡ÿh¡¸¨žè‚ ÇG  ‰Oˆw‹6죉76Nž+÷‰w‹6p¤‰w	‹÷‹>ì£ùÿk¢}                                                               - 1252,

"C:\Documents and Settings\"
ADMINI~1       6 Jul 2009              "Administrador"
ALLUSE~1       6 Jul 2009              "All Users"
DEFAUL~1       6 Jul 2009              "Default User"
LOCALS~1       6 Jul 2009              "LocalService"
NETWOR~1       6 Jul 2009              "NetworkService"

5 items found:  0 files, 5 directories (3 H/S).

    --------------------------------------------------------------------------
           Desktop Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Desktop within the last 90 days. 

"C:\Documents and Settings\Administrador\Desktop\"
amplif~1.pdf  14 Sep 2009      118950  "Amplificador em Cascata.pdf"
cnpq.doc      19 Sep 2009       41472  "CNPQ.doc"
counte~1.lnk  24 Sep 2009        1683  "Counter Strike 1.6 Non Steam.lnk"
c__exe~1.lnk  23 Sep 2009         762  "c++.exe.lnk"
garena.lnk    11 Sep 2009         710  "Garena.lnk"
heroes~1.lnk  18 Jul 2009        1660  "Heroes of Newerth.lnk"
LOGS           2 Oct 2009              "LOGS"
MANOEL         3 Sep 2009              "manoel"
orquidea.mht  26 Aug 2009     1305854  "ORQUIDEA.mht"
VIRUS          2 Oct 2009              "VIRUS"
window~1.lnk   6 Jul 2009        1871  "Windows Live Messenger .lnk"

11 items found:  8 files, 3 directories.
  Total of file sizes:  1.472.962 bytes      1,40 M

   Locating all files created in C:\Documents and Settings\All Users\Desktop\ within the last 90 days. 

"C:\Documents and Settings\All Users\Desktop\"
mozill~1.lnk   6 Jul 2009        1674  "Mozilla Firefox.lnk"
pokers~1.lnk  14 Sep 2009         792  "PokerStars.lnk"
steam.lnk      1 Oct 2009        2255  "Steam.lnk"
trucol~1.lnk  10 Sep 2009         802  "Truco LigasOnline.lnk"

4 items found:  4 files, 0 directories.
  Total of file sizes:  5.523 bytes      5,39 K

    --------------------------------------------------------------------------
           Start Menu Items: 
    --------------------------------------------------------------------------

   Locating all files created inC:\Documents and Settings\Administrador\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Start Menu\Programs\Startup within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           Application Data Items: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\Application Data\ within the last 90 days. 

No matches found.

   Locating all files created in C:\Documents and Settings\All Users\Application Data\ within the last 90 days. 

No matches found.

    --------------------------------------------------------------------------
           C:\Documents and Settings\Administrador\Local Settings\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Local Settings\TEMP within the last 90 days. 

    --------------------------------------------------------------------------
           Items in Templates Folder: 
    --------------------------------------------------------------------------

   Locating all files created in C:\Documents and Settings\Administrador\Templates 

No matches found.

--------------------------------------------------------------------------
           Items in Program Files: 
--------------------------------------------------------------------------

   Locating all files created in C:\Arquivos de programas\ within the last 90 days. 

"C:\Arquivos de programas\"
A-SQUA~1       2 Oct 2009              "a-squared HiJackFree"
A-SQUA~2       2 Oct 2009              "a-squared Free"
ADOBE          6 Jul 2009              "Adobe"
ANALOG~1       6 Jul 2009              "Analog Devices"
ARQUIV~1       6 Jul 2009              "Arquivos comuns"
CODEBL~1      22 Sep 2009              "CodeBlocks"
CSPIRA~1      24 Sep 2009              "cspiratao"
DAEMON~1      16 Sep 2009              "DAEMON Tools Lite"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
EXPLOR~1       2 Oct 2009              "ExplorerXP"
FREEAU~1      10 Sep 2009              "Free Audio Pack"
GABEST         4 Sep 2009              "Gabest"
GARENA        11 Sep 2009              "Garena"
GBPLUGIN       4 Aug 2009              "GbPlugin"
HEROES~1      18 Jul 2009              "Heroes of Newerth"
INSTAL~1       6 Jul 2009              "InstallShield Installation Information"
INTERN~1       6 Jul 2009              "Internet Explorer"
JAVA           4 Aug 2009              "Java"
K-LITE~1       6 Jul 2009              "K-Lite Codec Pack"
LIGASO~1      10 Sep 2009              "LigasOnline"
MICROS~1       6 Jul 2009              "Microsoft"
MICROS~2       6 Jul 2009              "Microsoft Office"
MICROS~3       1 Oct 2009              "Microsoft Windows OneCare Live"
MICROS~4       3 Oct 2009              "microsoft frontpage"
MOVIEM~1       3 Oct 2009              "movie maker"
MOZILL~1       6 Jul 2009              "Mozilla Firefox"
MSBUILD       30 Jul 2009              "MSBuild"
MSNGAM~1       3 Oct 2009              "msn gaming zone"
NCSOFT        25 Sep 2009              "NCSoft"
NETMEE~1       3 Oct 2009              "netmeeting"
NOTEPA~1       6 Jul 2009              "Notepad++"
OUTLOO~1       6 Jul 2009              "Outlook Express"
PANDON~1      20 Sep 2009              "Pando Networks"
POKERS~1      14 Sep 2009              "PokerStars"
REALAL~1      31 Aug 2009              "Real Alternative"
REFERE~1      30 Jul 2009              "Reference Assemblies"
REPLAY~1      30 Jul 2009              "ReplaySeeker"
SKYPE         17 Aug 2009              "Skype"
SONY          30 Jul 2009              "Sony"
SONYSE~1      30 Jul 2009              "Sony Setup"
STEAM          8 Aug 2009              "Steam"
SYSTEM~1      16 Sep 2009              "SystemRequirementsLab"
TEAMSP~1      28 Jul 2009              "Teamspeak2_RC2"
UTORRENT       6 Jul 2009              "uTorrent"
VDOWNL~1       2 Aug 2009              "VDOWNLOADER"
VERYPD~1.0     5 Sep 2009              "VeryPDF PDF2Word v3.0"
VIA            6 Jul 2009              "VIA"
WARCRA~1       6 Jul 2009              "Warcraft III"
WARKEYS        1 Aug 2009              "Warkeys"
WI4290~1       3 Oct 2009              "windows nt"
WI4DF6~1       6 Jul 2009              "Windows Media Connect 2"
WINDOW~1       6 Jul 2009              "Windows Media Player"
WINDOW~2       1 Oct 2009              "Windows Live Safety Center"
WINDOW~3       6 Jul 2009              "Windows Live"
WINDOW~4       6 Jul 2009              "Windows Live SkyDrive"
WINRAR         6 Jul 2009              "WinRAR"
XEROX          3 Oct 2009              "xerox"

57 items found:  0 files, 57 directories (1 H/S).

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\ within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\"
ADOBE          6 Jul 2009              "Adobe"
DESIGNER       6 Jul 2009              "Designer"
DVDVID~1       6 Aug 2009              "DVDVideoSoft"
ESELLE~1      31 Jul 2009              "eSellerate"
INSTAL~1       6 Jul 2009              "InstallShield"
MICROS~1       6 Jul 2009              "Microsoft Shared"
MSSOAP         6 Jul 2009              "MSSoap"
SERVI€OS       6 Jul 2009              "Servi‡os"
SKYPE         17 Aug 2009              "Skype"
SPEECH~1       3 Oct 2009              "speechengines"
SYSTEM         6 Jul 2009              "System"
WINDOW~1       6 Jul 2009              "Windows Live"

12 items found:  0 files, 12 directories.

   Locating all files created in C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders within the last 90 days. 

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\"
1033           6 Jul 2009              "1033"
1046           6 Jul 2009              "1046"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\"
WEBVIEW        6 Jul 2009              "WebView"

"C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Web Folders\1046\WebView\"
IMAGES         6 Jul 2009              "Images"

4 items found:  0 files, 4 directories.

--------------------------------------------------------------------------
           Items in the Windows Directory: 
--------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\ within the last 90 days.  

"C:\WINDOWS\"
$HF_MIG$      20 Aug 2009              "$hf_mig$"
$N18DC~1      20 Aug 2009              "$NtUninstallKB932823-v3$"
$N4AE6~1       2 Oct 2009              "$NtUninstallKB898461$"
$N4CEE~1       1 Oct 2009              "$NtUninstallKB914882$"
$N4EC9~1      30 Jul 2009              "$NtUninstallWIC$"
$N68C8~1       1 Oct 2009              "$NtUninstallKB923845$"
$N6CC0~1       6 Jul 2009              "$NtUninstallKB926239$"
$N89D7~1       6 Jul 2009              "$NtUninstallMSCompPackV1$"
$NTUNI~1       6 Jul 2009              "$NtUninstallKB888111WXPSP2$"
$NTUNI~2       6 Jul 2009              "$NtUninstallWudf01000$"
$NTUNI~3       6 Jul 2009              "$NtUninstallWMFDist11$"
$NTUNI~4       6 Jul 2009              "$NtUninstallwmp11$"
0.log          4 Oct 2009           0  "0.log"
ADDINS         6 Jul 2009              "addins"
APPPATCH       6 Jul 2009              "AppPatch"
ascd_tmp.ini   6 Jul 2009       13327  "Ascd_tmp.ini"
ASSEMBLY      30 Jul 2009              "assembly"
ASUSIN~1       6 Jul 2009              "ASUSInstAll"
as_debug.txt   6 Jul 2009           0  "AS_Debug.txt"
bitsse~1.log   6 Jul 2009        1880  "bitssetup.log"
bootstat.dat   4 Oct 2009        2048  "bootstat.dat"
cmsetacl.log   6 Jul 2009         200  "cmsetacl.log"
comsetup.log   2 Oct 2009       40389  "comsetup.log"
CONFIG         6 Jul 2009              "Config"
CONNEC~1       6 Jul 2009              "Connection Wizard"
control.ini    6 Jul 2009           0  "control.ini"
CSC            6 Jul 2009              "CSC"
CURSORS        6 Jul 2009              "Cursors"
DEBUG          6 Jul 2009              "Debug"
directx.log    6 Jul 2009       32896  "Directx.log"
DOWNLO~1       6 Jul 2009              "Downloaded Program Files"
DRIVER~1       6 Jul 2009              "Driver Cache"
dtcins~1.log   6 Jul 2009         133  "DtcInstall.log"
entpack.ini   17 Sep 2009          34  "entpack.ini"
ERDNT          3 Oct 2009              "ERDNT"
FONTS          6 Jul 2009              "Fonts"
HELP           6 Jul 2009              "Help"
IE8           20 Aug 2009              "ie8"
ie8.log       20 Aug 2009       56162  "ie8.log"
ie8_main.log  20 Aug 2009       95329  "ie8_main.log"
IME            6 Jul 2009              "ime"
INF            6 Jul 2009              "inf"
INSTAL~1       6 Jul 2009              "Installer"
JAVA           6 Jul 2009              "java"
kb888111.log   6 Jul 2009        4936  "KB888111.log"
kb898461.log   2 Oct 2009        7722  "KB898461.log"
kb926239.log   6 Jul 2009        9921  "KB926239.log"
kb9328~1.log  20 Aug 2009        8365  "KB932823-v3.log"
kb950974.log   3 Oct 2009        9541  "KB950974.log"
kb951748.log   3 Oct 2009        8731  "KB951748.log"
kb952004.log   3 Oct 2009        9001  "KB952004.log"
kb952954.log   3 Oct 2009        9995  "KB952954.log"
kb956802.log   3 Oct 2009        8165  "KB956802.log"
kb959426.log   3 Oct 2009        9917  "KB959426.log"
kb960225.log   3 Oct 2009        9265  "KB960225.log"
kb960803.log   3 Oct 2009        8624  "KB960803.log"
kb960859.log   3 Oct 2009        9814  "KB960859.log"
kb9613~1.log   3 Oct 2009        9764  "KB961371-v2.log"
kb961501.log   3 Oct 2009        9178  "KB961501.log"
kb961503.log   3 Oct 2009        9720  "KB961503.log"
kb967715.log   3 Oct 2009        8822  "KB967715.log"
kb968389.log   3 Oct 2009        8446  "KB968389.log"
kb968537.log   3 Oct 2009        8600  "KB968537.log"
kb970238.log   3 Oct 2009       11942  "KB970238.log"
kb971032.log   3 Oct 2009        7777  "KB971032.log"
kb971557.log   3 Oct 2009        9351  "KB971557.log"
kb971633.log   3 Oct 2009        9088  "KB971633.log"
kb971657.log   3 Oct 2009        9446  "KB971657.log"
kb973507.log   3 Oct 2009        8891  "KB973507.log"
kb973815.log   3 Oct 2009        8523  "KB973815.log"
LOGS          18 Jul 2009              "Logs"
MEDIA          6 Jul 2009              "Media"
MICROS~1.NET  30 Jul 2009              "Microsoft.NET"
MSAGENT        6 Jul 2009              "Msagent"
MSAPPS         6 Jul 2009              "msapps"
mscomp~1.log   6 Jul 2009        7399  "MSCompPackV1.log"
msmqinst.log   2 Oct 2009       33722  "msmqinst.log"
MUI            6 Jul 2009              "mui"
netfxocm.log   2 Oct 2009       15157  "netfxocm.log"
nsreg.dat      6 Jul 2009           0  "nsreg.dat"
ntdtcs~1.log   2 Oct 2009       22877  "ntdtcsetup.log"
NVIEW          6 Jul 2009              "nview"
ocgen.log      2 Oct 2009       27526  "ocgen.log"
odbc.ini       6 Jul 2009         421  "ODBC.INI"
odbcinst.ini   6 Jul 2009        4205  "ODBCINST.INI"
oewablog.txt   6 Jul 2009         841  "OEWABLog.txt"
OFFLIN~1       6 Jul 2009              "Offline Web Pages"
PCHEALTH       6 Jul 2009              "pchealth"
pdf2word.ini   5 Sep 2009         358  "pdf2word.INI"
PEERNET        6 Jul 2009              "PeerNet"
pev.exe       14 Sep 2009      229888  "PEV.exe"
PIF           16 Sep 2009              "PIF"
PREFETCH       6 Jul 2009              "Prefetch"
PROVIS~1       6 Jul 2009              "Provisioning"
REGIST~1       6 Jul 2009              "Registration"
regopt.log     6 Jul 2009        1182  "regopt.log"
REPAIR         6 Jul 2009              "repair"
RESOUR~1       6 Jul 2009              "Resources"
schedlgu.txt   3 Oct 2009       32514  "SchedLgU.Txt"
SECURITY       6 Jul 2009              "security"
sessmg~1.log   6 Jul 2009        1022  "sessmgr.setup.log"
setupact.log   2 Oct 2009       96141  "setupact.log"
setupapi.log   4 Oct 2009      505120  "setupapi.log"
setuperr.log   6 Jul 2009           0  "setuperr.log"
setuplog.txt   6 Jul 2009      542893  "setuplog.txt"
SHELLNEW       6 Jul 2009              "ShellNew"
sminst~1.log   6 Jul 2009       10436  "SMinstall.log"
SOFTWA~1       6 Jul 2009              "SoftwareDistribution"
spupdsvc.log  20 Aug 2009        8473  "spupdsvc.log"
SRCHASST       3 Oct 2009              "srchasst"
sti_tr~1.log   6 Jul 2009           0  "Sti_Trace.log"
SUN            4 Aug 2009              "Sun"
svcpack.log    3 Oct 2009       48448  "svcpack.log"
SYSTEM         6 Jul 2009              "system"
system.ini     3 Oct 2009         227  "system.ini"
SYSTEM32       6 Jul 2009              "system32"
TASKS          6 Jul 2009              "Tasks"
TEMP           6 Jul 2009              "Temp"
tsoc.log       2 Oct 2009       39386  "tsoc.log"
TWAIN_32       6 Jul 2009              "twain_32"
updspapi.log   1 Oct 2009       17986  "updspapi.log"
vb.ini         6 Jul 2009          36  "vb.ini"
vbaddin.ini    6 Jul 2009          37  "vbaddin.ini"
war3unin.dat   6 Jul 2009       86157  "War3Unin.dat"
war3unin.exe   6 Jul 2009      139264  "War3Unin.exe"
war3unin.pif   6 Jul 2009        2829  "War3Unin.pif"
WBEM          20 Aug 2009              "WBEM"
WEB            6 Jul 2009              "Web"
wiadebug.log   3 Oct 2009         216  "wiadebug.log"
wiaservc.log   3 Oct 2009          49  "wiaservc.log"
win.ini        6 Jul 2009         603  "win.ini"
window~1.log   4 Oct 2009     1742237  "WindowsUpdate.log"
window~1.man   6 Jul 2009         749  "WindowsShell.Manifest"
WINSXS         6 Jul 2009              "WinSxS"
wmfdis~1.log   6 Jul 2009       30201  "WMFDist11.log"
wmp11.log      6 Jul 2009       22035  "wmp11.log"
wmsetup.log    3 Oct 2009       56333  "wmsetup.log"
wmsetu~1.log   6 Jul 2009        2096  "wmsetup10.log"
wmsyspr9.prx   6 Jul 2009      316640  "WMSysPr9.prx"
wudf01~1.log   6 Jul 2009        8381  "Wudf01000Inst.log"

140 items found:  80 files (2 H/S), 60 directories (21 H/S).
  Total of file sizes:  4.530.028 bytes      4,32 M

    --------------------------------------------------------------------------
           C:\WINDOWS\Downloaded Program Files: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.  

"C:\WINDOWS\Downloaded Program Files\"
desktop.ini    6 Jul 2009          65  "desktop.ini"
wlscbase.dll   9 Sep 2009      452488  "wlscBase.dll"
wlscbase.inf   9 Sep 2009         321  "wlscBase.inf"

3 items found:  3 files (1 H/S), 0 directories.
  Total of file sizes:  452.874 bytes    442,26 K

    --------------------------------------------------------------------------
           C:\WINDOWS\PCHealth\HelpCtr\Binaries: 
    --------------------------------------------------------------------------

   Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries 

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll   28 Oct 2001       21504  "brpinfo.dll"
hcappres.dll  28 Oct 2001        7168  "HCAppRes.dll"
helpctr.exe    3 Aug 2004      768512  "HelpCtr.exe"
helphost.exe  28 Oct 2001       99840  "HelpHost.exe"
helpsvc.exe    3 Aug 2004      743936  "HelpSvc.exe"
hscsp_w3.cab  17 Jul 2004      324700  "hscsp_w3.cab"
hscupd.exe     3 Aug 2004       18944  "HscUpd.exe"
msconfig.exe   3 Aug 2004      159744  "msconfig.exe"
msinfo.dll     3 Aug 2004      380928  "msinfo.dll"
notiflag.exe  28 Oct 2001       35328  "notiflag.exe"
pchdt_w3.cab   3 Aug 2004     2768982  "pchdt_w3.cab"
pchshell.dll   3 Aug 2004      102400  "pchshell.dll"
pchsvc.dll     3 Aug 2004       38912  "pchsvc.dll"

13 items found:  13 files, 0 directories.
  Total of file sizes:  5.470.898 bytes      5,21 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system within the last 90 days.  

"C:\WINDOWS\system\"
tapi.tlb      25 Sep 2009           1  "tapi.tlb"

1 item found:  1 file, 0 directories.
  Total of file sizes:  1 byte       0,00 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32 within the last 90 days.  

"C:\WINDOWS\system32\"
$winnt$.inf    6 Jul 2009         987  "$winnt$.inf"
1025           6 Jul 2009              "1025"
1028           6 Jul 2009              "1028"
1031           6 Jul 2009              "1031"
1033           6 Jul 2009              "1033"
1037           6 Jul 2009              "1037"
1041           6 Jul 2009              "1041"
1042           6 Jul 2009              "1042"
1046           6 Jul 2009              "1046"
1054           6 Jul 2009              "1054"
2052           6 Jul 2009              "2052"
3076           6 Jul 2009              "3076"
3COM_DMI       6 Jul 2009              "3com_dmi"
ADOBE         10 Aug 2009              "Adobe"
amcompat.tlb   6 Jul 2009       16832  "amcompat.tlb"
APPMGMT        5 Sep 2009              "appmgmt"
BITS           1 Oct 2009              "bits"
CATROOT        6 Jul 2009              "CatRoot"
CATROOT2       6 Jul 2009              "CatRoot2"
CATROO~1       2 Oct 2009              "CatRoot_bak"
cdplay~1.man   6 Jul 2009         749  "cdplayer.exe.manifest"
cf12367.exe    3 Oct 2009      400384  "CF12367.exe"
COM            6 Jul 2009              "Com"
CONFIG         6 Jul 2009              "config"
config.nt      6 Jul 2009        2969  "CONFIG.NT"
deploytk.dll  31 Jul 2009      411368  "deploytk.dll"
detoured.dll  10 Sep 2009        4096  "detoured.dll"
DHCP           6 Jul 2009              "dhcp"
DIRECTX        6 Jul 2009              "DirectX"
divx.dll      13 Jul 2009      685056  "divx.dll"
DLLCACHE       6 Jul 2009              "dllcache"
dpl100.dll    13 Jul 2009       90112  "dpl100.dll"
DRIVERS        6 Jul 2009              "drivers"
DRVSTORE       1 Oct 2009              "DRVSTORE"
emptyr~1.dat   6 Jul 2009       21844  "emptyregdb.dat"
EN-US         30 Jul 2009              "en-us"
EXPORT         6 Jul 2009              "export"
ezsidmv.dat   17 Aug 2009          56  "ezsidmv.dat"
fntcache.dat   2 Oct 2009      112584  "FNTCACHE.DAT"
gamemon.des   15 Sep 2009     3363184  "GameMon.des"
GROUPP~1       1 Oct 2009              "GroupPolicy"
h323log.txt    6 Jul 2009           0  "h323log.txt"
IAS            6 Jul 2009              "ias"
ICSXML         6 Jul 2009              "icsxml"
IME            3 Oct 2009              "ime"
INETSRV        3 Oct 2009              "inetsrv"
java.exe      31 Jul 2009      145184  "java.exe"
javacpl.cpl   31 Jul 2009       73728  "javacpl.cpl"
javaw.exe     31 Jul 2009      145184  "javaw.exe"
javaws.exe    31 Jul 2009      149280  "javaws.exe"
jupdat~1.log   2 Oct 2009        3973  "jupdate-1.6.0_16-b01.log"
lhacm.acm     28 Jul 2009       34064  "lhacm.acm"
LOGFILES       6 Jul 2009              "LogFiles"
logonu~1.man   6 Jul 2009         488  "logonui.exe.manifest"
MACROMED       6 Jul 2009              "Macromed"
MICROS~1       6 Jul 2009              "Microsoft"
mrt.exe       28 Aug 2009    24689600  "MRT.exe"
MSDTC          6 Jul 2009              "MsDtc"
MUI            6 Jul 2009              "mui"
ncpacp~1.man   6 Jul 2009         749  "ncpa.cpl.manifest"
NPP            6 Jul 2009              "npp"
nscompat.tlb   6 Jul 2009       23392  "nscompat.tlb"
nvapps.xml     4 Oct 2009       63804  "nvapps.xml"
nwccpl~1.man   6 Jul 2009         749  "nwc.cpl.manifest"
OOBE           3 Oct 2009              "oobe"
paint.exe     12 Sep 2009       94209  "Paint.exe"
perfc009.dat  30 Jul 2009       65106  "perfc009.dat"
perfc016.dat  30 Jul 2009       73440  "perfc016.dat"
perfh009.dat  30 Jul 2009      425082  "perfh009.dat"
perfh016.dat  30 Jul 2009      457508  "perfh016.dat"
perfst~1.ini  30 Jul 2009     1028686  "PerfStringBackup.INI"
PREINS~1       2 Oct 2009              "PreInstall"
PT-BR         20 Aug 2009              "pt-BR"
RAS            6 Jul 2009              "ras"
REINST~1       6 Jul 2009              "ReinstallBackups"
RESTORE        6 Jul 2009              "Restore"
sapicp~1.man   6 Jul 2009         749  "sapi.cpl.manifest"
SETUP          6 Jul 2009              "Setup"
SHELLEXT       6 Jul 2009              "ShellExt"
SOFTWA~1       1 Oct 2009              "SoftwareDistribution"
SPOOL          6 Jul 2009              "spool"
USMT           6 Jul 2009              "usmt"
WBEM           6 Jul 2009              "wbem"
window~1.man   6 Jul 2009         488  "WindowsLogon.manifest"
WINS           6 Jul 2009              "wins"
wpa.dbl       30 Sep 2009        2206  "wpa.dbl"
wuaucp~1.man   6 Jul 2009         749  "wuaucpl.cpl.manifest"
x264vfw.dll   29 Jul 2009     2378752  "x264vfw.dll"
XIRCOM         3 Oct 2009              "xircom"
XPSVIE~1      30 Jul 2009              "XPSViewer"

90 items found:  37 files (8 H/S), 53 directories (2 H/S).
  Total of file sizes:  34.967.391 bytes     33,34 M

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\com: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\com within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\components: 
    --------------------------------------------------------------------------
   Locating all files created in C:\WINDOWS\system32\components within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers: 
    --------------------------------------------------------------------------

    Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.  

"C:\WINDOWS\system32\drivers\"
DISDN          6 Jul 2009              "disdn"
ETC            6 Jul 2009              "etc"
gbpkm.sys     17 Sep 2009       30344  "gbpkm.sys"
procex~1.sys   3 Oct 2009        6736  "PROCEXP90.SYS"
sptd.sys      16 Sep 2009      721904  "sptd.sys"
UMDF           6 Jul 2009              "UMDF"

6 items found:  3 files, 3 directories.
  Total of file sizes:  758.984 bytes    741,20 K

    --------------------------------------------------------------------------
           C:\WINDOWS\system32\drivers\etc: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.  

No matches found.

    --------------------------------------------------------------------------
           C:\WINDOWS\TEMP: 
    --------------------------------------------------------------------------

   Locating all files created in C:\WINDOWS\TEMP within the last 90 days.  

"C:\WINDOWS\Temp\"
gdql_o~1.log   4 Oct 2009         270  "gdql_oc_OcHealthMon.log"
peacd4~1.dat   4 Oct 2009       16384  "Perflib_Perfdata_150.dat"
pec0d4~1.dat   4 Oct 2009       16384  "Perflib_Perfdata_924.dat"
qdiago~1.log   4 Oct 2009         270  "qdiagoc_OcHealthMon.log"

4 items found:  4 files, 0 directories.
  Total of file sizes:  33.308 bytes     32,53 K

************************************************************************************  

Checking for .COM files to Delete. They will only print if deleted! 

   Locating .COM files in the C:\WINDOWS\System32 folder 

"C:\WINDOWS\system32\"
chcp.com      28 Oct 2001        7680  "chcp.com"
command.com   28 Oct 2001       52472  "command.com"
diskcomp.com  28 Oct 2001        9216  "diskcomp.com"
diskcopy.com  28 Oct 2001        7168  "diskcopy.com"
edit.com      28 Oct 2001       70750  "edit.com"
format.com    28 Oct 2001       25600  "format.com"
graftabl.com  28 Oct 2001       26112  "graftabl.com"
graphics.com  28 Oct 2001       19918  "graphics.com"
kb16.com      28 Oct 2001       14950  "kb16.com"
loadfix.com   28 Oct 2001        1153  "loadfix.com"
locate.com    14 Jan 2005       11254  "locate.com"
mode.com      28 Oct 2001       19456  "mode.com"
more.com      28 Oct 2001       15872  "more.com"
tree.com      28 Oct 2001       11264  "tree.com"
win.com       28 Oct 2001       18432  "win.com"

15 items found:  15 files, 0 directories.
  Total of file sizes:  311.297 bytes    304,00 K

************************************************************************************  

Miscellaneous Malware Detections: 
------------------------------------------------------------------------------------  


   **** Delfin Media  {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****  

   **** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****  

   **** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****   

   **** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****  

   **** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****  

   **** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****  

   **** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****  

   **** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****  

   **** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****  

   **** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****  

   **** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****  

   **** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****  

   **** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****  

   **** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****  

   **** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****  

   **** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****  

   **** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****  

   **** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****  

   **** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****  

   **** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****  

   **** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****  

   **** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****  

   **** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****  

   **** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****  

   **** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****  

   **** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****  

   **** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****  

   **** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****  

   **** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****  

   **** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****  

   **** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****  

   **** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****  

   **** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****  

   **** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****  

   **** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****  

   **** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****  

   **** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****  

   **** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****  

   **** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****  

   **** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****  

   **** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****  

   **** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****  

   **** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****  

   **** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****  

   **** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****  

   **** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****  

   **** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****  

   **** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****  

   **** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****  

   **** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****  

   **** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****  

   **** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****  

   **** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****  

   **** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****  

   **** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****  

   **** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****  

   **** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****  

   **** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****  

   **** Troj/Crafted-A  {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****  

   **** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****  

   **** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****  

   **** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****  

   **** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****  

   **** W32/Almanahe.a Worm NOT FOUND by this tool! **** 

   **** msctl32.dll SpamBot NOT FOUND by this tool! **** 

   **** KeyLogger NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR BOT-TYPE WORMS: 
--------------------------------------------------------------------------

   **** W32/Sdbot Worm NOT FOUND by this tool! ****  

--------------------------------------------------------------------------
       CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS: 
--------------------------------------------------------------------------

   **** i386p.* Stealthing Agent NOT FOUND by this tool! **** 

   **** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! **** 

   **** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! **** 

   **** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! **** 

   **** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! **** 

--------------------------------------------------------------------------
       CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS: 
--------------------------------------------------------------------------

   **** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****  

   **** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****  

   **** CmdService adware NOT FOUND by this tool! ****  

   **** Network_Monitor adware NOT FOUND by this tool! ****  

   **** Trojan.Peacomm NOT FOUND by this tool! ****  

   **** Trojan.Peacomm windev NOT FOUND by this tool! ****  

   **** AVPE Haxdoor NOT FOUND by this tool! ****  

   **** MEMLOW Haxdoor NOT FOUND by this tool! ****  

   **** VDMT Haxdoor NOT FOUND by this tool! ****  

   **** YCSVGA Haxdoor NOT FOUND by this tool! ****  

   **** PPTP Haxdoor FOUND by this tool! **** 
        CAREFULL HERE THIS WILL ALSO FIND WinLanMiniport 
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)
  DisplayName	REG_SZ         	Miniporta de rede remota (PPTP)
  Description	REG_SZ         	Miniporta de rede remota (PPTP)

   **** DVB Haxdoor  NOT FOUND by this tool! ****  

   **** YVBB Haxdoor NOT FOUND by this tool! ****  

   **** YVPP Haxdoor NOT FOUND by this tool! ****  

   **** NKGFS Haxdoor NOT FOUND by this tool! ****  

   **** XMSK Haxdoor NOT FOUND by this tool! ****  

   **** AVPX Haxdoor NOT FOUND by this tool! ****  

   **** MMXF Haxdoor NOT FOUND by this tool! ****  

   **** DP1112 Vundo Rootkit NOT FOUND by this tool! ****  

   **** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****  

   **** I386P Rootkit Driver NOT FOUND by this tool! ****  

   **** ERSSDD Rootkit NOT FOUND by this tool! ****  

   **** GencTurK RootKit NOT FOUND by this tool! ****  

   **** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****  

   **** W32/Almanahe.sys NOT FOUND by this tool! ****  

************************************************************************************  

Dumping HKLM Uninstall Programs list 

  DisplayName	REG_SZ         	a-squared Free 4.5
  DisplayName	REG_SZ         	Adobe Flash Player 10 ActiveX
  DisplayName	REG_SZ         	Adobe Flash Player 10 Plugin
  DisplayName	REG_SZ         	Adobe Reader 9.1.2 - Português
  DisplayName	REG_SZ         	Adobe Shockwave Player 11.5
  DisplayName	REG_SZ         	Arquivo do WinRAR
  DisplayName	REG_SZ         	Assistente de Conexão do Windows Live
  DisplayName	REG_SZ         	Atualização para Windows XP (KB898461)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB914882)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB923845)
  DisplayName	REG_SZ         	Atualização para Windows XP (KB932823-v3)
  DisplayName	REG_SZ         	Choice Guard
  DisplayName	REG_SZ         	CircuitMaker 2000 (Professional Edition)
  DisplayName	REG_SZ         	Counter-Strike
  DisplayName	REG_SZ         	Counter-Strike CP
  DisplayName	REG_SZ         	ExplorerXP (remove only)
  DisplayName	REG_SZ         	Ferramenta de Carregamento do Windows Live
  DisplayName	REG_SZ         	Fraps (remove only)
  DisplayName	REG_SZ         	Free Mp3 Wma Converter V 1.81
  DisplayName	REG_SZ         	Free YouTube to Mp3 Converter version 3.1
  DisplayName	REG_SZ         	Garena
  DisplayName	REG_SZ         	GTOneCare
  DisplayName	REG_SZ         	Heroes of Newerth
  DisplayName	REG_SZ         	High Definition Audio Driver Package - KB888111
  DisplayName	REG_SZ         	Hotfix for Windows XP (KB926239)
  DisplayName	REG_SZ         	Java(TM) 6 Update 16
  DisplayName	REG_SZ         	K-Lite Mega Codec Pack 5.1.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 2.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft .NET Framework 3.0
  DisplayName	REG_SZ         	Microsoft Application Error Reporting
  DisplayName	REG_SZ         	Microsoft Compression Client Pack 1.0 for Windows XP
  DisplayName	REG_SZ         	Microsoft Office XP Professional com FrontPage
  DisplayName	REG_SZ         	Microsoft Protection Service
  DisplayName	REG_SZ         	Microsoft User-Mode Driver Framework Feature Pack 1.0
  DisplayName	REG_SZ         	Microsoft Visual C++ 2005 Redistributable
  DisplayName	REG_SZ         	Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
  DisplayName	REG_SZ         	Microsoft Windows Live OneCare Resources v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live AntiSpyware and AntiVirus
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28
  DisplayName	REG_SZ         	Microsoft Windows OneCare Live v2.5.2900.28 Idcrl Install
  DisplayName	REG_SZ         	Mozilla Firefox (3.5.3)
  DisplayName	REG_SZ         	MSVCRT
  DisplayName	REG_SZ         	MSXML 6.0 Parser (KB925673)
  DisplayName	REG_SZ         	NCsoft Launcher
  DisplayName	REG_SZ         	NotePad++ 3.6
  DisplayName	REG_SZ         	NVIDIA Drivers
  DisplayName	REG_SZ         	Pando Media Booster
  DisplayName	REG_SZ         	PokerStars
  DisplayName	REG_SZ         	PX Engine
  DisplayName	REG_SZ         	Real Alternative 1.9.0
  DisplayName	REG_SZ         	Segoe UI
  DisplayName	REG_SZ         	Skype web features
  DisplayName	REG_SZ         	Skype™ 4.1
  DisplayName	REG_SZ         	Sony Vegas Pro 8.0
  DisplayName	REG_SZ         	SoundMAX
  DisplayName	REG_SZ         	Steam
  DisplayName	REG_SZ         	sXe Injected
  DisplayName	REG_SZ         	System Requirements Lab
  DisplayName	REG_SZ         	TeamSpeak 2 RC2
  DisplayName	REG_SZ         	Truco LigasOnline 1.1
  DisplayName	REG_SZ         	Uninstall 1.0.0.1
  DisplayName	REG_SZ         	VDownloader  0.83
  DisplayName	REG_SZ         	VeryPDF PDF2Word v3.0
  DisplayName	REG_SZ         	VobSub v2.23 (Remove Only)
  DisplayName	REG_SZ         	Warkeys 1.14.1.0b
  DisplayName	REG_SZ         	WebFldrs XP
  DisplayName	REG_SZ         	Windows Communication Foundation
  DisplayName	REG_SZ         	Windows Imaging Component
  DisplayName	REG_SZ         	Windows Internet Explorer 8
  DisplayName	REG_SZ         	Windows Live Call
  DisplayName	REG_SZ         	Windows Live Communications Platform
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Essentials
  DisplayName	REG_SZ         	Windows Live Messenger
  DisplayName	REG_SZ         	Windows Live OneCare
  DisplayName	REG_SZ         	Windows Live OneCare safety scanner
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Format 11 runtime
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Media Player 11
  DisplayName	REG_SZ         	Windows Presentation Foundation
  DisplayName	REG_SZ         	Windows Workflow Foundation
  DisplayName	REG_SZ         	XML Paper Specification Shared Components Pack 1.0
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Atualizações de Software
  ParentDisplayName	REG_SZ         	Windows XP - Software Updates


#####################################################################################################


  -- All DONE! 

  ~ ShadowPuterDude ~

Share this post


Link to post
Share on other sites

Your logs look fine.

Unless you are having problems from Malware it is time to do the final steps.

If you used ComboFix, uninstall ComboFix:

  • Click START then RUN and enter the below into the run box and then click OK. (Use only the command of the same name as your copy of combofix.)
  • AvoidTDSS /u or combofix /u
    Note: The space before /u, must be there.
    This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  • Delete the C:\AvoidTDSS or C:\ComboFix folder from combofix.
    Delete everything in C:\!KillBox

Delete the following from your Desktop (If they exist)

Avenger.exe

Avenger.txt

Avenger.zip

DisableAutoRuns.reg

FixMe.reg

FixReg.reg

ISeeYouXP.exe

ISeeYouXP.lnk

ISeeYouXP.txt

Anything else I had you use

Delete the following: (If they exist)

C:\Avenger.txt

C:\Avenger

C:\ComboFix.txt

C:\ComboFix

C:\SDFix

C:\Qoobox

You can delete and uninstall any programs I had you download, that you do not wish to keep on the system.

Empty the Recycle Bin

Run ATF Cleaner

In the ISeeYouXP folder double-click HideIT.bat.

Turn off System restore to flush all your restore points then turn system restore back on.

To manually turn off System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

4 Click Yes when you receive the prompt to the turn off System Restore.

To turn on System Restore, follow these steps:

1. Click Start, right-click My Computer, and then click Properties.

2. Click the System Restore tab.

3. Click to clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.

Delete C:\ISeeYouXP

Run Windows Update and update your Windows Operating System.

Run the Secunia Online Software Inspector, this will inspect your system for software that is out-of-date and in need of updating. Update anything program/application detected as being out-dated.

That should take care of everything.

Safe Surfing!

Share this post


Link to post
Share on other sites

Thread Closed

Reason: Resolved

The procedures contained in this thread are for this user and this user only. Attempting to use the instructions in this thread on your system could result in damaging the Operating System beyond repair. Do Not use any of the tools mentioned in this thread without the supervision of a Malware Removal Specialist.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.