Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
roggee

Analise de Log Hijack, Gmer e Rsit

Recommended Posts

Estou enviando o log do meu PC para que os analistas e colaboradores do forum possam analisar. estou há uma semana com o notebook novo, e deixei apenas uma tarde com um amigo meu, a noite notei que o hd de 140 Gb estava cheio...sem ao menos eu ter colocado videos ou musicas...achei estranho. então peço ajuda a quem realmente entende, para que possam me ajudar ok...segue os Logs:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:41, on 19/11/2008

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16757)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\taskeng.exe

F:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: avgrsstx.dll

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe

O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--

End of file - 7088 bytes

Log Gmer

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-19 12:27:01

Windows 6.0.6000

---- Kernel code sections - GMER 1.0.14 ----

.text ntdll.dll!NtCreateFile + 3 7763F417 2 Bytes [ A1, FA ]

.text ntdll.dll!NtCreateFile + 3 7763F417 2 Bytes [ A1, FA ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[660] kernel32.dll!SetUnhandledExceptionFilter 7706D187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[660] kernel32.dll!SetUnhandledExceptionFilter 7706D187 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

.text F:\gmer\gmer.exe[2876] ntdll.dll!NtCreateFile + 3 7763F417 2 Bytes [ A1, FA ]

.text F:\gmer\gmer.exe[2876] ntdll.dll!NtCreateFile + 3 7763F417 2 Bytes [ A1, FA ]

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

AttachedDevice \Driver\tdx \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee0fad0

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee0fad0@001cd480c445 0x3C 0x2B 0xF6 0xA1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee0fad0

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee0fad0@001cd480c445 0x3C 0x2B 0xF6 0xA1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee0fad0

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee0fad0@001cd480c445 0x3C 0x2B 0xF6 0xA1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee0fad0

Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197ee0fad0@001cd480c445 0x3C 0x2B 0xF6 0xA1 ...

---- EOF - GMER 1.0.14 ----

Log Rsit

Logfile of random's system information tool 1.04 (written by random/random)

Run by Rogee at 2008-11-19 12:27:27

Microsoft® Windows Vista™ Business

System drive C: has 20 GB (14%) free of 144 GB

Total RAM: 1014 MB (31% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{2C39158A-F99E-4ADC-A30D-9C4B0047CFB2}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-09-23 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-11-19 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]

Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF468356-BB7E-42D7-9F15-4F3B9BCFCED2}]

IePasswordManagerHelper Class - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll [2007-11-29 783672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-11-05 1006264]

"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]

"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]

"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]

""= []

"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]

"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-19 1235736]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"=C:\Windows\system32\oobefldr.dll [2006-11-02 2159104]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cssauth]

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe [2007-11-29 2872632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LPManager]

C:\PROGRA~1\Lenovo\LENOVO~1\LPMGR.exe [2007-03-01 120368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-09 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMHandler]

C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe [2007-06-05 34352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

C:\Windows\RtHDVCpl.exe [2006-11-20 4018176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPWAUDAP]

C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [2008-03-11 54560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1be17c9e-b4de-11dd-a8dc-00197ee0fad0}]

shell\AutoRun\command - yannh.cmd

shell\explore\command - yannh.cmd

shell\open\command - yannh.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48f87d55-ab95-11dd-afb4-00197ee0fad0}]

shell\AutoRun\command - E:\yannh.cmd

shell\explore\command - E:\yannh.cmd

shell\open\command - E:\yannh.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71f6e30a-b255-11dd-919f-00197ee0fad0}]

shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f64ed2f7-ac67-11dd-9e5f-00197ee0fad0}]

shell\AutoRun\command - E:\lgnaqil.exe

shell\explore\command - E:\lgnaqil.exe

shell\open\command - E:\lgnaqil.exe

======List of files/folders created in the last 1 months======

2008-11-19 12:27:29 ----D---- C:\Program Files\trend micro

2008-11-19 12:27:27 ----D---- C:\rsit

2008-11-19 11:54:56 ----A---- C:\Windows\gmer.ini

2008-11-19 11:54:55 ----A---- C:\Windows\gmer_uninstall.cmd

2008-11-19 11:54:55 ----A---- C:\Windows\gmer.exe

2008-11-19 11:54:55 ----A---- C:\Windows\gmer.dll

2008-11-19 10:56:29 ----A---- C:\Windows\system32\avgrsstx.dll

2008-11-17 16:16:10 ----A---- C:\Windows\system32\rpcnetp.dll

2008-11-17 16:15:14 ----A---- C:\Windows\system32\rpcnetp.exe

2008-11-17 16:11:03 ----D---- C:\Users\Rogee\AppData\Roaming\URSoft

2008-11-17 16:11:02 ----AD---- C:\ProgramData\TEMP

2008-11-17 16:10:59 ----D---- C:\Program Files\Your Uninstaller 2008

2008-11-17 14:12:51 ----HD---- C:\$AVG8.VAULT$

2008-11-17 11:40:10 ----D---- C:\Program Files\AVG

2008-11-17 11:40:09 ----D---- C:\ProgramData\avg8

2008-11-14 19:03:31 ----D---- C:\ProgramData\Spybot - Search & Destroy

2008-11-14 19:03:31 ----D---- C:\Program Files\Spybot - Search & Destroy

2008-11-13 12:37:14 ----A---- C:\Windows\system32\msxml3r.dll

2008-11-13 12:37:14 ----A---- C:\Windows\system32\msxml3.dll

2008-11-13 12:27:16 ----A---- C:\Windows\system32\msxml6r.dll

2008-11-13 12:27:16 ----A---- C:\Windows\system32\msxml6.dll

2008-11-12 16:01:35 ----D---- C:\Windows\Minidump

2008-11-12 15:16:54 ----D---- C:\Users\Rogee\AppData\Roaming\skypePM

2008-11-11 23:28:42 ----D---- C:\Users\Rogee\AppData\Roaming\Media Player Classic

2008-11-08 12:01:25 ----A---- C:\Windows\system32\d3dx10_40.dll

2008-11-08 12:01:25 ----A---- C:\Windows\system32\D3DCompiler_40.dll

2008-11-08 12:01:23 ----A---- C:\Windows\system32\XAudio2_3.dll

2008-11-08 12:01:23 ----A---- C:\Windows\system32\XAPOFX1_2.dll

2008-11-08 12:01:23 ----A---- C:\Windows\system32\D3DX9_40.dll

2008-11-08 12:01:22 ----A---- C:\Windows\system32\xactengine3_3.dll

2008-11-08 12:01:22 ----A---- C:\Windows\system32\X3DAudio1_5.dll

2008-11-08 12:01:21 ----A---- C:\Windows\system32\XAudio2_2.dll

2008-11-08 12:01:21 ----A---- C:\Windows\system32\XAPOFX1_1.dll

2008-11-08 12:01:21 ----A---- C:\Windows\system32\xactengine3_2.dll

2008-11-08 12:01:20 ----A---- C:\Windows\system32\d3dx10_39.dll

2008-11-08 12:01:20 ----A---- C:\Windows\system32\D3DCompiler_39.dll

2008-11-08 12:01:19 ----A---- C:\Windows\system32\XAudio2_1.dll

2008-11-08 12:01:19 ----A---- C:\Windows\system32\XAPOFX1_0.dll

2008-11-08 12:01:19 ----A---- C:\Windows\system32\D3DX9_39.dll

2008-11-08 12:01:18 ----A---- C:\Windows\system32\xactengine3_1.dll

2008-11-08 12:01:18 ----A---- C:\Windows\system32\X3DAudio1_4.dll

2008-11-08 12:01:17 ----A---- C:\Windows\system32\d3dx10_38.dll

2008-11-08 12:01:17 ----A---- C:\Windows\system32\D3DCompiler_38.dll

2008-11-08 12:01:16 ----A---- C:\Windows\system32\XAudio2_0.dll

2008-11-08 12:01:16 ----A---- C:\Windows\system32\D3DX9_38.dll

2008-11-08 12:01:15 ----A---- C:\Windows\system32\xactengine3_0.dll

2008-11-08 12:01:15 ----A---- C:\Windows\system32\X3DAudio1_3.dll

2008-11-08 12:01:14 ----A---- C:\Windows\system32\d3dx10_37.dll

2008-11-08 12:01:14 ----A---- C:\Windows\system32\D3DCompiler_37.dll

2008-11-08 12:01:13 ----A---- C:\Windows\system32\xactengine2_10.dll

2008-11-08 12:01:13 ----A---- C:\Windows\system32\D3DX9_37.dll

2008-11-08 12:01:11 ----A---- C:\Windows\system32\d3dx10_36.dll

2008-11-08 12:01:11 ----A---- C:\Windows\system32\D3DCompiler_36.dll

2008-11-08 12:01:10 ----A---- C:\Windows\system32\d3dx9_36.dll

2008-11-08 12:01:09 ----A---- C:\Windows\system32\xactengine2_9.dll

2008-11-08 12:01:08 ----A---- C:\Windows\system32\d3dx10_35.dll

2008-11-08 12:01:08 ----A---- C:\Windows\system32\D3DCompiler_35.dll

2008-11-08 12:01:07 ----A---- C:\Windows\system32\d3dx9_35.dll

2008-11-08 12:01:06 ----A---- C:\Windows\system32\xactengine2_8.dll

2008-11-08 12:01:06 ----A---- C:\Windows\system32\X3DAudio1_2.dll

2008-11-08 12:01:05 ----A---- C:\Windows\system32\d3dx10_34.dll

2008-11-08 12:01:05 ----A---- C:\Windows\system32\D3DCompiler_34.dll

2008-11-08 12:01:03 ----A---- C:\Windows\system32\xinput1_3.dll

2008-11-08 12:01:03 ----A---- C:\Windows\system32\d3dx9_34.dll

2008-11-08 12:01:02 ----A---- C:\Windows\system32\xactengine2_7.dll

2008-11-08 12:01:02 ----A---- C:\Windows\system32\d3dx10_33.dll

2008-11-08 12:01:02 ----A---- C:\Windows\system32\D3DCompiler_33.dll

2008-11-08 12:01:00 ----A---- C:\Windows\system32\xactengine2_6.dll

2008-11-08 12:01:00 ----A---- C:\Windows\system32\d3dx9_33.dll

2008-11-08 12:00:59 ----A---- C:\Windows\system32\xactengine2_5.dll

2008-11-08 12:00:59 ----A---- C:\Windows\system32\d3dx10.dll

2008-11-08 12:00:58 ----A---- C:\Windows\system32\d3dx9_32.dll

2008-11-08 12:00:57 ----A---- C:\Windows\system32\xactengine2_4.dll

2008-11-08 12:00:57 ----A---- C:\Windows\system32\x3daudio1_1.dll

2008-11-08 12:00:56 ----A---- C:\Windows\system32\d3dx9_31.dll

2008-11-08 12:00:55 ----A---- C:\Windows\system32\xactengine2_3.dll

2008-11-08 12:00:54 ----A---- C:\Windows\system32\xinput1_2.dll

2008-11-08 12:00:54 ----A---- C:\Windows\system32\xactengine2_2.dll

2008-11-08 12:00:53 ----A---- C:\Windows\system32\xinput1_1.dll

2008-11-08 12:00:52 ----A---- C:\Windows\system32\xactengine2_1.dll

2008-11-08 12:00:42 ----A---- C:\Windows\system32\xactengine2_0.dll

2008-11-08 12:00:42 ----A---- C:\Windows\system32\x3daudio1_0.dll

2008-11-08 12:00:39 ----A---- C:\Windows\system32\d3dx9_29.dll

2008-11-08 12:00:38 ----A---- C:\Windows\system32\d3dx9_27.dll

2008-11-08 12:00:38 ----A---- C:\Windows\system32\d3dx9_26.dll

2008-11-08 12:00:37 ----A---- C:\Windows\system32\d3dx9_25.dll

2008-11-08 12:00:36 ----A---- C:\Windows\system32\d3dx9_24.dll

2008-11-08 11:38:03 ----D---- C:\Program Files\Microsoft Silverlight

2008-11-08 11:18:58 ----HD---- C:\Windows\msdownld.tmp

2008-11-08 11:18:52 ----D---- C:\Windows\system32\directx

2008-11-08 11:16:31 ----A---- C:\Windows\system32\unrar.dll

2008-11-08 11:16:29 ----A---- C:\Windows\system32\yv12vfw.dll

2008-11-08 11:16:29 ----A---- C:\Windows\system32\xvidvfw.dll

2008-11-08 11:16:29 ----A---- C:\Windows\system32\xvidcore.dll

2008-11-08 11:16:29 ----A---- C:\Windows\system32\qt-dx331.dll

2008-11-08 11:16:29 ----A---- C:\Windows\system32\dpl100.dll

2008-11-08 11:16:28 ----A---- C:\Windows\system32\ff_vfw.dll.manifest

2008-11-08 11:16:28 ----A---- C:\Windows\system32\ff_vfw.dll

2008-11-08 11:16:28 ----A---- C:\Windows\system32\divx.dll

2008-11-08 11:16:27 ----D---- C:\Program Files\K-Lite Codec Pack

2008-11-07 21:06:29 ----D---- C:\Users\Rogee\AppData\Roaming\WinRAR

2008-11-07 00:23:49 ----D---- C:\Users\Rogee\AppData\Roaming\Skype

2008-11-07 00:21:12 ----D---- C:\Program Files\Skype

2008-11-07 00:21:11 ----D---- C:\Program Files\Common Files\Skype

2008-11-07 00:21:06 ----D---- C:\ProgramData\Skype

2008-11-07 00:10:21 ----D---- C:\Users\Rogee\AppData\Roaming\Corel

2008-11-07 00:01:42 ----D---- C:\ProgramData\Corel

2008-11-07 00:01:42 ----D---- C:\Program Files\Common Files\Protexis

2008-11-06 23:59:28 ----D---- C:\Program Files\Common Files\Corel

2008-11-06 23:58:42 ----D---- C:\Program Files\Corel

2008-11-06 21:38:15 ----D---- C:\ProgramData\FLEXnet

2008-11-06 21:38:12 ----D---- C:\Program Files\Common Files\Macrovision Shared

2008-11-06 21:37:29 ----RA---- C:\Windows\system32\AdobePDF.dll

2008-11-06 21:30:08 ----D---- C:\ProgramData\Adobe

2008-11-06 21:30:08 ----D---- C:\Program Files\Common Files\Adobe

2008-11-06 21:30:08 ----D---- C:\Program Files\Adobe

2008-11-06 21:13:28 ----D---- C:\Program Files\Timedimension

2008-11-06 16:40:41 ----D---- C:\Program Files\FLV Player

2008-11-06 15:42:11 ----D---- C:\Program Files\WinRAR

2008-11-06 14:53:46 ----A---- C:\Windows\system32\es.dll

2008-11-06 14:53:28 ----D---- C:\Program Files\MSXML 4.0

2008-11-06 13:47:45 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller

2008-11-06 13:47:12 ----D---- C:\Program Files\Windows Live

2008-11-06 13:46:46 ----D---- C:\ProgramData\WLInstaller

2008-11-06 13:18:01 ----D---- C:\Users\Rogee\AppData\Roaming\Ahead

2008-11-06 13:16:43 ----D---- C:\ProgramData\Nero

2008-11-06 13:16:43 ----D---- C:\Program Files\Nero

2008-11-06 13:16:43 ----D---- C:\Program Files\Common Files\Ahead

2008-11-06 13:15:11 ----A---- C:\Windows\system32\d3dx9_30.dll

2008-11-06 13:15:10 ----A---- C:\Windows\system32\d3dx9_28.dll

2008-11-06 11:10:13 ----D---- C:\Program Files\Microsoft Works

2008-11-06 11:09:48 ----D---- C:\Program Files\Microsoft Visual Studio

2008-11-06 11:09:48 ----D---- C:\Program Files\Common Files\DESIGNER

2008-11-06 11:09:22 ----D---- C:\Windows\PCHEALTH

2008-11-06 11:09:22 ----D---- C:\Program Files\Microsoft.NET

2008-11-06 11:07:44 ----D---- C:\Program Files\Microsoft Visual Studio 8

2008-11-06 11:06:32 ----D---- C:\Program Files\Microsoft Office

2008-11-06 11:06:30 ----D---- C:\ProgramData\Microsoft Help

2008-11-06 11:05:45 ----RHD---- C:\MSOCache

2008-11-06 10:48:19 ----D---- C:\swshare

2008-11-06 10:46:02 ----D---- C:\Users\Rogee\AppData\Roaming\Lenovo

2008-11-06 10:46:02 ----D---- C:\ProgramData\Lenovo

2008-11-06 10:37:01 ----D---- C:\Windows\Downloaded Installations

2008-11-06 10:36:16 ----D---- C:\Windows\system32\RTCOM

2008-11-06 10:36:05 ----A---- C:\Windows\DIFxAPI.dll

2008-11-06 10:36:03 ----A---- C:\Windows\system32\RtkPgExt.dll

2008-11-06 10:36:03 ----A---- C:\Windows\system32\RtkCoInst.dll

2008-11-06 10:36:03 ----A---- C:\Windows\system32\RtkAPO.dll

2008-11-06 10:36:03 ----A---- C:\Windows\RtlUpd.exe

2008-11-06 10:36:02 ----D---- C:\Program Files\Realtek

2008-11-06 10:36:02 ----A---- C:\Windows\RtlExUpd.dll

2008-11-06 10:36:02 ----A---- C:\Windows\RtHDVCpl.exe

2008-11-06 10:34:20 ----D---- C:\Program Files\Lenovo Group Limited

2008-11-06 10:33:41 ----D---- C:\Intel

2008-11-06 10:28:11 ----A---- C:\Windows\system32\MFC71.DLL

2008-11-06 10:28:06 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-06 10:27:51 ----D---- C:\Program Files\Common Files\InstallShield

2008-11-06 10:23:59 ----D---- C:\Users\Rogee\AppData\Roaming\Macromedia

2008-11-06 10:23:59 ----D---- C:\Users\Rogee\AppData\Roaming\Adobe

2008-11-06 10:23:57 ----D---- C:\Windows\system32\Macromed

2008-11-06 10:01:58 ----A---- C:\Windows\LMABB2DD.ini

2008-11-05 20:54:01 ----D---- C:\Windows\SoftwareDistribution

2008-11-05 20:51:55 ----D---- C:\Windows\Debug

2008-11-05 20:51:54 ----D---- C:\Windows\CSC

2008-11-05 20:50:30 ----D---- C:\Windows\Prefetch

2008-11-05 20:50:17 ----SHD---- C:\System Volume Information

2008-11-05 20:49:34 ----D---- C:\Windows\Panther

2008-11-05 20:49:22 ----RAS---- C:\BOOTSECT.BAK

2008-11-05 20:49:20 ----SHD---- C:\Boot

2008-11-05 18:42:25 ----A---- C:\Windows\system32\msshsq.dll

2008-11-05 18:42:01 ----A---- C:\Windows\system32\gpprefcl.dll

2008-11-05 18:41:07 ----D---- C:\Windows\system32\x64

2008-11-05 18:41:07 ----A---- C:\Windows\system32\igxpun.exe

2008-11-05 18:41:03 ----A---- C:\Windows\system32\difxapi.dll

2008-11-05 18:01:44 ----A---- C:\Windows\system32\winipsec.dll

2008-11-05 18:01:44 ----A---- C:\Windows\system32\FwRemoteSvr.dll

2008-11-05 18:01:43 ----A---- C:\Windows\system32\polstore.dll

2008-11-05 18:01:43 ----A---- C:\Windows\system32\IPSECSVC.DLL

2008-11-05 18:00:53 ----A---- C:\Windows\system32\riched20.dll

2008-11-05 18:00:52 ----A---- C:\Windows\system32\riched32.dll

2008-11-05 18:00:51 ----A---- C:\Windows\system32\rasser.dll

2008-11-05 18:00:51 ----A---- C:\Windows\system32\rasdiag.dll

2008-11-05 18:00:51 ----A---- C:\Windows\system32\rascfg.dll

2008-11-05 18:00:50 ----A---- C:\Windows\system32\rasmxs.dll

2008-11-05 18:00:50 ----A---- C:\Windows\system32\netcfgx.dll

2008-11-05 18:00:50 ----A---- C:\Windows\system32\msftedit.dll

2008-11-05 18:00:49 ----A---- C:\Windows\system32\wshqos.dll

2008-11-05 18:00:49 ----A---- C:\Windows\system32\traffic.dll

2008-11-05 18:00:49 ----A---- C:\Windows\system32\pacerprf.dll

2008-11-05 18:00:49 ----A---- C:\Windows\system32\ipnathlp.dll

2008-11-05 18:00:49 ----A---- C:\Windows\system32\icsunattend.exe

2008-11-05 18:00:48 ----A---- C:\Windows\system32\localspl.dll

2008-11-05 18:00:48 ----A---- C:\Windows\system32\dps.dll

2008-11-05 18:00:48 ----A---- C:\Windows\system32\cdd.dll

2008-11-05 17:59:58 ----A---- C:\Windows\system32\Apphlpdm.dll

2008-11-05 17:59:55 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll

2008-11-05 17:59:55 ----A---- C:\Windows\system32\gameux.dll

2008-11-05 17:59:02 ----A---- C:\Windows\system32\msoert2.dll

2008-11-05 17:59:02 ----A---- C:\Windows\system32\msoeacct.dll

2008-11-05 17:59:02 ----A---- C:\Windows\system32\ACCTRES.dll

2008-11-05 17:58:08 ----A---- C:\Windows\system32\wtsapi32.dll

2008-11-05 17:58:07 ----A---- C:\Windows\explorer.exe

2008-11-05 17:58:06 ----A---- C:\Windows\system32\sysmain.dll

2008-11-05 17:58:05 ----A---- C:\Windows\system32\wlansvc.dll

2008-11-05 17:58:05 ----A---- C:\Windows\system32\wlansec.dll

2008-11-05 17:58:05 ----A---- C:\Windows\system32\wlanmsm.dll

2008-11-05 17:58:05 ----A---- C:\Windows\system32\wlanhlp.dll

2008-11-05 17:58:05 ----A---- C:\Windows\system32\wlanapi.dll

2008-11-05 17:57:22 ----A---- C:\Windows\system32\WebClnt.dll

2008-11-05 17:55:22 ----A---- C:\Windows\system32\winsrv.dll

2008-11-05 17:55:22 ----A---- C:\Windows\system32\csrsrv.dll

2008-11-05 17:52:40 ----A---- C:\Windows\system32\shell32.dll

2008-11-05 17:49:53 ----A---- C:\Windows\system32\tzres.dll

2008-11-05 17:48:56 ----A---- C:\Windows\system32\mcupdate_GenuineIntel.dll

2008-11-05 17:48:19 ----A---- C:\Windows\system32\wmpeffects.dll

2008-11-05 17:47:06 ----A---- C:\Windows\system32\msscp.dll

2008-11-05 17:46:29 ----A---- C:\Windows\system32\wmploc.DLL

2008-11-05 17:46:28 ----A---- C:\Windows\system32\wmp.dll

2008-11-05 17:46:28 ----A---- C:\Windows\system32\spwmp.dll

2008-11-05 17:46:27 ----A---- C:\Windows\system32\MediaMetadataHandler.dll

2008-11-05 17:46:27 ----A---- C:\Windows\system32\dxmasf.dll

2008-11-05 17:45:49 ----A---- C:\Windows\system32\wfapigp.dll

2008-11-05 17:45:49 ----A---- C:\Windows\system32\MPSSVC.dll

2008-11-05 17:45:49 ----A---- C:\Windows\system32\icfupgd.dll

2008-11-05 17:45:49 ----A---- C:\Windows\system32\FirewallAPI.dll

2008-11-05 17:45:49 ----A---- C:\Windows\system32\cmifw.dll

2008-11-05 17:45:48 ----A---- C:\Windows\system32\iphlpsvc.dll

2008-11-05 17:45:09 ----A---- C:\Windows\system32\netapi32.dll

2008-11-05 17:43:26 ----A---- C:\Windows\system32\DWWIN.EXE

2008-11-05 17:41:03 ----A---- C:\Windows\system32\hcrstco.dll

2008-11-05 17:41:03 ----A---- C:\Windows\system32\hccoin.dll

2008-11-05 17:39:49 ----A---- C:\Windows\system32\tcpipcfg.dll

2008-11-05 17:39:49 ----A---- C:\Windows\system32\netiougc.exe

2008-11-05 17:39:49 ----A---- C:\Windows\system32\netcfg.exe

2008-11-05 17:39:15 ----A---- C:\Windows\system32\NlsLexicons0047.dll

2008-11-05 17:39:15 ----A---- C:\Windows\system32\NlsLexicons0046.dll

2008-11-05 17:39:15 ----A---- C:\Windows\system32\NlsLexicons0045.dll

2008-11-05 17:39:14 ----A---- C:\Windows\system32\NlsLexicons0049.dll

2008-11-05 17:39:14 ----A---- C:\Windows\system32\NlsLexicons0039.dll

2008-11-05 17:39:14 ----A---- C:\Windows\system32\NlsLexicons0021.dll

2008-11-05 17:39:14 ----A---- C:\Windows\system32\NlsLexicons0020.dll

2008-11-05 17:39:13 ----A---- C:\Windows\system32\NlsLexicons0026.dll

2008-11-05 17:39:13 ----A---- C:\Windows\system32\NlsLexicons0024.dll

2008-11-05 17:39:13 ----A---- C:\Windows\system32\NlsLexicons0022.dll

2008-11-05 17:39:12 ----A---- C:\Windows\system32\NlsLexicons0027.dll

2008-11-05 17:39:12 ----A---- C:\Windows\system32\NlsLexicons0011.dll

2008-11-05 17:39:12 ----A---- C:\Windows\system32\NlsLexicons0010.dll

2008-11-05 17:39:11 ----A---- C:\Windows\system32\NlsLexicons0018.dll

2008-11-05 17:39:11 ----A---- C:\Windows\system32\NlsLexicons0013.dll

2008-11-05 17:39:10 ----A---- C:\Windows\system32\NlsLexicons0019.dll

2008-11-05 17:39:10 ----A---- C:\Windows\system32\NlsLexicons0001.dll

2008-11-05 17:39:09 ----A---- C:\Windows\system32\NlsLexicons0003.dll

2008-11-05 17:39:09 ----A---- C:\Windows\system32\NlsLexicons0002.dll

2008-11-05 17:39:08 ----A---- C:\Windows\system32\NlsLexicons004a.dll

2008-11-05 17:39:08 ----A---- C:\Windows\system32\NlsLexicons0009.dll

2008-11-05 17:39:08 ----A---- C:\Windows\system32\NlsLexicons0007.dll

2008-11-05 17:39:07 ----A---- C:\Windows\system32\NlsLexicons004e.dll

2008-11-05 17:39:07 ----A---- C:\Windows\system32\NlsLexicons004c.dll

2008-11-05 17:39:07 ----A---- C:\Windows\system32\NlsLexicons004b.dll

2008-11-05 17:39:06 ----A---- C:\Windows\system32\NlsLexicons003e.dll

2008-11-05 17:39:06 ----A---- C:\Windows\system32\NlsLexicons002a.dll

2008-11-05 17:39:06 ----A---- C:\Windows\system32\NlsLexicons001a.dll

2008-11-05 17:39:05 ----A---- C:\Windows\system32\NlsLexicons001d.dll

2008-11-05 17:39:05 ----A---- C:\Windows\system32\NlsLexicons001b.dll

2008-11-05 17:39:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll

2008-11-05 17:39:04 ----A---- C:\Windows\system32\NlsLexicons000c.dll

2008-11-05 17:39:04 ----A---- C:\Windows\system32\NlsLexicons000a.dll

2008-11-05 17:39:03 ----A---- C:\Windows\system32\NlsLexicons0414.dll

2008-11-05 17:39:03 ----A---- C:\Windows\system32\NlsLexicons000f.dll

2008-11-05 17:39:02 ----A---- C:\Windows\system32\NlsLexicons081a.dll

2008-11-05 17:39:02 ----A---- C:\Windows\system32\NlsLexicons0816.dll

2008-11-05 17:39:02 ----A---- C:\Windows\system32\NlsLexicons0416.dll

2008-11-05 17:39:01 ----A---- C:\Windows\system32\NlsModels0011.dll

2008-11-05 17:39:01 ----A---- C:\Windows\system32\NlsData0047.dll

2008-11-05 17:39:01 ----A---- C:\Windows\system32\NlsData0046.dll

2008-11-05 17:39:01 ----A---- C:\Windows\system32\NlsData0045.dll

2008-11-05 17:39:00 ----A---- C:\Windows\system32\NlsData0049.dll

2008-11-05 17:39:00 ----A---- C:\Windows\system32\NlsData0039.dll

2008-11-05 17:39:00 ----A---- C:\Windows\system32\NlsData0021.dll

2008-11-05 17:39:00 ----A---- C:\Windows\system32\NlsData0020.dll

2008-11-05 17:38:59 ----A---- C:\Windows\system32\NlsData0027.dll

2008-11-05 17:38:59 ----A---- C:\Windows\system32\NlsData0026.dll

2008-11-05 17:38:59 ----A---- C:\Windows\system32\NlsData0024.dll

2008-11-05 17:38:59 ----A---- C:\Windows\system32\NlsData0022.dll

2008-11-05 17:38:58 ----A---- C:\Windows\system32\NlsData0018.dll

2008-11-05 17:38:58 ----A---- C:\Windows\system32\NlsData0013.dll

2008-11-05 17:38:58 ----A---- C:\Windows\system32\NlsData0011.dll

2008-11-05 17:38:58 ----A---- C:\Windows\system32\NlsData0010.dll

2008-11-05 17:38:57 ----A---- C:\Windows\system32\NlsData0019.dll

2008-11-05 17:38:57 ----A---- C:\Windows\system32\NlsData0002.dll

2008-11-05 17:38:57 ----A---- C:\Windows\system32\NlsData0001.dll

2008-11-05 17:38:57 ----A---- C:\Windows\system32\NlsData0000.dll

2008-11-05 17:38:56 ----A---- C:\Windows\system32\NlsData0009.dll

2008-11-05 17:38:56 ----A---- C:\Windows\system32\NlsData0007.dll

2008-11-05 17:38:56 ----A---- C:\Windows\system32\NlsData0003.dll

2008-11-05 17:38:55 ----A---- C:\Windows\system32\NlsData004e.dll

2008-11-05 17:38:55 ----A---- C:\Windows\system32\NlsData004c.dll

2008-11-05 17:38:55 ----A---- C:\Windows\system32\NlsData004b.dll

2008-11-05 17:38:55 ----A---- C:\Windows\system32\NlsData004a.dll

2008-11-05 17:38:54 ----A---- C:\Windows\system32\NlsData003e.dll

2008-11-05 17:38:54 ----A---- C:\Windows\system32\NlsData002a.dll

2008-11-05 17:38:54 ----A---- C:\Windows\system32\NlsData001b.dll

2008-11-05 17:38:54 ----A---- C:\Windows\system32\NlsData001a.dll

2008-11-05 17:38:53 ----A---- C:\Windows\system32\NlsData001d.dll

2008-11-05 17:38:53 ----A---- C:\Windows\system32\NlsData000c.dll

2008-11-05 17:38:53 ----A---- C:\Windows\system32\NlsData000a.dll

2008-11-05 17:38:52 ----A---- C:\Windows\system32\NlsData0414.dll

2008-11-05 17:38:52 ----A---- C:\Windows\system32\NlsData000f.dll

2008-11-05 17:38:52 ----A---- C:\Windows\system32\NlsData000d.dll

2008-11-05 17:38:51 ----A---- C:\Windows\system32\NlsData081a.dll

2008-11-05 17:38:51 ----A---- C:\Windows\system32\NlsData0816.dll

2008-11-05 17:38:51 ----A---- C:\Windows\system32\NlsData0416.dll

2008-11-05 17:38:51 ----A---- C:\Windows\system32\NaturalLanguage6.dll

2008-11-05 17:38:50 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll

2008-11-05 17:38:50 ----A---- C:\Windows\system32\NlsData0c1a.dll

2008-11-05 17:36:52 ----A---- C:\Windows\system32\fsquirt.exe

2008-11-05 17:35:37 ----A---- C:\Windows\system32\setupapi.dll

2008-11-05 17:35:16 ----A---- C:\Windows\system32\srdelayed.exe

2008-11-05 17:35:16 ----A---- C:\Windows\system32\srcore.dll

2008-11-05 17:35:16 ----A---- C:\Windows\system32\srclient.dll

2008-11-05 17:35:16 ----A---- C:\Windows\system32\rstrui.exe

2008-11-05 17:35:15 ----A---- C:\Windows\system32\wpd_ci.dll

2008-11-05 17:35:15 ----A---- C:\Windows\system32\winresume.exe

2008-11-05 17:35:15 ----A---- C:\Windows\system32\winload.exe

2008-11-05 17:35:15 ----A---- C:\Windows\system32\kd1394.dll

2008-11-05 17:35:14 ----A---- C:\Windows\system32\umpnpmgr.dll

2008-11-05 17:35:14 ----A---- C:\Windows\system32\drvinst.exe

2008-11-05 17:35:14 ----A---- C:\Windows\system32\dpx.dll

2008-11-05 17:35:14 ----A---- C:\Windows\system32\ci.dll

2008-11-05 17:35:14 ----A---- C:\Windows\system32\cfgmgr32.dll

2008-11-05 17:35:13 ----A---- C:\Windows\system32\unlodctr.exe

2008-11-05 17:35:13 ----A---- C:\Windows\system32\prflbmsg.dll

2008-11-05 17:35:13 ----A---- C:\Windows\system32\oleaut32.dll

2008-11-05 17:35:13 ----A---- C:\Windows\system32\nshhttp.dll

2008-11-05 17:35:13 ----A---- C:\Windows\system32\lodctr.exe

2008-11-05 17:35:13 ----A---- C:\Windows\system32\loadperf.dll

2008-11-05 17:35:13 ----A---- C:\Windows\system32\kbd106n.dll

2008-11-05 17:35:12 ----A---- C:\Windows\system32\schedsvc.dll

2008-11-05 17:35:11 ----A---- C:\Windows\system32\f3ahvoas.dll

2008-11-05 17:35:11 ----A---- C:\Windows\system32\dispci.dll

2008-11-05 17:35:11 ----A---- C:\Windows\system32\batt.dll

2008-11-05 17:35:11 ----A---- C:\Windows\system32\agremove.exe

2008-11-05 17:33:05 ----A---- C:\Windows\system32\LAPRXY.DLL

2008-11-05 17:33:05 ----A---- C:\Windows\system32\asferror.dll

2008-11-05 17:33:04 ----A---- C:\Windows\system32\WMASF.DLL

2008-11-05 17:32:04 ----A---- C:\Windows\system32\gdi32.dll

2008-11-05 17:31:28 ----A---- C:\Windows\system32\slwmi.dll

2008-11-05 17:31:28 ----A---- C:\Windows\system32\SLC.dll

2008-11-05 17:31:28 ----A---- C:\Windows\system32\mcbuilder.exe

2008-11-05 17:31:27 ----A---- C:\Windows\system32\SLUINotify.dll

2008-11-05 17:31:27 ----A---- C:\Windows\system32\SLUI.exe

2008-11-05 17:31:27 ----A---- C:\Windows\system32\SLLUA.exe

2008-11-05 17:31:27 ----A---- C:\Windows\system32\SLCommDlg.dll

2008-11-05 17:31:26 ----A---- C:\Windows\system32\SLsvc.exe

2008-11-05 17:31:26 ----A---- C:\Windows\system32\slcinst.dll

2008-11-05 17:29:54 ----A---- C:\Windows\system32\CscMig.dll

2008-11-05 17:29:50 ----A---- C:\Windows\system32\schannel.dll

2008-11-05 17:29:50 ----A---- C:\Windows\system32\ntprint.exe

2008-11-05 17:29:50 ----A---- C:\Windows\system32\ntprint.dll

2008-11-05 17:29:48 ----A---- C:\Windows\system32\WindowsCodecs.dll

2008-11-05 17:29:48 ----A---- C:\Windows\system32\dhcpcsvc6.dll

2008-11-05 17:29:48 ----A---- C:\Windows\system32\dhcpcsvc.dll

2008-11-05 17:29:48 ----A---- C:\Windows\system32\dhcpcmonitor.dll

2008-11-05 17:29:48 ----A---- C:\Windows\system32\authui.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\sendmail.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\msvidc32.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\msvfw32.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\msrle32.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\mciavi32.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\avifil32.dll

2008-11-05 17:29:47 ----A---- C:\Windows\system32\avicap32.dll

2008-11-05 17:29:11 ----A---- C:\Windows\system32\win32spl.dll

2008-11-05 17:29:11 ----A---- C:\Windows\system32\printcom.dll

2008-11-05 17:28:46 ----A---- C:\Windows\system32\wshrm.dll

2008-11-05 17:28:21 ----A---- C:\Windows\system32\sbunattend.exe

2008-11-05 17:28:09 ----A---- C:\Windows\system32\wups2.dll

2008-11-05 17:28:09 ----A---- C:\Windows\system32\wucltux.dll

2008-11-05 17:28:09 ----A---- C:\Windows\system32\wuauclt.exe

2008-11-05 17:28:08 ----A---- C:\Windows\system32\wuaueng.dll

2008-11-05 17:27:42 ----A---- C:\Windows\system32\dnsrslvr.dll

2008-11-05 17:27:42 ----A---- C:\Windows\system32\dnscacheugc.exe

2008-11-05 17:27:42 ----A---- C:\Windows\system32\dnsapi.dll

2008-11-05 17:27:41 ----A---- C:\Windows\system32\wups.dll

2008-11-05 17:27:41 ----A---- C:\Windows\system32\wudriver.dll

2008-11-05 17:27:40 ----A---- C:\Windows\system32\wuapi.dll

2008-11-05 17:27:22 ----A---- C:\Windows\system32\wuwebv.dll

2008-11-05 17:27:22 ----A---- C:\Windows\system32\wuapp.exe

2008-11-05 17:26:52 ----A---- C:\Windows\system32\rpcrt4.dll

2008-11-05 17:26:17 ----A---- C:\Windows\system32\INETRES.dll

2008-11-05 17:26:17 ----A---- C:\Windows\system32\inetcomm.dll

2008-11-05 17:25:54 ----A---- C:\Windows\system32\wmi.dll

2008-11-05 17:25:54 ----A---- C:\Windows\system32\imagehlp.dll

2008-11-05 17:25:33 ----A---- C:\Windows\system32\quartz.dll

2008-11-05 17:25:13 ----A---- C:\Windows\system32\crypt32.dll

2008-11-05 17:24:37 ----A---- C:\Windows\system32\ntkrnlpa.exe

2008-11-05 17:24:36 ----A---- C:\Windows\system32\ntoskrnl.exe

2008-11-05 17:24:15 ----A---- C:\Windows\system32\user32.dll

2008-11-05 17:23:27 ----A---- C:\Windows\system32\wininet.dll

2008-11-05 17:23:27 ----A---- C:\Windows\system32\jsproxy.dll

2008-11-05 17:23:27 ----A---- C:\Windows\system32\ieapfltr.dll

2008-11-05 17:23:27 ----A---- C:\Windows\system32\advpack.dll

2008-11-05 17:23:26 ----A---- C:\Windows\system32\dxtrans.dll

2008-11-05 17:23:26 ----A---- C:\Windows\system32\dxtmsft.dll

2008-11-05 17:23:25 ----A---- C:\Windows\system32\ieui.dll

2008-11-05 17:23:24 ----A---- C:\Windows\system32\ieframe.dll

2008-11-05 17:23:23 ----A---- C:\Windows\system32\mshtmled.dll

2008-11-05 17:23:22 ----A---- C:\Windows\system32\mshtml.dll

2008-11-05 17:23:20 ----A---- C:\Windows\system32\mstime.dll

2008-11-05 17:23:20 ----A---- C:\Windows\system32\icardie.dll

2008-11-05 17:23:18 ----A---- C:\Windows\system32\ieUnatt.exe

2008-11-05 17:23:17 ----A---- C:\Windows\system32\urlmon.dll

2008-11-05 17:23:17 ----A---- C:\Windows\system32\pngfilt.dll

2008-11-05 17:23:17 ----A---- C:\Windows\system32\iesetup.dll

2008-11-05 17:23:17 ----A---- C:\Windows\system32\iertutil.dll

2008-11-05 17:23:17 ----A---- C:\Windows\system32\iernonce.dll

2008-11-05 17:23:17 ----A---- C:\Windows\system32\ie4uinit.exe

2008-11-05 17:22:19 ----A---- C:\Windows\system32\qmgr.dll

2008-11-05 16:13:08 ----D---- C:\Windows\system32\(null)

2008-11-05 16:13:04 ----D---- C:\Program Files\Lenovo

2008-11-05 16:13:04 ----D---- C:\Program Files\Common Files\Lenovo

2008-11-05 16:12:28 ----SHD---- C:\Windows\Installer

2008-11-05 16:11:16 ----D---- C:\Drivers

2008-11-05 16:06:17 ----D---- C:\Users\Rogee\AppData\Roaming\Identities

2008-11-05 16:06:10 ----SD---- C:\Users\Rogee\AppData\Roaming\Microsoft

2008-10-20 10:09:54 ----A---- C:\Windows\system32\msvcr71.dll

2008-10-20 10:09:44 ----A---- C:\Windows\system32\msvcp71.dll

2008-10-20 10:09:34 ----A---- C:\Windows\system32\MFC71u.dll

======List of files/folders modified in the last 1 months======

2008-11-19 12:27:29 ----RD---- C:\Program Files

2008-11-19 12:27:29 ----D---- C:\Windows\Temp

2008-11-19 11:54:56 ----D---- C:\Windows

2008-11-19 11:54:55 ----D---- C:\Windows\system32\drivers

2008-11-19 11:00:10 ----D---- C:\Windows\System32

2008-11-19 11:00:10 ----D---- C:\Windows\inf

2008-11-19 11:00:10 ----A---- C:\Windows\system32\PerfStringBackup.INI

2008-11-19 10:55:27 ----HD---- C:\ProgramData

2008-11-18 14:56:36 ----SHD---- C:\$Recycle.Bin

2008-11-17 22:24:50 ----D---- C:\Windows\system32\WDI

2008-11-14 18:56:15 ----D---- C:\Windows\winsxs

2008-11-14 18:52:08 ----D---- C:\Windows\system32\catroot

2008-11-14 18:52:07 ----D---- C:\Windows\system32\catroot2

2008-11-08 12:00:51 ----RSD---- C:\Windows\assembly

2008-11-08 12:00:30 ----D---- C:\Windows\Microsoft.NET

2008-11-08 11:19:06 ----D---- C:\Windows\Logs

2008-11-07 00:21:11 ----D---- C:\Program Files\Common Files

2008-11-07 00:00:15 ----RSD---- C:\Windows\Fonts

2008-11-06 21:13:48 ----D---- C:\Program Files\Common Files\microsoft shared

2008-11-06 16:11:36 ----D---- C:\Windows\system32\LogFiles

2008-11-06 15:59:58 ----D---- C:\Windows\servicing

2008-11-06 15:43:07 ----D---- C:\Windows\system32\Tasks

2008-11-06 15:16:02 ----A---- C:\Windows\win.ini

2008-11-06 11:10:01 ----D---- C:\Program Files\MSBuild

2008-11-06 11:09:46 ----D---- C:\Windows\ShellNew

2008-11-06 11:09:22 ----SD---- C:\ProgramData\Microsoft

2008-11-06 11:07:11 ----D---- C:\Program Files\Common Files\System

2008-11-06 10:37:53 ----D---- C:\Windows\Help

2008-11-06 10:23:59 ----SD---- C:\Windows\Downloaded Program Files

2008-11-05 18:42:16 ----D---- C:\Windows\rescache

2008-11-05 18:42:10 ----D---- C:\Windows\system32\wbem

2008-11-05 18:42:10 ----D---- C:\Windows\system32\en-US

2008-11-05 18:14:44 ----ASH---- C:\Program Files\desktop.ini

2008-11-05 18:09:02 ----D---- C:\Windows\system32\ras

2008-11-05 18:09:02 ----D---- C:\Windows\system32\icsxml

2008-11-05 18:09:02 ----D---- C:\Program Files\Windows Calendar

2008-11-05 18:09:01 ----D---- C:\Windows\AppPatch

2008-11-05 18:09:01 ----D---- C:\Program Files\Windows Mail

2008-11-05 18:09:00 ----D---- C:\Windows\system32\XPSViewer

2008-11-05 18:08:59 ----D---- C:\Program Files\Windows Defender

2008-11-05 18:08:58 ----D---- C:\Program Files\Windows Media Player

2008-11-05 18:08:56 ----D---- C:\Windows\system32\migration

2008-11-05 18:08:52 ----D---- C:\Windows\system32\SLUI

2008-11-05 18:08:51 ----D---- C:\Program Files\Windows Sidebar

2008-11-05 18:08:50 ----D---- C:\Program Files\Internet Explorer

2008-11-05 17:29:04 ----D---- C:\Windows\PolicyDefinitions

2008-11-05 16:52:29 ----D---- C:\Windows\Tasks

2008-11-05 16:12:38 ----D---- C:\Windows\system32\restore

2008-11-05 16:06:09 ----RD---- C:\Users

2008-11-05 16:05:57 ----D---- C:\Windows\system32\CodeIntegrity

2008-11-03 21:10:25 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2008-11-19 98440]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2008-11-19 26824]

R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2008-11-19 90632]

R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-11-05 320000]

R1 lenovo.smi;Lenovo System Interface Driver; C:\Windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-01-23 39936]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]

R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-02 983552]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-11-05 14208]

R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2006-11-23 1652968]

R3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-12-19 1786880]

R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2008-11-06 21376]

R3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2008-07-22 51200]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-11-05 82432]

R3 TVTI2C;Lenovo SM bus driver; C:\Windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]

R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-11-05 19456]

S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2006-11-02 92160]

S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-11-05 220160]

S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-11-05 29184]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2008-11-19 85969]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-10-19 2251776]

S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2006-11-02 49664]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-11-19 231704]

R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2006-11-02 22016]

R2 FNF5SVC;Fn+F5 Service; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [2008-03-14 54560]

R2 PMSveH;PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [2006-05-24 57344]

R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]

R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]

R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]

R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-11-29 722232]

R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2008-03-27 58736]

R2 TSSCoreService;TSS Core Service; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [2007-11-29 779576]

R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]

S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2006-11-02 22016]

S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2006-11-02 521216]

S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-06 654848]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-14 779824]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2006-11-02 22016]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2006-11-02 562176]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Log Info Rsit

info.txt logfile of random's system information tool 1.04 2008-11-19 12:27:33

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL

-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL

-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL

-->C:\Windows\UNNeroShowTime.exe /UNINSTALL

-->C:\Windows\UNNeroVision.exe /UNINSTALL

-->C:\Windows\UNRecode.exe /UNINSTALL

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0416-0000-0000000FF1CE} /uninstall {669EB263-0AFE-4FCB-A068-DB082CA6273C}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0416-0000-0000000FF1CE} /uninstall {98003BDC-1B68-4970-B28E-ACC8000D2F3E}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0416-0000-0000000FF1CE} /uninstall {B818F15C-FA76-4262-AB26-C04D0772EED8}

Adobe Acrobat 8.1.0 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Arquivo do WinRAR-->C:\Program Files\WinRAR\uninstall.exe

AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

Client Security - Password Manager-->MsiExec.exe /X{44E9D4C2-946C-4378-9354-558803C47A68}

CorelDRAW Graphics Suite X4 - Capture-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF012}

CorelDRAW Graphics Suite X4 - Content-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF016}

CorelDRAW Graphics Suite X4 - Draw-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF013}

CorelDRAW Graphics Suite X4 - Filters-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF017}

CorelDRAW Graphics Suite X4 - FontNav-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF019}

CorelDRAW Graphics SUite X4 - ICA-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF010}

CorelDRAW Graphics Suite X4 - IPM-->MsiExec.exe /I{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}

CorelDRAW Graphics Suite X4 - Lang BR-->MsiExec.exe /I{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}

CorelDRAW Graphics Suite X4 - PP-->MsiExec.exe /I{7F05E704-30A6-421A-97A7-8EEB1C7FF014}

CorelDRAW Graphics Suite X4 - VBA-->MsiExec.exe /I{BF439B41-0252-48DE-8B8B-0430CB26A181}

CorelDRAW Graphics Suite X4-->MsiExec.exe /I{44A27085-0616-4181-A0C3-81C7ECA17F73}

CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe

CorelDRAW® Graphics Suite X4 - Windows Shell Extension-->MsiExec.exe /X{CE2DA11A-917F-4CF5-AB55-755EC115DD10}

CorelDRAW® Graphics Suite X4-->c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp

FLV Player 2.0, build 23-->C:\Program Files\FLV Player\uninst.exe

Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall

K-Lite Codec Pack 3.5.3 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Lenovo Care Supplement-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}\setup.exe" -l0x9 -AddRemove

Lenovo Care-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF52099A-3BEA-4C41-AEA8-1E190F04D737}\setup.exe" -l0x9 -AddRemove

Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf

Microsoft Office Access MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0015-0416-0000-0000000FF1CE}

Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL

Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0016-0416-0000-0000000FF1CE}

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00BA-0416-0000-0000000FF1CE}

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0044-0416-0000-0000000FF1CE}

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-00A1-0416-0000-0000000FF1CE}

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001A-0416-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0018-0416-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001F-0416-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-002C-0416-0000-0000000FF1CE}

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-0019-0416-0000-0000000FF1CE}

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-006E-0416-0000-0000000FF1CE}

Microsoft Office Word MUI (Portuguese (Brazil)) 2007-->MsiExec.exe /X{90120000-001B-0416-0000-0000000FF1CE}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}

Nero 7 Ultra Edition-->MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1033}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.LH 132 C:\Program Files\Lenovo\HOTKEY\tphk_3k.inf

PM Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{62715632-A555-4D9E-9CEC-4F84EB55B07B}

Proteção de Tela TimeDimension (por Hans Donner)-->MsiExec.exe /X{8D90C0DD-798A-40DB-8A22-5D13C78262E8}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly

Registry patch to improve USB device detection on resume from sleep for Windows Vista-->MsiExec.exe /X{4AB5764A-3894-49A2-BAA8-C4665F74CD4C}

Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}

Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}

Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}

Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}

Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}

Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}

Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}

Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}

Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}

Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}

Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}

Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Outlook 2007 Junk Email Filter (kb957829)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {07A1F6B6-4F1C-418C-A605-755A121C4A16}

Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}

Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}

Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

Your Uninstaller! 2008 Version 6.0-->"C:\Program Files\Your Uninstaller 2008\unins000.exe"

======Hosts File======

127.0.0.1 localhost

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

127.0.0.1

======Security center information======

AV: AVG Anti-Virus Free (outdated)

AS: AVG Anti-Virus Free (disabled) (outdated)

AS: Spybot - Search and Destroy (disabled)

AS: Windows Defender

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Lenovo;C:\Program Files\Lenovo\Client Security Solution

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel

"PROCESSOR_REVISION"=0e0c

"NUMBER_OF_PROCESSORS"=2

"TVT"=C:\Program Files\Lenovo

"TPCCommon"=C:\PROGRA~1\Lenovo\LENOVO~1

"SWSHARE"=C:\SWSHARE

"TVTCOMMON"=C:\Program Files\Common Files\Lenovo

-----------------EOF-----------------

fico no aguardo. Obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Por gentileza, poste um novo log das ferramentas.

Obs: Não abra um novo tópico, poste seu novo log clicando no botão Responder.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×