MozartSilva

Members

View Profile See their activity

Posts
3
Joined
May 15, 2012
Last visited
May 16, 2012

Tech Info

Experience
some_experience
System: windows_7_home_premium

MozartSilva's Achievements

Newbie (1/14)

Reputation

Malware transforms folders into .exe files (USB drive)

MozartSilva replied to MozartSilva's topic in Tech Support & Discussions Forum

OTL2 The last part.
- May 16, 2012
- 6 replies
Malware transforms folders into .exe files (USB drive)

MozartSilva replied to MozartSilva's topic in Tech Support & Discussions Forum

OTL1 Hello. I haven't been able to reply to this thread sooner since I had to deal with some work-related problems. Anyway, the first part of the file is down here. OTL logfile created on: 16/05/2012 18:24:53 - Run 2OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Antonio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,95 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,34% Memory free 7,90 Gb Paging File | 6,10 Gb Available in Paging File | 77,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,41 Gb Total Space | 321,19 Gb Free Space | 70,53% Space Free | Partition Type: NTFS Drive G: | 29,83 Gb Total Space | 14,40 Gb Free Space | 48,27% Space Free | Partition Type: FAT32 Computer Name: ANTONIO-VAIO | User Name: Antonio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/14 21:05:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Downloads\OTL.exe PRC - [2012/04/19 19:18:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011/08/25 21:51:05 | 005,892,464 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe PRC - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/07/01 15:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2011/07/01 15:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe PRC - [2011/05/24 21:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2011/05/24 20:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/28 04:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011/02/24 16:03:34 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011/02/15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011/02/14 03:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/14 03:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Arquivos de Programas\Sony\VAIO Care\listener.exe PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/25 19:07:22 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2009/04/27 15:21:26 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009/04/27 15:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe ========== Modules (No Company Name) ========== MOD - [2012/05/09 19:46:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/05/09 19:46:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/05/09 16:47:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 16:46:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/09 16:46:51 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/09 16:46:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/09 16:46:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/09 16:46:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/09 16:46:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/09 16:46:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/27 23:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll MOD - [2012/04/27 23:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/27 23:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/27 23:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/27 23:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/01 15:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2011/07/01 15:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011/05/11 18:33:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/12 20:35:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel® SRV - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011/09/14 21:17:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/07/01 15:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2011/07/01 15:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011/05/24 21:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2011/05/24 20:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/03/28 04:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011/02/28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011/02/24 16:03:34 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011/02/24 16:02:14 | 000,073,376 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011/02/21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011/02/21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011/02/18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011/02/18 22:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011/02/18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2011/02/14 03:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/02/14 03:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/03/25 19:07:22 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/07/21 12:15:16 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/21 12:15:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/05/24 20:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/03/28 04:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/03/28 01:12:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel® DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/09 00:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/24 16:02:40 | 000,286,880 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/02/24 16:02:38 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/02/24 16:02:38 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/02/24 16:02:38 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/02/24 16:02:38 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/02/24 16:02:38 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/02/24 16:02:36 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/02/24 16:02:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011/02/21 14:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/02/16 23:26:28 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/02/14 03:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2011/02/11 05:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 00:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/04/26 17:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.com.br/vaio [binary data] IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=15383 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101437&mntrId=24d9aa6400000000000000ffb8a6b030 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{8A4DAC06-F4AB-4F95-836E-4B60E14A764E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYBR&apn_uid=c18b2e83-8b9b-463f-8d74-4eaaa663cec2&apn_sauid=F670F56F-624F-4AA1-AD1A-5D72E73CDE70 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/19 19:19:04 | 000,000,000 | ---D | M] [2011/12/28 06:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions [2011/12/27 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Superinteressante = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk\1.2.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2012/05/15 19:09:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Arquivos de Programas\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9256DCD0-06A8-4EB9-B5B1-AFD7D8E37D6F}: DhcpNameServer = 186.223.128.17 186.223.128.14 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\AUTORUN_.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/16 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\PENDRIVE [2012/05/15 21:11:43 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Antonio\Desktop\unhide.exe [2012/05/15 20:59:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/15 19:09:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/15 18:49:51 | 004,494,423 | R--- | C] (Swearware) -- C:\Users\Antonio\Desktop\ComboFix.exe [2012/05/15 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012/05/15 16:29:01 | 000,000,000 | ---D | C] -- C:\rsit [2012/05/15 12:43:54 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E40827B9-18C4-4F2D-BC52-F963061561FB} [2012/05/15 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D6F8C87D-EAD8-48CF-BE39-70655348D517} [2012/05/15 02:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012/05/15 02:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012/05/14 21:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/05/14 21:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/05/14 20:48:44 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{28701017-91D0-4EB2-89A8-CC1FCFEF78F3} [2012/05/14 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{9136947D-9A0C-44FC-BC7B-244448DE2F25} [2012/05/14 15:27:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{44F38F24-38DC-4B5A-ADDF-7CCB9CBD5C82} [2012/05/14 08:20:54 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{304BEEDA-7062-4D98-8351-75B31089AD98} [2012/05/13 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{5CF98D94-F63D-48AA-A719-8E9B57D77DBE} [2012/05/13 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E7D0BD75-FEAF-481D-ACD0-214A9346FA4A} [2012/05/13 10:26:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/13 10:26:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/13 10:26:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/13 10:26:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/13 10:25:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/13 08:31:48 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Malwarebytes [2012/05/13 08:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/13 08:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/05/13 08:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/05/13 08:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/05/13 08:19:22 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Antonio\Desktop\USBVaccineSetup.exe [2012/05/13 06:36:36 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\DIN GRUPO [2012/05/12 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E4276413-6BA8-42E3-B5AF-50D8A56360D2} [2012/05/12 23:55:45 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{4B7C5895-2862-4782-B126-52AA16672C11} [2012/05/12 11:55:07 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{30D612D7-4C7D-41A0-9056-0751BFDC8367} [2012/05/12 11:54:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B14C9A42-CE07-4CD3-8FD1-F14405CCB1EE} [2012/05/11 17:33:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{9769959F-F1F5-4A22-A901-38BD84224419} [2012/05/11 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{1477FDB0-8FA0-47F1-BA1F-BE91E9FB1404} [2012/05/10 18:56:42 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{6652BC0D-E1B1-49CD-82D1-BFC417BA732A} [2012/05/10 18:42:23 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{86C2A662-AAEB-4F18-9B6E-73D2C682FBC3} [2012/05/10 06:26:40 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{ACCCF5EB-66D7-4320-B089-A8524368B63A} [2012/05/10 06:26:05 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{67126908-2EED-4160-A0EF-93194610BA1C} [2012/05/09 22:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/09 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/09 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/09 18:25:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{F2995939-64EF-4E50-8D0C-49624CF25152} [2012/05/09 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{779C3067-BECE-47E1-87D0-4E047AA52B9A} [2012/05/09 06:24:05 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{1CEF83C5-55E3-42BA-B581-12CE17B9F019} [2012/05/08 18:12:55 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/08 18:12:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/08 18:12:53 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/05/08 18:12:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/05/08 18:02:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B39508AE-80D6-4F1A-B484-E681B54F42F1} [2012/05/08 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{FB3A4FDA-14F0-408E-8EC2-9DC5BE5CB34D} [2012/05/08 00:49:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{4086DF08-44C7-4CFA-9C13-0FA05E436A1D} [2012/05/08 00:49:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{CD7E4EFA-180B-44B2-B4E7-8CCA5E50552B} [2012/05/07 12:48:24 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{04E8F49A-0FCB-446F-94CF-336D75E22F45} [2012/05/07 12:48:12 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{577F1C0D-95C2-4FE1-82D2-76BEF41F5DDE} [2012/05/04 18:28:29 | 000,000,000 | ---D | C] -- C:\temp [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 1200 Series [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 1200 Series [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 1200 Series [2012/05/04 18:15:02 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxczgf.dll [2012/05/04 18:14:52 | 000,446,464 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczjswr.dll [2012/05/04 18:14:52 | 000,177,664 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxczins.dll [2012/05/04 18:14:52 | 000,135,168 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczinsb.dll [2012/05/04 18:14:52 | 000,079,360 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczcu.dll [2012/05/04 18:14:52 | 000,078,848 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczcur.dll [2012/05/04 18:14:52 | 000,074,752 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxczinsr.dll [2012/05/04 18:14:52 | 000,062,464 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXCZcfg.dll [2012/05/04 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{6986DBC1-5CE8-4963-9327-78610B13B1AB} [2012/05/04 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{FB3FCBC2-9D70-4E13-9430-D251D62EB168} [2012/05/03 17:28:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{53C2AC9C-677A-40E6-8420-C14D464E4A5B} [2012/05/03 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{DFA4450D-9AB7-4CFF-8AAD-9BC8A80E6C49} [2012/05/03 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B0147C47-25E4-4960-BDFD-A748B9AB83D0} [2012/05/03 10:44:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{66CCA392-935C-42FC-880F-B1CF540C4E64} [2012/05/02 17:05:36 | 000,000,000 | ---D | C] -- C:\drivers [2012/05/02 16:55:56 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{95B5A04B-37B2-427D-8EA2-7773A2340D05} [2012/05/02 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{2BD9ADDD-2D4E-440F-9875-E87A7324889E} [2012/05/02 16:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86) (x86) [2012/05/02 16:51:06 | 000,445,440 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczjswr.dll [2012/05/02 16:51:06 | 000,177,664 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxczins.dll [2012/05/02 16:51:06 | 000,135,168 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczinsb.dll [2012/05/02 16:51:06 | 000,079,360 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczcu.dll [2012/05/02 16:51:06 | 000,077,824 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczcur.dll [2012/05/02 16:51:06 | 000,072,192 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxczinsr.dll [2012/05/02 16:51:06 | 000,062,464 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXCZcfg.dll [2012/05/02 16:36:40 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B3C02B13-5818-48F1-9D35-7FAE97E0CD02} [2012/05/02 16:36:27 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D1EFD28C-40E8-4C3E-904C-61A305AFD5A9} [2012/05/02 11:36:59 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{5D41B994-AA4F-423F-B424-81EC74830E0F} [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\ppt [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\docProps [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\_rels [2012/05/01 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D4C2BC82-EB6F-492B-8D83-13C31E828D0B} [2012/05/01 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{699A6707-7815-4F65-A31D-EEB4B5AF9FD1} [2012/05/01 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{DE3A1C91-A55B-416C-AB25-051621A99B81} [2012/05/01 16:50:32 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D1CBDFC7-08AC-4DF9-81EF-B5B0B838771B} [2012/05/01 13:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades [2012/05/01 13:24:40 | 000,000,000 | ---D | C] -- C:\Ace of Spades [2012/05/01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{F761F685-86B3-4D44-8E68-8D5F92A14C9D} [2012/05/01 01:19:34 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{3995A0E5-905C-46D8-A794-E71FBC64FCD2} [2012/05/01 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Meus arquivos recebidos [2012/05/01 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B8FE1BA1-ECDE-4121-B031-8C1925FC6FF8} [2012/05/01 00:05:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{384508B2-7BBA-412C-BC25-08D0F5C5F1DC} [2012/04/30 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{7C5BA712-5FCB-4948-B057-C6582E6BC995} [2012/04/30 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Tracing [2012/04/30 17:18:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\My Palettes [2012/04/30 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012/04/30 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Corel [2012/04/30 17:05:48 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Corel [2012/04/30 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Visual Studio 2008 [2012/04/30 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012/04/30 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2012/04/30 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2012/04/30 17:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2012/04/30 17:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012/04/30 17:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 [2012/04/30 16:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2012/04/30 16:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X5 [2012/04/27 12:45:31 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\PPS PODEROSOS [2012/04/26 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\.receitanet [2012/04/24 11:05:46 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\INSPIRACIONAL [2012/04/24 10:17:57 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SARAIVA [2012/04/23 06:13:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\DOWNLOAD [2012/04/21 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SAUDE MENTAL TRABALHO [2012/04/19 19:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/04/19 19:18:59 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012/04/19 19:18:48 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/04/19 19:18:48 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012/04/19 19:18:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012/04/19 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2012/04/19 19:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012/04/19 19:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012/04/19 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Real [2012/04/17 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\GESTÃO TEMPO_files
- May 16, 2012
- 6 replies
Malware transforms folders into .exe files (USB drive)

MozartSilva posted a topic in Tech Support & Discussions Forum

Good morning/afternoon/evening. After plugging my flash drive (a Kingston DT101 32GB) onto a colleague's computer, when I got home and plugged it onto my laptop (Windows 7, Home Premium SP1 64-bit) the folders started turning into .exe files. I deleted 3 of them, thinking it was a bug of some sort, but when all folders turned into files (it was progressive), I suspected there was a malware at action. After looking at some threads talking about the matter (most from 2 years ago), I downloaded Panda USB Vaccine, Flash Disinfector and Combofix. After using Panda with no errors, I started Flash Disinfector but it didn't work (later I discovered it only works on Windows XP). I started combofix but when it talked about 'attempting to create a windows recovery (thingy)' I quickly shut it down. No folders, at least that I know of, turned into .exe files on the laptop, so I assume it hasn't been infected. How can I recover the files in my flash drive, without Flash Disinfector? Can those folders whose .exe files I deleted be recovered? There are important files to me in them. Thank you for your attention. EDIT: The OLT.txt file is too big. What should I do? Extras.Txt
- May 15, 2012
- 6 replies

Sign In

MozartSilva

Posts

Joined

Last visited

Tech Info

MozartSilva's Achievements

Newbie (1/14)

Reputation

Malware transforms folders into .exe files (USB drive)

Malware transforms folders into .exe files (USB drive)

Malware transforms folders into .exe files (USB drive)

Browse

Activity

Site Info