[Arquivado] &nbspInfeccção com malware

[Annluciap 0]

Segue log do Hijack.

 

Obrigada pela ajuda.

 

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:29:42, on 14/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

C:\ARQUIV~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

C:\WINDOWS\explorer.exe

C:\Hijack\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [LPManager] C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\ARQUIV~1\THINKV~1\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [AMSG] C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [cssauth] "C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKUS\S-1-5-21-4028077051-1937328999-2117567885-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Michel')

O4 - HKUS\S-1-5-21-4028077051-1937328999-2117567885-1006\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Michel')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253286732921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253291528593

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Google Update Service (gupdate1cae6e85b4ca512) (gupdate1cae6e85b4ca512) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\UpdateMonitor.exe

 

--

End of file - 10468 bytes

[wings 22]

Olá Annluciap

 

1.

*Desative seu antivírus temporariamente

 

*Baixe o RSIT e salve-o no desktop

*Execute o RSIT e clique [Continue]

*Cole o relatório C:\rsit\log.txt

[Annluciap 0]

Olá,

 

segue o log. Desculpa pela demora.

 

Obrigada.

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by Michel at 2010-11-10 18:34:00

Microsoft Windows XP Professional Service Pack 3

System drive C: has 120 GB (82%) free of 147 GB

Total RAM: 1884 MB (73% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:34:04, on 10/11/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17091)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

C:\Arquivos de programas\Lenovo\Rescue and Recovery\UpdateMonitor.exe

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\arquivos de programas\lenovo\system update\suservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ICO.EXE

C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

C:\ARQUIV~1\THINKV~1\PrdCtr\LPMLCHK.exe

C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe

C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Documents and Settings\Michel\Desktop\RSIT.exe

C:\Arquivos de programas\trend micro\Michel.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ufrgs.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [iAAnotif] C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe

O4 - HKLM\..\Run: [LPManager] C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe

O4 - HKLM\..\Run: [LPMailChecker] C:\ARQUIV~1\THINKV~1\PrdCtr\LPMLCHK.exe

O4 - HKLM\..\Run: [AMSG] C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe /startup

O4 - HKLM\..\Run: [cssauth] "C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe" silent

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Arquivos de programas\F-Secure\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Aleph 500.14.2 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253286732921

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253291528593

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe

O23 - Service: Broker de solicitação de rede F-Secure (F-Secure Network Request Broker) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE

O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe

O23 - Service: Google Update Service (gupdate1cae6e85b4ca512) (gupdate1cae6e85b4ca512) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: IviRegMgr - InterVideo - C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe (file missing)

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\arquivos de programas\lenovo\system update\suservice.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe

O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe

O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Arquivos de programas\Lenovo\Rescue and Recovery\UpdateMonitor.exe

 

--

End of file - 10607 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype add-on for Internet Explorer - C:\Arquivos de programas\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]

IePasswordManagerHelper Class - C:\Arquivos de programas\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2008-06-13 808248]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6867EB7-8350-4856-877F-93CF8AE3DC9C}]

Browsing Protection Class - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll [2010-09-08 544440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{265EEE8E-3228-44D3-AEA5-F7FDF5860049} - Browsing Protection Toolbar - C:\Arquivos de programas\F-Secure\NRS\iescript\baselitmus.dll [2010-09-08 544440]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SoundMAXPnP"=C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe [2007-03-15 868352]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]

"Mouse Suite 98 Daemon"=C:\WINDOWS\system32\ICO.EXE [2008-06-27 53248]

"IAAnotif"=C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-07-20 182808]

"TVT Scheduler Proxy"=C:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\scheduler_proxy.exe [2008-05-14 487424]

"LPManager"=C:\ARQUIV~1\THINKV~1\PrdCtr\LPMGR.exe [2008-06-08 165208]

"LPMailChecker"=C:\ARQUIV~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-06-08 124248]

"AMSG"=C:\Arquivos de programas\ThinkVantage\AMSG\Amsg.exe [2007-02-01 419376]

"cssauth"=C:\Arquivos de programas\Lenovo\Client Security Solution\cssauth.exe [2008-06-13 3073336]

"F-Secure Manager"=C:\Arquivos de programas\F-Secure\Common\FSM32.EXE [2009-11-26 301680]

"F-Secure TNB"=C:\Arquivos de programas\F-Secure\FSGUI\TNBUtil.exe [2009-11-26 1653360]

"SunJavaUpdateSched"=C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [2010-05-14 248552]

"Adobe Reader Speed Launcher"=C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

"Adobe ARM"=C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"Skype"=C:\Arquivos de programas\Skype\Phone\Skype.exe [2010-04-20 26192680]

 

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar

Aleph 500.14.2 Version Check.lnk - C:\AL500\ALEPHCOM\BIN\VERSION.EXE

Microsoft Office.lnk - C:\Arquivos de programas\Microsoft Office\Office\OSA9.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]

C:\WINDOWS\system32\psqlpwd.dll [2008-06-24 95496]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=scecli

psqlpwd

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveAutoRun"=67108863

"NoDriveTypeAutoRun"=323

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe"="C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

"C:\Arquivos de programas\Skype\Phone\Skype.exe"="C:\Arquivos de programas\Skype\Phone\Skype.exe:*:Enabled:Skype"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 1 months======

 

2010-11-10 18:34:00 ----D---- C:\rsit

2010-11-10 18:34:00 ----D---- C:\Arquivos de programas\trend micro

2010-10-19 18:02:32 ----N---- C:\WINDOWS\system32\javaws.exe

2010-10-19 18:02:32 ----N---- C:\WINDOWS\system32\javaw.exe

2010-10-19 18:02:32 ----N---- C:\WINDOWS\system32\java.exe

2010-10-15 13:29:48 ----N---- C:\WINDOWS\system32\ResDll.dll

2010-10-15 13:29:45 ----D---- C:\AL500

2010-10-15 13:28:34 ----D---- C:\Arquivos de programas\SABi

2010-10-14 20:29:38 ----SHD---- C:\RECYCLER

2010-10-14 20:28:14 ----N---- C:\ComboFix.txt

2010-10-14 20:24:46 ----N---- C:\Boot.bak

2010-10-14 20:24:43 ----RASHD---- C:\cmdcons

2010-10-14 20:23:05 ----N---- C:\WINDOWS\zip.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\SWXCACLS.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\SWSC.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\SWREG.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\sed.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\PEV.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\NIRCMD.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\MBR.exe

2010-10-14 20:23:05 ----N---- C:\WINDOWS\grep.exe

2010-10-14 20:23:01 ----D---- C:\WINDOWS\ERDNT

2010-10-14 20:21:24 ----D---- C:\Qoobox

2010-10-14 20:08:52 ----D---- C:\Hijack

2010-10-11 20:39:31 ----D---- C:\Arquivos de programas\Adobe

 

======List of files/folders modified in the last 1 months======

 

2010-11-10 18:34:00 ----RAD---- C:\Arquivos de programas

2010-11-10 18:33:09 ----D---- C:\WINDOWS\Temp

2010-11-10 18:32:49 ----D---- C:\Documents and Settings\Michel\Dados de aplicativos\Skype

2010-11-10 18:32:44 ----D---- C:\WINDOWS\Prefetch

2010-11-10 16:08:12 ----D---- C:\WINDOWS\Debug

2010-11-10 16:08:10 ----A---- C:\WINDOWS\system32\MRT.exe

2010-11-10 16:07:44 ----D---- C:\temp

2010-11-10 15:40:13 ----D---- C:\Documents and Settings\Michel\Dados de aplicativos\skypePM

2010-11-10 15:39:26 ----A---- C:\sysiclog.txt

2010-11-10 15:39:04 ----D---- C:\WINDOWS\system32\CatRoot2

2010-11-10 15:39:03 ----AD---- C:\WINDOWS\system32

2010-11-10 15:39:02 ----A---- C:\WINDOWS\system32\ICAutoUpdate.log.bak

2010-11-09 19:06:36 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-11-08 16:46:05 ----AD---- C:\Arquivos de programas\Mozilla Firefox

2010-11-08 14:17:16 ----D---- C:\WINDOWS\system32\config

2010-11-08 13:36:01 ----D---- C:\SWSHARE

2010-10-22 13:00:00 ----SHD---- C:\WINDOWS\Installer

2010-10-20 18:00:30 ----AD---- C:\WINDOWS

2010-10-20 18:00:14 ----HD---- C:\WINDOWS\inf

2010-10-19 20:38:02 ----SHD---- C:\WINDOWS\CSC

2010-10-19 18:02:29 ----AD---- C:\Arquivos de programas\Java

2010-10-19 18:01:51 ----N---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-15 13:29:55 ----D---- C:\WINDOWS\system

2010-10-14 20:27:12 ----N---- C:\WINDOWS\system.ini

2010-10-14 20:27:06 ----D---- C:\WINDOWS\system32\drivers\etc

2010-10-14 20:25:58 ----D---- C:\WINDOWS\system32\drivers

2010-10-14 20:25:58 ----D---- C:\WINDOWS\AppPatch

2010-10-14 20:25:57 ----AD---- C:\Arquivos de programas\Arquivos comuns

2010-10-14 20:24:46 ----RSH---- C:\boot.ini

2010-10-14 20:09:11 ----N---- C:\WINDOWS\ODBC.INI

2010-10-14 19:00:26 ----AD---- C:\Arquivos de programas\Windows Live Toolbar

2010-10-14 19:00:24 ----SD---- C:\WINDOWS\Tasks

2010-10-14 18:55:50 ----AD---- C:\Arquivos de programas\Roxio

2010-10-14 14:58:25 ----ASHDC---- C:\WINDOWS\system32\dllcache

2010-10-14 14:58:20 ----HD---- C:\WINDOWS\$hf_mig$

2010-10-14 14:58:09 ----D---- C:\WINDOWS\WinSxS

2010-10-14 14:57:38 ----D---- C:\WINDOWS\system32\pt-BR

2010-10-14 14:57:38 ----AD---- C:\Arquivos de programas\Internet Explorer

2010-10-13 17:24:28 ----D---- C:\WINDOWS\Microsoft.NET

2010-10-13 17:24:25 ----RSD---- C:\WINDOWS\assembly

2010-10-11 20:39:39 ----D---- C:\Documents and Settings\All Users\Dados de aplicativos\Adobe

2010-10-11 20:39:39 ----AD---- C:\Arquivos de programas\Arquivos comuns\Adobe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2007-03-12 99848]

R0 fsbts;fsbts; C:\WINDOWS\system32\Drivers\fsbts.sys [2010-08-31 41624]

R0 FSFW;F-Secure Firewall Driver; C:\WINDOWS\System32\drivers\fsdfw.sys [2009-11-26 80016]

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2008-07-20 324120]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-04-08 44944]

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]

R1 intelppm;Driver de Processador Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]

R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 tvtumon;tvtumon; C:\WINDOWS\system32\DRIVERS\tvtumon.sys [2008-05-09 46144]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]

R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2007-06-18 35064]

R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2007-06-18 32472]

R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2007-06-18 9400]

R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2007-06-18 105048]

R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2007-06-18 26744]

R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2007-06-18 14520]

R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2007-06-18 98136]

R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2007-06-18 93752]

R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]

R2 pmem;pmem; \??\C:\WINDOWS\System32\drivers\pmemnt.sys []

R2 smihlp;SMI Helper Driver (smihlp); \??\C:\Arquivos de programas\Arquivos comuns\ThinkVantage Fingerprint Software\Drivers\smihlp.sys []

R2 tvtfilter;tvtfilter; C:\WINDOWS\system32\DRIVERS\tvtfilter.sys [2009-05-07 33536]

R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-12-10 323584]

R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-22 94848]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K; C:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-06-05 144480]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Arquivos de programas\F-Secure\Anti-Virus\minifilter\fsgk.sys []

R3 HDAudBus;Driver de Barramento Microsoft UAA para High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2008-03-28 40832]

R3 HidUsb;Driver de classe HID da Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-10-14 10368]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-06-11 6021184]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-09-06 12288]

R3 pelmouse;Mouse Suite Driver; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2006-09-14 16768]

R3 pelusblf;USB Mouse Low Filter Driver; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2006-10-14 14592]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2008-04-09 30144]

R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2005-03-17 8704]

R3 TPM;Winbond Trusted Platform Module; C:\WINDOWS\system32\DRIVERS\tpm.sys [2008-02-10 18048]

R3 TVTI2C;Lenovo SM bus driver; C:\WINDOWS\system32\DRIVERS\Tvti2c.sys [2008-07-16 37184]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\catchme.sys []

S3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2008-04-13 28672]

S3 Rasirda;Miniporta de rede remota (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

S3 usbaudio;Driver de áudio USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 agp440;Filtro de barramento Intel AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Filtro de barramento Compaq AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;Filtro de barramento ALI AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]

S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Arquivos de programas\F-Secure\Anti-Virus\Win2K\FSfilter.sys []

S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Arquivos de programas\F-Secure\Anti-Virus\Win2K\FSrec.sys []

S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;Filtro de barramento VIA AGP; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Arquivos de programas\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-07-20 354840]

R2 IviRegMgr;IviRegMgr; C:\Arquivos de programas\Arquivos comuns\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]

R2 JavaQuickStarterService;Java Quick Starter; C:\Arquivos de programas\Java\jre6\bin\jqs.exe [2010-09-15 153376]

R2 SUService;System Update; c:\arquivos de programas\lenovo\system update\suservice.exe [2008-05-24 32768]

R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; c:\Arquivos de programas\Arquivos comuns\Lenovo\tvt_reg_monitor_svc.exe [2008-06-13 746808]

R2 TSSCoreService;TSS Core Service; C:\Arquivos de programas\Lenovo\Client Security Solution\tvttcsd.exe [2008-06-13 779576]

R2 TVT Backup Protection Service;TVT Backup Protection Service; C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrpservice.exe [2008-05-14 520192]

R2 TVT Backup Service;TVT Backup Service; C:\Arquivos de programas\Lenovo\Rescue and Recovery\rrservice.exe [2008-05-14 950272]

R2 TVT Scheduler;TVT Scheduler; c:\Arquivos de programas\Arquivos comuns\Lenovo\Scheduler\tvtsched.exe [2008-05-14 1155072]

R2 TVT_UpdateMonitor;TVT Windows Update Monitor; C:\Arquivos de programas\Lenovo\Rescue and Recovery\UpdateMonitor.exe [2008-05-09 253952]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

S2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Arquivos de programas\F-Secure\Anti-Virus\fsgk32st.exe [2009-11-26 219760]

S2 FSMA;F-Secure Management Agent; C:\Arquivos de programas\F-Secure\Common\FSMA32.EXE [2009-11-26 186992]

S2 gupdate1cae6e85b4ca512;Google Update Service (gupdate1cae6e85b4ca512); C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-04-28 133104]

S2 SessionLauncher;SessionLauncher; C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\DX9\SessionLauncher.exe []

S3 aspnet_state;Serviço de estado do ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Arquivos de programas\F-Secure\FWES\Program\fsdfwd.exe [2009-11-26 522864]

S3 F-Secure Network Request Broker;Broker de solicitação de rede F-Secure; C:\Arquivos de programas\F-Secure\Common\FNRB32.EXE [2009-11-26 166512]

S3 FSORSPClient;F-Secure ORSP Client; C:\Arquivos de programas\F-Secure\ORSP Client\fsorsp.exe [2010-10-13 64016]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 ose;Office Source Engine; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 RoxMediaDB10;RoxMediaDB10; C:\Arquivos de programas\Arquivos comuns\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-25 1120752]

S3 stllssvr;stllssvr; C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe [2008-03-24 74384]

S3 WMConnectCDS;Serviço Windows Media Connect; C:\Arquivos de programas\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[wings 22]

Olá Annluciap

 

1.

*Delete o RSIT e a pasta C:\rsit

 

2.

*Baixe o Kaspersky Virus Removal Tool e salve-o no desktop

 

*Desative seu antivírus temporariamente

Clique com o botão direito do mouse no ícone do F-Secure ao lado do relógio

Clique na opção Unload

 

*Instale o programa

*Selecione a opção:

[X] Meu Computador

*Clique em [start scan]....aguarde. Pode demorar, seja paciente!

*Caso encontre algo, clique [skip] ou [ignorar]

*Ao finalizar, clique [Report]

*Uma janela chamada "Detailed report" será aberta

*Clique no sinal [+] ao lado de Autoscan para expandir os eventos encontrados

*Clique com o botão direito do mouse em Autoscan e selecione "Select all"

*Clique novamente com o botão direito do mouse e selecione "Copy"

*Abra o bloco de notas, cole (Ctrl+v) e salve o arquivo no desktop como log.txt

*Feche a janela "Detailed report" do Kasperky

*Na tela principal do Kaspersky clique em [Exit] > [No]

*Cole o relatório log.txt salvo no desktop

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.