Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
geraldobreno

Ajuda com possível infecção!!!!!!

Recommended Posts

Boa tarde!

meu pc tem apresentado algumas situações estranhas como:

-lentidão;

-cooler parece estar funcionando muito rápido quando estou apenas usando um navegador (Google Chrome);

-Uma vez apareceu uma tela azul com algumas inscrições, e logo após reiniciou, isso aconteceu também quando tentei scanear com o GMER, só consegui depis de entrar no modo segurança;

-não sei se essa parte pode ter algo a ver com alguma infecção, mas os videos do youtube não carregam como antes, sempre tenho que diminuir a configuração de video para 240p, e ainda assim demora muito. Digo isso porque minha net é banda larga e antes os mesmos carregavam rápido;

-indicação de memória física em 51% usando apenas o navegador já citado anteriormente, as vezes indica 31% também.

DDS (Ver_10-12-12.01) - NTFSx86

Run by GERALDO BRENO at 13:32:26,29 on 23/02/2011

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.3062.2069 [GMT -3:00]

SP: Spybot - Search and Destroy *Enabled/Outdated* {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}

SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Firewall pessoal do ESET *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\BootRacer\BootRacerServ.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Protector Suite QL\upeksvr.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Protector Suite QL\psqltray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\GERALDO BRENO\Desktop\Forum\dds.pif

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.inglescurso.net.br/

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446

mStart Page = about:blank

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mExplorerRun: [bootRacer] "c:\program files\bootracer\Bootrace.exe" /2

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\atuali~1.lnk - c:\program files\eset\minodlogin\MiNODLogin.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Google Sidewiki...

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: psfus - c:\windows\system32\psqlpwd.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

LSA: Notification Packages = scecli psqlpwd

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\gerald~1\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://br.msn.com/

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=

FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\users\geraldo breno\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll

FF - component: c:\users\geraldo breno\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\geraldo breno\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext

FF - Extension: Interface brasileira do Firefox: langpack-pt-BR@firefox.mozilla.org - c:\users\gerald~1\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\langpack-pt-BR@firefox.mozilla.org

FF - Extension: Dicionário para Ortografia pt-BR: pt-BR@dictionaries.addons.mozilla.org - c:\users\gerald~1\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\pt-BR@dictionaries.addons.mozilla.org

FF - Extension: Conduit Engine : engine@conduit.com - c:\users\gerald~1\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\engine@conduit.com

FF - Extension: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\users\gerald~1\appdata\roaming\mozilla\firefox\profiles\15u8v33g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

============= SERVICES / DRIVERS ===============

R0 58470502;58470502 Boot Guard Driver;c:\windows\system32\drivers\58470502.sys [2010-10-24 37392]

R1 58470501;58470501;c:\windows\system32\drivers\58470501.sys [2010-10-24 128016]

R2 BootRacerServ;BootRacerServ;c:\program files\bootracer\BootRacerServ.exe [2011-1-26 65304]

R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]

R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-24 1153368]

R3 netw5v32;Driver de adaptador Intel® Wireless WiFi Link 5000 Series para Windows Vista 32 Bits;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-10-30 267880]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-17 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 SinoTPM;Driver For SINOSUN Trusted Platform Module;c:\windows\system32\drivers\SinoTpm.sys [2009-12-14 34048]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-25 1343400]

=============== Created Last 30 ================

2011-02-23 15:16:18 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-02-23 12:31:35 442880 ----a-w- c:\windows\system32\XpsPrint.dll

2011-02-23 12:31:34 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-02-22 14:36:18 5890896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7c68e23f-4ebf-4fd2-89e8-ad7df828521d}\mpengine.dll

2011-02-17 23:29:12 237568 ----a-w- c:\windows\system32\yv12vfw.dll

2011-02-17 23:29:12 232448 ----a-w- c:\windows\system32\mp3fhg.acm

2011-02-17 23:29:12 151552 ----a-w- c:\windows\system32\ac3acm.acm

2011-02-17 23:29:11 810496 ----a-w- c:\windows\system32\xvidcore.dll

2011-02-17 23:29:11 80896 ----a-w- c:\windows\system32\ff_vfw.dll

2011-02-17 23:29:11 183808 ----a-w- c:\windows\system32\xvidvfw.dll

2011-02-17 23:29:08 -------- d-----w- c:\program files\K-Lite Codec Pack

2011-02-15 21:19:59 -------- d-----w- c:\program files\Viva Media

2011-02-09 14:20:05 204288 ----a-w- c:\windows\system32\upnp.dll

2011-02-09 14:20:03 1389568 ----a-w- c:\windows\system32\msxml6.dll

2011-02-09 14:20:02 981504 ----a-w- c:\windows\system32\wininet.dll

2011-02-09 14:20:02 1236992 ----a-w- c:\windows\system32\msxml3.dll

2011-02-09 14:20:01 80384 ----a-w- c:\windows\system32\davclnt.dll

2011-02-09 14:20:01 204800 ----a-w- c:\windows\system32\WebClnt.dll

2011-02-09 14:20:00 73728 ----a-w- c:\windows\system32\wscsvc.dll

2011-02-09 14:20:00 51200 ----a-w- c:\windows\system32\wscapi.dll

2011-02-09 14:20:00 350720 ----a-w- c:\windows\system32\winhttp.dll

2011-02-09 14:20:00 14336 ----a-w- c:\windows\system32\slwga.dll

2011-02-09 14:18:50 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2011-02-04 13:33:25 181608 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10137.bin

2011-02-02 18:01:00 -------- d-----w- c:\program files\BootRacer

2011-01-30 15:45:12 135568 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-01-30 15:45:12 135568 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

2011-01-27 22:48:11 -------- d-----w- c:\progra~2\Messenger Plus!

2011-01-27 22:42:16 -------- d-----w- c:\program files\Messenger Plus! Live

==================== Find3M ====================

2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll

2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll

2011-01-05 05:37:33 428032 ----a-w- c:\windows\system32\vbscript.dll

2011-01-05 03:37:38 2329088 ----a-w- c:\windows\system32\win32k.sys

2010-12-18 05:29:40 44544 ----a-w- c:\windows\system32\licmgr10.dll

2010-12-18 05:29:31 541184 ----a-w- c:\windows\system32\kerberos.dll

2010-12-18 04:20:55 386048 ----a-w- c:\windows\system32\html.iec

2010-12-18 03:47:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb

============= FINISH: 13:33:15,99 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 14/12/2009 20:35:07

System Uptime: 23/02/2011 13:24:13 (0 hours ago)

Motherboard: CLEVO | | M540R

Processor: Intel® Core2 Duo CPU T6400 @ 2.00GHz | U2E1 | 1200/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 187,782 GiB free.

D: is CDROM ()

E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft ISATAP

Device ID: ROOT\*ISATAP\0002

Manufacturer: Microsoft

Name: Adaptador do Microsoft ISATAP #3

PNP Device ID: ROOT\*ISATAP\0002

Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador de Túnel Teredo da Microsoft

Device ID: ROOT\*TEREDO\0000

Manufacturer: Microsoft

Name: Teredo Tunneling Pseudo-Interface

PNP Device ID: ROOT\*TEREDO\0000

Service: tunnel

Class GUID:

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000A\7&110D3CE5&0&0017E672C437_C00000000

Manufacturer:

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_LOCALMFG&000A\7&110D3CE5&0&0017E672C437_C00000000

Service:

Class GUID:

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0191\7&110D3CE5&0&001D3BF53B44_C00000000

Manufacturer:

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}_VID&00010001_PID&0191\7&110D3CE5&0&001D3BF53B44_C00000000

Service:

Class GUID:

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000A\7&110D3CE5&0&0017E672C437_C00000000

Manufacturer:

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}_LOCALMFG&000A\7&110D3CE5&0&0017E672C437_C00000000

Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft 6to4

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Adaptador do Microsoft 6to4

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft ISATAP

Device ID: ROOT\*ISATAP\0000

Manufacturer: Microsoft

Name: Adaptador do Microsoft ISATAP

PNP Device ID: ROOT\*ISATAP\0000

Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Adaptador do Microsoft ISATAP

Device ID: ROOT\*ISATAP\0001

Manufacturer: Microsoft

Name: Adaptador do Microsoft ISATAP #2

PNP Device ID: ROOT\*ISATAP\0001

Service: tunnel

==== System Restore Points ===================

RP594: 19/02/2011 01:22:01 - Ponto de Verificação Agendado

RP595: 20/02/2011 19:00:08 - Backup do Windows

RP596: 22/02/2011 11:35:48 - Windows Update

RP597: 22/02/2011 12:36:41 - Windows Update

RP598: 23/02/2011 12:15:45 - Windows Update

==== Installed Programs ======================

"Nero SoundTrax Help

2007 Microsoft Office Suite Service Pack 2 (SP2)

32 Bit HP CIO Components Installer

4660_4680_Help

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1)

Adobe Shockwave Player 11.5

Advertising Center

AP Tuner 3.08

Arquivo do WinRAR

ASIO4ALL

Assistente de Conexão do Windows Live

Atualização do produto Microsoft Office Excel 2007 Help (KB963678)

Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)

Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)

Atualização do produto Microsoft Office Word 2007 Help (KB963665)

Avanquest update

BootRacer

bpd_scan

BPDSoftware

BPDSoftware_Ini

BrOffice.org 3.2

BufferChm

CCleaner

Company of Heroes

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Defraggler

Destinations

DeviceDiscovery

Dicionário eletrônico Houaiss 3.0

DocMgr

DocProc

DolbyFiles

Eraser 6.0.7.1893

ESET Antivirus License Finder (MiNODLogin)

ESET Smart Security

Far Cry

Far Cry (Patch 1)

Far Cry (Patch 1.3)

Far Cry (Patch 1.31)

Far Cry (Patch 1.32)

Far Cry (Patch 1.33)

Far Cry (Patch 1.4)

Fax

Ferramenta de Carregamento do Windows Live

Gadgets do Microsoft Office Outlook para Windows SideShow

Google Chrome

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP OfficeJet J4600 All-In-One Series

HP Photosmart Essential 3.5

HP Smart Web Printing 4.60

HP Solution Center 13.0

HP Update

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

ImagXpress

J4660

Java Auto Updater

Java 6 Update 20

JDownloader

Junk Mail filter update

K-Lite Mega Codec Pack 6.9.0

Live 8.0.4

Managed DirectX (0901)

MarketResearch

Megacubo 7.6.1

Menu Templates - Starter Kit

Messenger Plus! Live

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Motorola Driver Installation

Motorola Phone Tools

Motorola SM56 Data Fax Modem

Movie Templates - Starter Kit

Mozilla Firefox (3.6.13)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MV RegClean 5.9

Nero 9

Nero BurningROM

Nero BurnRights

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero Disc Copy Gadget

Nero Disc Copy Gadget Help

Nero DiscSpeed

Nero DriveSpeed

Nero Express

Nero InfoTool

Nero Installer

Nero Live

Nero Live Help

Nero PhotoSnap

Nero PhotoSnap Help

Nero Recode

Nero Recode Help

Nero Rescue Agent

Nero RescueAgent Help

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero WaveEditor

Nero WaveEditor Help

NeroBurningROM

NeroExpress

neroxml

Network

Novo Dicionário Aurélio

OCR Software by I.R.I.S. 13.0

OGA Notifier 2.0.0048.0

Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0

PhotoScape

ProductContext

Protector Suite QL 5.6

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

REALTEK GbE & FE Ethernet PCI-E NIC Driver

RealUpgrade 1.0

Reason 4.0

Recuva

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Shop for HP Supplies

Skype™ 5.0

SlimDrivers

SmartWebPrinting

SolutionCenter

Sound Forge Pro 10.0

SoundTrax

Spybot - Search & Destroy

Status

Synaptics Pointing Device Driver

Synthesia (remove only)

Tales of Monkey Island

TeLL me More

Tom Clancy's Rainbow Six: Lockdown

Toolbox

TrayApp

Uniblue DriverScanner

Uniblue PowerSuite

Uniblue RegistryBooster

Uniblue SpeedUpMyPC

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office Outlook 2007 (KB2412171)

Update for Outlook 2007 Junk Email Filter (KB2492475)

Versão de 32 bits do Microsoft Outlook Social Connector

Vivo 3G

VLC media player 1.1.0

VobSub v2.23 (Remove Only)

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live OneCare safety scanner

Windows Live Sync

Windows Live Sync ActiveX Control for Remote Connections

Windows Media Lite 2.3.0

X-Men Legends 2

==== End Of File ===========================

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2011-02-23 13:56:32

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK3255GSX rev.FG010U

Running: gmer.exe; Driver: C:\Users\GERALD~1\AppData\Local\Temp\pwliyaog.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82087589 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 820AC092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [748F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [748D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [748D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [748F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [748E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [748E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [748E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [748E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [748E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [748E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [748E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [748EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1124] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [748E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060ef4cb5

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060ef4cb5@0017e672c437 0x91 0xC5 0x71 0xDF ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001060ef4cb5@001d3bf53b44 0xEF 0x6E 0xA3 0x6B ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x0B 0xD6 0x1D ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x86 0x5A 0xEC ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x04 0x92 0x67 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060ef4cb5 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060ef4cb5@0017e672c437 0x91 0xC5 0x71 0xDF ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001060ef4cb5@001d3bf53b44 0xEF 0x6E 0xA3 0x6B ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x79 0x0B 0xD6 0x1D ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF6 0x86 0x5A 0xEC ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x3A 0x04 0x92 0x67 ...

Reg HKCU\Software\Microsoft\Windows Live\Companion\geraldo_bwa@hotmail.com@ec2fa0cfe949ebc2896564a126c518a7\r\n 0x8C 0x25 0xBF 0x58 ...

Reg HKCU\Software\Microsoft\Windows Live\Companion\geraldo_bwa@hotmail.com@061add2a9f345dcf370ebb4ff394f13c\r\n 0x72 0x1C 0xC7 0x31 ...

Reg HKCU\Software\Microsoft\Windows Live\Companion\geraldo_bwa@hotmail.com@71bc4f60647fda5a006069ebd80497b5\r\n 0xFF 0x15 0x82 0x03 ...

Reg HKCU\Software\Microsoft\Windows Live\Companion\geraldo_bwa@hotmail.com@ae743768f3e6603e08838d6b9ca0724a\r\n 0xC0 0x42 0x70 0xC8 ...

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=118DF76 Driver's\DRIVER\xb4S\Audio\Setup.exe 1

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=2377039 Driver's\DRIVER\xb4S\Driver_Video\Setup.exe 1

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=E8C010 Driver's\DRIVER\xb4S\PNTBFIWXP23683\Application\x86\install\setup.exe 1

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=B81A Driver's\DRIVER\xb4S\PNTBTOWXP23683\Setup.exe 1

Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=64D75BE Driver's\DRIVER\xb4S\PNTBMWWXP23683\Intel\XP\Drivers\iProdifx.EXE 1

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×