MozartSilva Posted May 15, 2012 Posted May 15, 2012 (edited) Good morning/afternoon/evening. After plugging my flash drive (a Kingston DT101 32GB) onto a colleague's computer, when I got home and plugged it onto my laptop (Windows 7, Home Premium SP1 64-bit) the folders started turning into .exe files. I deleted 3 of them, thinking it was a bug of some sort, but when all folders turned into files (it was progressive), I suspected there was a malware at action. After looking at some threads talking about the matter (most from 2 years ago), I downloaded Panda USB Vaccine, Flash Disinfector and Combofix. After using Panda with no errors, I started Flash Disinfector but it didn't work (later I discovered it only works on Windows XP). I started combofix but when it talked about 'attempting to create a windows recovery (thingy)' I quickly shut it down. No folders, at least that I know of, turned into .exe files on the laptop, so I assume it hasn't been infected. How can I recover the files in my flash drive, without Flash Disinfector? Can those folders whose .exe files I deleted be recovered? There are important files to me in them. Thank you for your attention. EDIT: The OLT.txt file is too big. What should I do?Extras.Txt Edited May 15, 2012 by MozartSilva
KenB Posted May 15, 2012 Posted May 15, 2012 Hi, welcome to ExTS. EDIT: The OLT.txt file is too big. What should I do? If the OTL file is too big to fit on one post spread it over 2 or 3 posts. One of our Security experts should be along soon to advise you further. ( you need to ask your friend to register here and get their system checked over too :) ) There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
etavares Posted May 16, 2012 Posted May 16, 2012 It sounds like a worm. Please do post the log and spread the OTL log across multiple posts and I'll review it. ONe word of caution...the help I provide is for your specific log only. Don't assume it will work for your friend. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
MozartSilva Posted May 16, 2012 Author Posted May 16, 2012 (edited) OTL1 Hello. I haven't been able to reply to this thread sooner since I had to deal with some work-related problems. Anyway, the first part of the file is down here. OTL logfile created on: 16/05/2012 18:24:53 - Run 2OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Antonio\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy 3,95 Gb Total Physical Memory | 2,34 Gb Available Physical Memory | 59,34% Memory free 7,90 Gb Paging File | 6,10 Gb Available in Paging File | 77,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,41 Gb Total Space | 321,19 Gb Free Space | 70,53% Space Free | Partition Type: NTFS Drive G: | 29,83 Gb Total Space | 14,40 Gb Free Space | 48,27% Space Free | Partition Type: FAT32 Computer Name: ANTONIO-VAIO | User Name: Antonio | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/05/14 21:05:40 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Antonio\Downloads\OTL.exe PRC - [2012/04/19 19:18:45 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2011/08/25 21:51:05 | 005,892,464 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\BitTorrent\BitTorrent.exe PRC - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/07/01 15:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe PRC - [2011/07/01 15:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe PRC - [2011/05/24 21:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2011/05/24 20:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011/03/28 04:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2011/02/24 16:03:34 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe PRC - [2011/02/15 11:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2011/02/14 03:15:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2011/02/14 03:15:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Arquivos de Programas\Sony\VAIO Care\listener.exe PRC - [2010/11/27 00:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe PRC - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/25 19:07:22 | 000,046,080 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe PRC - [2009/04/27 15:21:26 | 000,074,408 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2009/04/27 15:19:38 | 000,058,024 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 1200 Series\lxczbmon.exe ========== Modules (No Company Name) ========== MOD - [2012/05/09 19:46:03 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll MOD - [2012/05/09 19:46:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012/05/09 16:47:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/09 16:46:56 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012/05/09 16:46:51 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012/05/09 16:46:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/09 16:46:35 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/09 16:46:32 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/09 16:46:31 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/09 16:46:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/04/27 23:07:01 | 000,444,400 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll MOD - [2012/04/27 23:06:59 | 003,915,248 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll MOD - [2012/04/27 23:05:34 | 000,122,880 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll MOD - [2012/04/27 23:05:33 | 000,220,672 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll MOD - [2012/04/27 23:05:32 | 001,747,456 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll MOD - [2012/04/27 22:09:18 | 008,743,584 | ---- | M] () -- C:\Users\Antonio\AppData\Local\Google\Chrome\APPLIC~1\180102~1.168\gcswf32.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/07/01 15:40:28 | 000,129,352 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe MOD - [2011/07/01 15:39:40 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll MOD - [2011/05/11 18:33:45 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_pt-BR_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/11/12 20:35:07 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxczcoms.exe -- (lxcz_device) SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel® SRV - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Arquivos de Programas\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2011/09/14 21:17:28 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/07/01 15:40:36 | 000,063,976 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService) SRV - [2011/07/01 15:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater) SRV - [2011/05/24 21:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2011/05/24 20:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011/03/28 04:48:39 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2011/03/01 18:29:58 | 000,130,976 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2011/02/28 10:29:18 | 000,852,160 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Arquivos de Programas\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011/02/24 16:03:34 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011/02/24 16:02:14 | 000,073,376 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011/02/23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011/02/21 12:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011/02/21 12:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011/02/18 22:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011/02/18 22:10:06 | 000,546,608 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011/02/18 22:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2011/02/14 03:15:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2011/02/14 03:15:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2011/01/20 12:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011/01/20 12:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Arquivos de Programas\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010/03/25 19:07:22 | 000,046,080 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007/04/19 15:43:56 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/07/21 12:15:16 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011/07/21 12:15:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011/05/24 20:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv) DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011/03/28 04:48:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR) DRV:64bit: - [2011/03/28 01:12:44 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Áudio do vídeo Intel® DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/09 00:28:52 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011/02/24 16:02:40 | 000,286,880 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011/02/24 16:02:38 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011/02/24 16:02:38 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011/02/24 16:02:38 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011/02/24 16:02:38 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011/02/24 16:02:38 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011/02/24 16:02:36 | 000,259,232 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011/02/24 16:02:36 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011/02/21 14:43:52 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011/02/16 23:26:28 | 002,647,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011/02/14 03:15:10 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2011/02/11 05:48:34 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010/11/21 00:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/21 00:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/11/21 00:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/21 00:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/04/26 17:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 17:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008/12/13 11:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.com.br/vaio [binary data] IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.ask.com/?l=dis&o=15383 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101437&mntrId=24d9aa6400000000000000ffb8a6b030 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{8A4DAC06-F4AB-4F95-836E-4B60E14A764E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYBR&apn_uid=c18b2e83-8b9b-463f-8d74-4eaaa663cec2&apn_sauid=F670F56F-624F-4AA1-AD1A-5D72E73CDE70 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Antonio\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/19 19:19:04 | 000,000,000 | ---D | M] [2011/12/28 06:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Antonio\AppData\Roaming\mozilla\Extensions [2011/12/27 19:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Antonio\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - Extension: Superinteressante = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\degpihaammlmlmgcddhlnfebfcjlbjnk\1.2.0_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Antonio\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2012/05/15 19:09:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Arquivos de Programas\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\..\Toolbar\WebBrowser: (aTube Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Arquivos de Programas\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [lxczbmgr.exe] C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000..\Run: [bitTorrent] C:\Program Files (x86)\BitTorrent\BitTorrent.exe (BitTorrent, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1526446544-1275421046-2504226493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de Programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.223.128.17 186.223.128.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9256DCD0-06A8-4EB9-B5B1-AFD7D8E37D6F}: DhcpNameServer = 186.223.128.17 186.223.128.14 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - G:\AUTORUN_.INF -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/05/16 16:04:53 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\PENDRIVE [2012/05/15 21:11:43 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Antonio\Desktop\unhide.exe [2012/05/15 20:59:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/05/15 19:09:25 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/05/15 18:49:51 | 004,494,423 | R--- | C] (Swearware) -- C:\Users\Antonio\Desktop\ComboFix.exe [2012/05/15 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro [2012/05/15 16:29:01 | 000,000,000 | ---D | C] -- C:\rsit [2012/05/15 12:43:54 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E40827B9-18C4-4F2D-BC52-F963061561FB} [2012/05/15 12:43:42 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D6F8C87D-EAD8-48CF-BE39-70655348D517} [2012/05/15 02:55:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva [2012/05/15 02:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva [2012/05/14 21:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2012/05/14 21:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2012/05/14 20:48:44 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{28701017-91D0-4EB2-89A8-CC1FCFEF78F3} [2012/05/14 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{9136947D-9A0C-44FC-BC7B-244448DE2F25} [2012/05/14 15:27:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{44F38F24-38DC-4B5A-ADDF-7CCB9CBD5C82} [2012/05/14 08:20:54 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{304BEEDA-7062-4D98-8351-75B31089AD98} [2012/05/13 19:41:30 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{5CF98D94-F63D-48AA-A719-8E9B57D77DBE} [2012/05/13 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E7D0BD75-FEAF-481D-ACD0-214A9346FA4A} [2012/05/13 10:26:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/05/13 10:26:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/05/13 10:26:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/05/13 10:26:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/05/13 10:25:29 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/05/13 08:31:48 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Malwarebytes [2012/05/13 08:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/05/13 08:28:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2012/05/13 08:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine [2012/05/13 08:28:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/05/13 08:19:22 | 000,848,856 | ---- | C] (Panda Security ) -- C:\Users\Antonio\Desktop\USBVaccineSetup.exe [2012/05/13 06:36:36 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\DIN GRUPO [2012/05/12 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{E4276413-6BA8-42E3-B5AF-50D8A56360D2} [2012/05/12 23:55:45 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{4B7C5895-2862-4782-B126-52AA16672C11} [2012/05/12 11:55:07 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{30D612D7-4C7D-41A0-9056-0751BFDC8367} [2012/05/12 11:54:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B14C9A42-CE07-4CD3-8FD1-F14405CCB1EE} [2012/05/11 17:33:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{9769959F-F1F5-4A22-A901-38BD84224419} [2012/05/11 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{1477FDB0-8FA0-47F1-BA1F-BE91E9FB1404} [2012/05/10 18:56:42 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{6652BC0D-E1B1-49CD-82D1-BFC417BA732A} [2012/05/10 18:42:23 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{86C2A662-AAEB-4F18-9B6E-73D2C682FBC3} [2012/05/10 06:26:40 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{ACCCF5EB-66D7-4320-B089-A8524368B63A} [2012/05/10 06:26:05 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{67126908-2EED-4160-A0EF-93194610BA1C} [2012/05/09 22:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/05/09 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/05/09 22:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/05/09 18:25:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{F2995939-64EF-4E50-8D0C-49624CF25152} [2012/05/09 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{779C3067-BECE-47E1-87D0-4E047AA52B9A} [2012/05/09 06:24:05 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{1CEF83C5-55E3-42BA-B581-12CE17B9F019} [2012/05/08 18:12:55 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012/05/08 18:12:54 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012/05/08 18:12:53 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012/05/08 18:12:53 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012/05/08 18:02:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B39508AE-80D6-4F1A-B484-E681B54F42F1} [2012/05/08 18:02:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{FB3A4FDA-14F0-408E-8EC2-9DC5BE5CB34D} [2012/05/08 00:49:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{4086DF08-44C7-4CFA-9C13-0FA05E436A1D} [2012/05/08 00:49:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{CD7E4EFA-180B-44B2-B4E7-8CCA5E50552B} [2012/05/07 12:48:24 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{04E8F49A-0FCB-446F-94CF-336D75E22F45} [2012/05/07 12:48:12 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{577F1C0D-95C2-4FE1-82D2-76BEF41F5DDE} [2012/05/04 18:28:29 | 000,000,000 | ---D | C] -- C:\temp [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 1200 Series [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 1200 Series [2012/05/04 18:15:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexmark 1200 Series [2012/05/04 18:15:02 | 000,983,107 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\lxczgf.dll [2012/05/04 18:14:52 | 000,446,464 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczjswr.dll [2012/05/04 18:14:52 | 000,177,664 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxczins.dll [2012/05/04 18:14:52 | 000,135,168 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczinsb.dll [2012/05/04 18:14:52 | 000,079,360 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczcu.dll [2012/05/04 18:14:52 | 000,078,848 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysNative\lxczcur.dll [2012/05/04 18:14:52 | 000,074,752 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysNative\lxczinsr.dll [2012/05/04 18:14:52 | 000,062,464 | ---- | C] (Lexmark International) -- C:\Windows\SysNative\LXCZcfg.dll [2012/05/04 12:11:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{6986DBC1-5CE8-4963-9327-78610B13B1AB} [2012/05/04 12:10:49 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{FB3FCBC2-9D70-4E13-9430-D251D62EB168} [2012/05/03 17:28:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{53C2AC9C-677A-40E6-8420-C14D464E4A5B} [2012/05/03 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{DFA4450D-9AB7-4CFF-8AAD-9BC8A80E6C49} [2012/05/03 14:29:17 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B0147C47-25E4-4960-BDFD-A748B9AB83D0} [2012/05/03 10:44:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{66CCA392-935C-42FC-880F-B1CF540C4E64} [2012/05/02 17:05:36 | 000,000,000 | ---D | C] -- C:\drivers [2012/05/02 16:55:56 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{95B5A04B-37B2-427D-8EA2-7773A2340D05} [2012/05/02 16:55:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{2BD9ADDD-2D4E-440F-9875-E87A7324889E} [2012/05/02 16:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86) (x86) [2012/05/02 16:51:06 | 000,445,440 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczjswr.dll [2012/05/02 16:51:06 | 000,177,664 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxczins.dll [2012/05/02 16:51:06 | 000,135,168 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczinsb.dll [2012/05/02 16:51:06 | 000,079,360 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczcu.dll [2012/05/02 16:51:06 | 000,077,824 | ---- | C] (Lexmark International Inc.) -- C:\Windows\SysWow64\lxczcur.dll [2012/05/02 16:51:06 | 000,072,192 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\SysWow64\lxczinsr.dll [2012/05/02 16:51:06 | 000,062,464 | ---- | C] (Lexmark International) -- C:\Windows\SysWow64\LXCZcfg.dll [2012/05/02 16:36:40 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B3C02B13-5818-48F1-9D35-7FAE97E0CD02} [2012/05/02 16:36:27 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D1EFD28C-40E8-4C3E-904C-61A305AFD5A9} [2012/05/02 11:36:59 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{5D41B994-AA4F-423F-B424-81EC74830E0F} [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\ppt [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\docProps [2012/05/02 08:14:03 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\_rels [2012/05/01 18:33:30 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D4C2BC82-EB6F-492B-8D83-13C31E828D0B} [2012/05/01 18:32:55 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{699A6707-7815-4F65-A31D-EEB4B5AF9FD1} [2012/05/01 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{DE3A1C91-A55B-416C-AB25-051621A99B81} [2012/05/01 16:50:32 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{D1CBDFC7-08AC-4DF9-81EF-B5B0B838771B} [2012/05/01 13:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace of Spades [2012/05/01 13:24:40 | 000,000,000 | ---D | C] -- C:\Ace of Spades [2012/05/01 01:19:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{F761F685-86B3-4D44-8E68-8D5F92A14C9D} [2012/05/01 01:19:34 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{3995A0E5-905C-46D8-A794-E71FBC64FCD2} [2012/05/01 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Meus arquivos recebidos [2012/05/01 00:06:23 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{B8FE1BA1-ECDE-4121-B031-8C1925FC6FF8} [2012/05/01 00:05:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{384508B2-7BBA-412C-BC25-08D0F5C5F1DC} [2012/04/30 21:56:04 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Local\{7C5BA712-5FCB-4948-B057-C6582E6BC995} [2012/04/30 21:55:50 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Tracing [2012/04/30 17:18:15 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\My Palettes [2012/04/30 17:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012/04/30 17:17:24 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Corel [2012/04/30 17:05:48 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Corel [2012/04/30 17:05:37 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\Visual Studio 2008 [2012/04/30 17:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs [2012/04/30 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0 [2012/04/30 17:03:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2012/04/30 17:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2012/04/30 17:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2012/04/30 17:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X5 [2012/04/30 16:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2012/04/30 16:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X5 [2012/04/27 12:45:31 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\PPS PODEROSOS [2012/04/26 06:51:51 | 000,000,000 | ---D | C] -- C:\Users\Antonio\.receitanet [2012/04/24 11:05:46 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\INSPIRACIONAL [2012/04/24 10:17:57 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SARAIVA [2012/04/23 06:13:52 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\DOWNLOAD [2012/04/21 06:46:06 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\SAUDE MENTAL TRABALHO [2012/04/19 19:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2012/04/19 19:18:59 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012/04/19 19:18:48 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/04/19 19:18:48 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012/04/19 19:18:48 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012/04/19 19:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real [2012/04/19 19:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real [2012/04/19 19:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Real [2012/04/19 19:18:38 | 000,000,000 | ---D | C] -- C:\Users\Antonio\AppData\Roaming\Real [2012/04/17 19:41:58 | 000,000,000 | ---D | C] -- C:\Users\Antonio\Documents\GESTÃO TEMPO_files Edited May 17, 2012 by etavares
MozartSilva Posted May 16, 2012 Author Posted May 16, 2012 OTL2 The last part. ========== Files - Modified Within 30 Days ========== [2012/05/16 18:29:38 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 18:29:38 | 000,021,200 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/05/16 18:27:49 | 001,629,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/05/16 18:27:49 | 000,703,792 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat [2012/05/16 18:27:49 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/05/16 18:27:49 | 000,146,578 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat [2012/05/16 18:27:49 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/05/16 18:22:24 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/05/16 18:22:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/05/16 18:21:44 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys [2012/05/16 16:35:43 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1526446544-1275421046-2504226493-1000UA.job [2012/05/16 16:06:43 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/05/15 21:11:46 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Antonio\Desktop\unhide.exe [2012/05/15 19:09:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/05/15 18:40:21 | 004,494,423 | R--- | M] (Swearware) -- C:\Users\Antonio\Desktop\ComboFix.exe [2012/05/15 16:28:33 | 000,781,383 | ---- | M] () -- C:\Users\Antonio\Desktop\RSIT.exe [2012/05/15 03:34:28 | 000,147,274 | ---- | M] () -- C:\Users\Antonio\Documents\BOLETO ANTONIO CELSO MENEZES TAVARES.pdf [2012/05/15 03:34:08 | 000,347,766 | ---- | M] () -- C:\Users\Antonio\Documents\PROPOSTA ANTONIO CELSO MENEZES TAVARES.pdf [2012/05/15 02:55:25 | 000,001,658 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk [2012/05/14 10:35:00 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1526446544-1275421046-2504226493-1000Core.job [2012/05/13 08:30:10 | 000,132,597 | ---- | M] () -- C:\Users\Antonio\Desktop\Flash_Disinfector.exe [2012/05/13 08:19:24 | 000,848,856 | ---- | M] (Panda Security ) -- C:\Users\Antonio\Desktop\USBVaccineSetup.exe [2012/05/09 19:16:58 | 000,267,116 | ---- | M] () -- C:\Users\Antonio\Documents\coaching-e-administracao-do-tempo.pdf [2012/05/09 18:01:12 | 000,977,538 | ---- | M] () -- C:\Users\Antonio\Documents\valmir_mar10.pdf [2012/05/09 17:50:38 | 000,742,317 | ---- | M] () -- C:\Users\Antonio\Documents\39810025.pdf [2012/05/09 06:47:34 | 000,500,576 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/05/07 13:23:22 | 000,102,483 | ---- | M] () -- C:\Users\Antonio\Documents\FATEC-SBC_ADME_Forcas_Competitivas_de_Porter.pdf [2012/05/04 18:38:03 | 000,536,077 | ---- | M] () -- C:\Users\Antonio\Documents\Termo de Autorizacao - Chefia.pdf [2012/05/04 18:17:36 | 000,013,986 | ---- | M] () -- C:\Windows\SysNative\LexFiles.ulf [2012/05/04 18:15:38 | 000,000,240 | ---- | M] () -- C:\Windows\Lexstat.ini [2012/05/03 18:15:37 | 005,263,508 | ---- | M] () -- C:\Users\Antonio\Documents\prof_Mauricio_Gestao_de_Pessoas13fev2007.pdf [2012/05/02 16:53:26 | 000,003,676 | ---- | M] () -- C:\Windows\SysWow64\LexFiles.ulf [2012/05/01 13:24:42 | 000,000,138 | ---- | M] () -- C:\Users\Public\Desktop\Play Ace of Spades.url [2012/04/25 16:19:32 | 404,749,095 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/04/24 10:51:54 | 000,281,791 | ---- | M] () -- C:\test.xml [2012/04/19 19:19:13 | 000,001,300 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/04/19 19:18:59 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2012/04/19 19:18:48 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2012/04/19 19:18:48 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2012/04/19 19:18:48 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2012/04/18 01:12:47 | 000,040,766 | ---- | M] () -- C:\Users\Antonio\Documents\a-mente3.gif [2012/04/18 01:11:24 | 000,016,678 | ---- | M] () -- C:\Users\Antonio\Documents\figura42.gif [2012/04/17 19:41:57 | 000,160,415 | ---- | M] () -- C:\Users\Antonio\Documents\GESTÃO TEMPO.htm ========== Files Created - No Company Name ========== [2012/05/15 16:28:23 | 000,781,383 | ---- | C] () -- C:\Users\Antonio\Desktop\RSIT.exe [2012/05/15 03:34:31 | 000,147,274 | ---- | C] () -- C:\Users\Antonio\Documents\BOLETO ANTONIO CELSO MENEZES TAVARES.pdf [2012/05/15 03:34:14 | 000,347,766 | ---- | C] () -- C:\Users\Antonio\Documents\PROPOSTA ANTONIO CELSO MENEZES TAVARES.pdf [2012/05/15 02:55:25 | 000,001,658 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk [2012/05/13 10:26:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/05/13 10:26:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/05/13 10:26:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/05/13 10:26:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/05/13 10:26:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/05/13 08:30:08 | 000,132,597 | ---- | C] () -- C:\Users\Antonio\Desktop\Flash_Disinfector.exe [2012/05/09 19:17:01 | 000,267,116 | ---- | C] () -- C:\Users\Antonio\Documents\coaching-e-administracao-do-tempo.pdf [2012/05/09 18:01:15 | 000,977,538 | ---- | C] () -- C:\Users\Antonio\Documents\valmir_mar10.pdf [2012/05/09 17:50:45 | 000,742,317 | ---- | C] () -- C:\Users\Antonio\Documents\39810025.pdf [2012/05/07 13:23:53 | 000,102,483 | ---- | C] () -- C:\Users\Antonio\Documents\FATEC-SBC_ADME_Forcas_Competitivas_de_Porter.pdf [2012/05/04 18:38:03 | 000,536,077 | ---- | C] () -- C:\Users\Antonio\Documents\Termo de Autorizacao - Chefia.pdf [2012/05/04 18:15:00 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczppls.exe [2012/05/04 18:14:59 | 000,001,851 | ---- | C] () -- C:\Windows\SysWow64\lxcz.loc [2012/05/04 18:14:53 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysNative\lxczserv.dll [2012/05/04 18:14:53 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysNative\lxczusb1.dll [2012/05/04 18:14:53 | 000,571,392 | ---- | C] () -- C:\Windows\SysNative\lxczutil.dll [2012/05/04 18:14:53 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysNative\LXCZhcp.dll [2012/05/04 18:14:53 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysNative\lxczinpa.dll [2012/05/04 18:14:53 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysNative\lxcziesc.dll [2012/05/04 18:14:53 | 000,194,048 | ---- | C] () -- C:\Windows\SysNative\LXCZinst.dll [2012/05/04 18:14:53 | 000,013,986 | ---- | C] () -- C:\Windows\SysNative\LexFiles.ulf [2012/05/04 18:14:52 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysNative\lxczcomc.dll [2012/05/04 18:14:52 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysNative\lxczhbn3.dll [2012/05/04 18:14:52 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysNative\lxczcoms.exe [2012/05/04 18:14:52 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysNative\lxczlmpm.dll [2012/05/04 18:14:52 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysNative\lxczpmui.dll [2012/05/04 18:14:52 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysNative\lxczcomm.dll [2012/05/04 18:14:52 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysNative\lxczcfg.exe [2012/05/04 18:14:52 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysNative\lxczih.exe [2012/05/04 18:14:52 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysNative\lxczprox.dll [2012/05/04 18:14:52 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysNative\lxczpplc.dll [2012/05/04 18:14:52 | 000,001,851 | ---- | C] () -- C:\Windows\SysNative\lxcz.loc [2012/05/03 18:15:43 | 005,263,508 | ---- | C] () -- C:\Users\Antonio\Documents\prof_Mauricio_Gestao_de_Pessoas13fev2007.pdf [2012/05/02 17:06:43 | 000,000,240 | ---- | C] () -- C:\Windows\Lexstat.ini [2012/05/02 16:51:07 | 001,417,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczserv.dll [2012/05/02 16:51:07 | 001,099,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczusb1.dll [2012/05/02 16:51:07 | 000,571,392 | ---- | C] () -- C:\Windows\SysWow64\lxczutil.dll [2012/05/02 16:51:07 | 000,305,152 | ---- | C] ( ) -- C:\Windows\SysWow64\LXCZhcp.dll [2012/05/02 16:51:07 | 000,238,592 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczinpa.dll [2012/05/02 16:51:07 | 000,226,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcziesc.dll [2012/05/02 16:51:07 | 000,194,048 | ---- | C] () -- C:\Windows\SysWow64\LXCZinst.dll [2012/05/02 16:51:07 | 000,003,676 | ---- | C] () -- C:\Windows\SysWow64\LexFiles.ulf [2012/05/02 16:51:06 | 000,695,808 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomc.dll [2012/05/02 16:51:06 | 000,659,456 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczhbn3.dll [2012/05/02 16:51:06 | 000,566,192 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcoms.exe [2012/05/02 16:51:06 | 000,487,424 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczlmpm.dll [2012/05/02 16:51:06 | 000,409,600 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpmui.dll [2012/05/02 16:51:06 | 000,249,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcomm.dll [2012/05/02 16:51:06 | 000,235,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczcfg.exe [2012/05/02 16:51:06 | 000,233,392 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczih.exe [2012/05/02 16:51:06 | 000,035,328 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczprox.dll [2012/05/02 16:51:06 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\lxczpplc.dll [2012/05/02 08:14:03 | 000,008,772 | ---- | C] () -- C:\Users\Antonio\Documents\[Content_Types].xml [2012/05/01 13:24:42 | 000,000,138 | ---- | C] () -- C:\Users\Public\Desktop\Play Ace of Spades.url [2012/04/19 19:19:13 | 000,001,300 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2012/04/18 01:12:50 | 000,040,766 | ---- | C] () -- C:\Users\Antonio\Documents\a-mente3.gif [2012/04/18 01:11:27 | 000,016,678 | ---- | C] () -- C:\Users\Antonio\Documents\figura42.gif [2012/04/17 19:41:51 | 000,160,415 | ---- | C] () -- C:\Users\Antonio\Documents\GESTÃO TEMPO.htm [2012/02/24 17:59:56 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI [2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll [2012/01/27 08:57:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2012/01/10 08:18:25 | 000,004,096 | ---- | C] () -- C:\Users\Antonio\AppData\Local\keyfile3.drm [2011/10/31 11:39:13 | 000,141,657 | ---- | C] () -- C:\Windows\hphins33.dat [2011/10/31 11:39:13 | 000,000,512 | ---- | C] () -- C:\Windows\hphmdl33.dat [2011/08/24 20:28:30 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011/05/11 15:26:35 | 000,000,035 | ---- | C] () -- C:\ProgramData\AtherosServiceConfig.ini [2011/03/28 04:04:04 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011/02/10 20:03:27 | 001,597,720 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012/04/08 12:12:13 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\.minecraft [2011/10/06 06:20:53 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Ashampoo [2012/05/16 18:23:17 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\BitTorrent [2011/10/04 05:29:34 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\BizAgi Ltd [2011/10/06 05:31:14 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Canneverbe Limited [2012/04/15 14:50:12 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\DAEMON Tools Lite [2011/08/25 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\foobar2000 [2011/10/04 05:29:35 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\IsolatedStorage [2011/10/06 05:31:07 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\OpenCandy [2012/02/12 13:07:39 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\PhotoFiltre [2011/09/24 11:56:18 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\pymclevel [2011/08/24 20:37:27 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Synaptics [2011/08/25 20:05:35 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Unity [2011/12/28 16:54:13 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Windows Live Writer [2011/12/28 15:05:20 | 000,000,000 | ---D | M] -- C:\Users\Antonio\AppData\Roaming\Youtube Downloader HD [2012/04/10 06:04:09 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
etavares Posted May 17, 2012 Posted May 17, 2012 Hello, MozartSilva. P2P Warning and Request The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it. It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean. Next, please download ComboFix from one of these locations: Bleepingcomputer InfoSpyware * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.) Double click on etavaresCF.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs. Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear. etavares etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
etavares Posted June 30, 2012 Posted June 30, 2012 Due to lack of response, this thread is now closed. If you need it reopened, please PM a moderator. etavares is a member of:Alliance of Security Analysis ProfessionalsUnified Network of Instructors and Trained Eliminators
Recommended Posts