Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Shirkit

Análise de Log - Pc com múltiplos problemas

Recommended Posts

Olá,

Estou enfrentando múltiplos problemas, aparentemende por causa do Vírus Kavo que eu provavelmente peguei via Pendrive. Eu acho que é isto, o computador não para de processar nunca, mas no Gerenciador de Tarefas não mostra processos rodando, sei disso porque a luz de trabalho fica constantemente acesa, e ela não quebrou nem deu defeito, testei isso, e dá pra ouvir o barulho do cooler trabalhando mais rápido que o normal, e não é devido à poeira. Estou enfrentando problemas tipo:

Lentidão

Processos travam mais do que o normal quando abertos (abre um arquivo, demora como a ***** pra abrir, como se tivesse mais coisa aberta ao mesmo tmepo, mas não tem =/)

Perda constante de IP da rede Wireless (de tempos em tempos, meu computador perde o IP da rede. Isso nunca acontecia)

Demora extrema para iniciar o computador

Sou estudando de Ciências da Computação e tenho noções de manutenção, se precisar de alguma coisa difícil, pode pedir.

E uma observação, eu rodei o PenClean e o ComboFix neste computador sem as devidas instruções. Se o responsável pelos problemas não for algum vírus/malware, eu formato o HD.

Se puder, como bônus, gostaria de saber de alguém tem alguma atualização para o serviço do WZCSVC em que pare de ficar atualizando a lista de redes toda hora, sobrecarregando a rede. Se alguém sabe como ajudar a parar com o ping alto de 1 em 1 minuto graças ao serviço WZCSVC, agradeço. E sim, já dei 'net stop wzcsvc', gostaria de saber se tem algum outro procedimento.

Agradeço de antemão,

Shirkit.

Log do DDS

DDS (Version 1.0) - NTFSx86

Run by Administrador at 21:37:24,52 on qua 10/12/2008

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.2046.1380 [GMT -3:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\arquivos de programas\arquivos comuns\logishrd\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\NetLimiter 2 Pro\nlsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\NetLimiter 2 Pro\NLClient.exe

C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Arquivos de programas\Winamp\winamp.exe

C:\WINDOWS\system32\ping.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

D:\Perfis\Administrador.MICROSOF-F16605\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mWinlogon: UIHost=%windir%\Resources\LogonUI\LogonUI.exe

BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\arquivos de programas\internet download manager\IDMIECC.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - c:\arquivos de programas\megaupload\mega manager\MegaIEMn.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [DAEMON Tools Lite] "c:\arquivos de programas\daemon tools lite\daemon.exe" -autorun

uRun: [DGM Screenshoter] d:\backups\screen shoter\DGMShoter.exe

uRun: [iDMan] c:\arquivos de programas\internet download manager\IDMan.exe /onboot

uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

mRun: [Vistadrv] c:\windows\vistadrv\vsdrv.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [egui] "c:\arquivos de programas\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto

StartupFolder: d:\perfis\admini~2.mic\menuin~1\progra~1\inicia~1\pnotes.lnk - d:\documentos\pedro\pnotesportable\PNotes.exe

StartupFolder: d:\perfis\alluse~1\menuin~1\progra~1\inicia~1\window~1.lnk - c:\arquivos de programas\windows desktop search\WindowsSearch.exe

uPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)

mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)

IE: Download all links with IDM - c:\arquivos de programas\internet download manager\IEGetAll.htm

IE: Download FLV video content with IDM - c:\arquivos de programas\internet download manager\IEGetVL.htm

IE: Download with IDM - c:\arquivos de programas\internet download manager\IEExt.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~1\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~1\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

LSP: c:\windows\system32\idmmbc.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\arquivos de programas\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]

R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [2007-4-23 82200]

R2 ekrn;Eset Service;"c:\arquivos de programas\eset\eset nod32 antivirus\ekrn.exe" [2007-12-21 468224]

R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-11-3 6016]

S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe /s c:\windows\nod32fixtemdono.reg [2008-3-23 3584]

S3 GarenaPEngine;GarenaPEngine; []

=============== Created Last 30 ================

2008-12-10 13:02 <DIR> --d----- d:\perfis\admini~2.mic\dadosd~1\Windows Search

2008-12-10 13:00 <DIR> --d----- d:\perfis\admini~2.mic\dadosd~1\Windows Desktop Search

2008-12-10 13:00 <DIR> --d----- c:\arquivos de programas\Windows Desktop Search

2008-12-10 13:00 <DIR> --d----- c:\windows\system32\GroupPolicy

2008-12-10 12:59 192,000 -------- c:\windows\system32\dllcache\offfilt.dll

2008-12-10 12:59 98,304 -------- c:\windows\system32\dllcache\nlhtml.dll

2008-12-10 12:59 29,696 -------- c:\windows\system32\dllcache\mimefilt.dll

2008-12-10 12:54 247,326 -------- c:\windows\system32\dllcache\strmdll.dll

2008-12-09 22:10 <DIR> --d----- c:\windows\system32\xircom

2008-12-08 23:29 <DIR> a-dshr-- C:\cmdcons

2008-12-08 23:28 161,792 a------- c:\windows\SWREG.exe

2008-12-08 23:28 98,816 a------- c:\windows\sed.exe

2008-12-08 23:28 <DIR> --d----- C:\ComboFix

2008-12-08 23:18 <DIR> --d----- C:\PenClean

2008-12-08 15:57 47,536 a------- C:\VEICULOS.DAT

2008-12-08 15:57 4,240 a------- C:\CLIENTES.DAT

2008-12-08 11:33 <DIR> --d-h--- c:\windows\PIF

2008-12-07 00:45 532 a------- c:\windows\eReg.dat

2008-12-06 19:19 647,872 a------- c:\windows\system32\Mscomct2.ocx

2008-12-06 19:19 244,416 a------- c:\windows\system32\Msflxgrd.ocx

2008-12-06 19:19 117,507 a------- c:\windows\system32\Msinet.ocx

2008-12-06 19:19 <DIR> --d----- c:\arquivos de programas\VisualSoft

2008-12-05 19:55 <DIR> --d----- d:\perfis\alluse~1\dadosd~1\CCP

2008-12-05 07:58 410,984 a------- c:\windows\system32\deploytk.dll

2008-12-03 11:31 <DIR> --d----- c:\arquivos de programas\Nsasoft

2008-12-01 23:12 <DIR> --d----- C:\AppCompactor

2008-11-28 19:09 <DIR> --d----- d:\perfis\admini~2.mic\dadosd~1\mIRC

2008-11-27 20:16 65,602 a------- c:\windows\system32\cook3260.dll

2008-11-26 14:29 <DIR> --d----- c:\arquivos de programas\TSO

2008-11-25 19:59 103,511 -------- c:\windows\hpoins04.dat.temp

2008-11-25 19:59 17,176 -------- c:\windows\hpomdl04.dat.temp

2008-11-23 19:48 <DIR> --d----- C:\spoolerlogs

2008-11-21 15:40 <DIR> --d----- d:\perfis\admini~2.mic\dadosd~1\Xfire

2008-11-21 15:40 <DIR> --d----- c:\arquivos de programas\Xfire

2008-11-21 15:25 <DIR> --d----- c:\arquivos de programas\RivaTuner v2.20

2008-11-21 14:51 81,768 a------- c:\windows\system32\xinput1_3.dll

2008-11-21 14:51 22,328 a------- d:\perfis\admini~2.mic\dadosd~1\PnkBstrK.sys

2008-11-21 14:50 682,280 a------- c:\windows\system32\pbsvc.exe

2008-11-21 14:32 <DIR> --dsh--- c:\windows\ftpcache

2008-11-19 08:35 0 a------- c:\windows\system32\FOXIT_PDF

2008-11-18 10:33 26 a------- c:\windows\ExplorerXP.INI

2008-11-17 15:23 <DIR> --d----- c:\windows\system32\appmgmt

2008-11-17 15:23 <DIR> --d----- c:\windows\SxsCaPendDel

2008-11-17 15:19 107,888 a------- c:\windows\system32\CmdLineExt.dll

2008-11-17 13:49 138,912 a------- c:\windows\system32\drivers\PnkBstrK.sys

2008-11-17 13:49 183,256 a------- c:\windows\system32\PnkBstrB.exe

2008-11-17 13:48 66,872 a------- c:\windows\system32\PnkBstrA.exe

2008-11-13 03:07 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll

2008-11-12 21:15 1,024 a------- C:\_0001.jpg

2008-11-12 21:15 1,024 a------- C:\_0000.jpg

2008-11-12 20:52 <DIR> --d----- c:\arquivos de programas\Konvertor

2008-11-12 19:05 32,256 a------- c:\windows\system32\vvprodreg.dll

2008-11-12 19:05 137,000 a------- c:\windows\system32\msmapi32.ocx

2008-11-12 19:05 45,056 a------- c:\windows\system32\shellses.dll

2008-11-12 19:05 24,576 a------- c:\windows\system32\ibmwave.exe

2008-11-12 19:05 22,528 a------- c:\windows\system32\rhmmplay.dll

2008-11-12 19:00 1,684 a------- c:\windows\wininit.ini

2008-11-12 19:00 156 a------- c:\windows\tmpcpyis.bat

2008-11-12 19:00 122 a------- c:\windows\tmpdelis.bat

2008-11-12 19:00 26 a------- c:\windows\winstart.bat

2008-11-12 19:00 <DIR> --d----- c:\windows\speech

2008-11-12 19:00 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys

2008-11-12 18:59 317,952 a------- c:\windows\system32\roboex32.dll

2008-11-12 18:59 65,536 a------- c:\windows\system32\viavoiceps.dll

2008-11-12 18:59 61,440 a------- c:\windows\system32\vvrtkclients.dll

2008-11-12 18:59 49,152 a------- c:\windows\system32\setnote.cpl

2008-11-12 18:59 37,888 a------- c:\windows\system32\vvrtkreg.dll

2008-11-12 18:59 20,480 a------- c:\windows\system32\setresbr.dll

2008-11-12 18:59 <DIR> --d----- c:\arquivos de programas\ViaVoice

2008-11-12 18:58 308,224 a------- c:\windows\IsUn0416.exe

==================== Find3M ====================

2008-11-27 20:24 47,360 a------- d:\perfis\admini~2.mic\dadosd~1\pcouffin.sys

2008-11-17 17:08 474,400 a------- c:\windows\system32\perfh016.dat

2008-11-17 17:08 79,944 a------- c:\windows\system32\perfc016.dat

2008-10-29 22:25 42,320 a------- c:\windows\system32\xfcodec.dll

2008-10-24 08:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 09:37 286,720 a------- c:\windows\system32\gdi32.dll

2008-10-23 09:37 286,720 -------- c:\windows\system32\dllcache\gdi32.dll

2008-10-22 18:36 103,511 -------- c:\windows\hpoins04.dat

2008-10-20 14:55 38,807,584 a--sh--- c:\windows\system32\drivers\fidbox.dat

2008-10-20 14:55 530,216 a--sh--- c:\windows\system32\drivers\fidbox.idx

2008-10-20 14:55 278,048 a--sh--- c:\windows\system32\drivers\fidbox2.dat

2008-10-20 14:55 28,184 a--sh--- c:\windows\system32\drivers\fidbox2.idx

2008-10-18 22:40 47,360 a------- c:\windows\system32\drivers\pcouffin.sys

2008-10-18 00:07 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf

2008-10-18 00:07 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-10-17 01:53 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-16 10:15 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe

2008-10-16 10:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe

2008-10-16 10:07 68,135 a------- c:\windows\War3Unin.dat

2008-10-16 09:15 139,264 a------- c:\windows\War3Unin.exe

2008-10-16 09:15 2,829 a------- c:\windows\War3Unin.pif

2008-10-15 13:36 337,408 -------- c:\windows\system32\dllcache\netapi32.dll

2008-10-15 04:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe

2008-10-15 04:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll

2008-10-12 14:20 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat

2008-10-10 15:10 21,844 a------- c:\windows\system32\emptyregdb.dat

2008-10-03 07:04 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-09-16 21:27 453,152 a------- c:\windows\system32\NVUNINST.EXE

2008-09-15 12:26 1,846,528 a------- c:\windows\system32\win32k.sys

2008-09-15 12:26 1,846,528 -------- c:\windows\system32\dllcache\win32k.sys

2008-09-12 07:44 206,256 a------- c:\windows\system32\idmmbc.dll

============= FINISH: 21:38:11,08 ===============

Log do GMER

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-10 22:03:13

Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT spsk.sys ZwCreateKey [0xB9EA80E0]

SSDT spsk.sys ZwEnumerateKey [0xB9EC6CA2]

SSDT spsk.sys ZwEnumerateValueKey [0xB9EC7030]

SSDT spsk.sys ZwOpenKey [0xB9EA80C0]

SSDT spsk.sys ZwQueryKey [0xB9EC7108]

SSDT spsk.sys ZwQueryValueKey [0xB9EC6F88]

SSDT spsk.sys ZwSetValueKey [0xB9EC719A]

INT 0x62 ? 89DFABF8

INT 0x63 ? 89C2EBF8

INT 0xA4 ? 89C2EBF8

INT 0xB4 ? 89DFABF8

INT 0xB4 ? 89DFABF8

INT 0xB4 ? 89C2EBF8

INT 0xB4 ? 89DFABF8

---- Kernel code sections - GMER 1.0.14 ----

? spsk.sys O sistema não pode encontrar o arquivo especificado. !

.text USBPORT.SYS!DllUnload B93C38AC 5 Bytes JMP 89C2E1D8

.text anf1o28a.SYS B916D386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]

.text anf1o28a.SYS B916D3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]

.text anf1o28a.SYS B916D3C4 3 Bytes [ 00, 70, 02 ]

.text anf1o28a.SYS B916D3C9 1 Byte [ 2E ]

.text anf1o28a.SYS B916D3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]

.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\ekrn.exe[284] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [ C2, 04, 00, 00 ]

.text C:\WINDOWS\system32\SearchIndexer.exe[5272] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [b9EA9040] spsk.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [b9EA913C] spsk.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [b9EA90BE] spsk.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [b9EA97FC] spsk.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [b9EA96D2] spsk.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [b9EB9048] spsk.sys

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KeGetCurrentIrql] 57B80974

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KfRaiseIrql] 8B000000

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KfLowerIrql] 56C35DE5

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!HalGetInterruptVector] 8D08758B

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520

IAT \SystemRoot\System32\Drivers\anf1o28a.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F42EC0] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F42C30] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F42C90] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\Explorer.EXE[1440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F42C60] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22EC0] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22C30] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22C90] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Internet Download Manager\IEMonitor.exe[3548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22C60] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\system32\igfxsrvc.exe[4608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01142EC0] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\system32\igfxsrvc.exe[4608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01142C30] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\system32\igfxsrvc.exe[4608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01142C90] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\WINDOWS\system32\igfxsrvc.exe[4608] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01142C60] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT D:\Perfis\Administrador.MICROSOF-F16605\Desktop\me chupa\gmer.exe[4996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT D:\Perfis\Administrador.MICROSOF-F16605\Desktop\me chupa\gmer.exe[4996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT D:\Perfis\Administrador.MICROSOF-F16605\Desktop\me chupa\gmer.exe[4996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT D:\Perfis\Administrador.MICROSOF-F16605\Desktop\me chupa\gmer.exe[4996] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Mozilla Firefox\firefox.exe[5044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12EC0] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Mozilla Firefox\firefox.exe[5044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12C30] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Mozilla Firefox\firefox.exe[5044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12C90] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

IAT C:\Arquivos de programas\Mozilla Firefox\firefox.exe[5044] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12C60] C:\Arquivos de programas\Arquivos comuns\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 89DF81F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{42693B4A-1E5B-43F0-8659-EF11C3919BF2} 899E1500

AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBPDO-0 89C2C1F8

Device \Driver\dmio \Device\DmControl\DmIoDaemon 89DFB1F8

Device \Driver\dmio \Device\DmControl\DmConfig 89DFB1F8

Device \Driver\dmio \Device\DmControl\DmPnP 89DFB1F8

Device \Driver\dmio \Device\DmControl\DmInfo 89DFB1F8

Device \Driver\usbuhci \Device\USBPDO-1 89C2C1F8

Device \Driver\usbuhci \Device\USBPDO-2 89C2C1F8

Device \Driver\PCI_PNP3074 \Device\00000046 spsk.sys

Device \Driver\usbuhci \Device\USBPDO-3 89C2C1F8

Device \Driver\usbehci \Device\USBPDO-4 89BF8500

AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89DFC1F8

Device \Driver\Ftdisk \Device\HarddiskVolume2 89DFC1F8

Device \Driver\Cdrom \Device\CdRom0 89B001F8

Device \Driver\Cdrom \Device\CdRom1 89B001F8

Device \Driver\Cdrom \Device\CdRom2 89B001F8

Device \Driver\sptd \Device\1044463074 spsk.sys

Device \Driver\NetBT \Device\NetBt_Wins_Export 899E1500

Device \Driver\NetBT \Device\NetbiosSmb 899E1500

AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)

AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

Device \Driver\usbuhci \Device\USBFDO-0 89C2C1F8

Device \Driver\usbuhci \Device\USBFDO-1 89C2C1F8

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89B52500

Device \Driver\usbuhci \Device\USBFDO-2 89C2C1F8

Device \FileSystem\MRxSmb \Device\LanmanRedirector 89B52500

Device \Driver\usbuhci \Device\USBFDO-3 89C2C1F8

Device \Driver\usbehci \Device\USBFDO-4 89BF8500

Device \Driver\Ftdisk \Device\FtControl 89DFC1F8

Device \Driver\anf1o28a \Device\Scsi\anf1o28a1Port3Path0Target1Lun0 89AF41F8

Device \Driver\anf1o28a \Device\Scsi\anf1o28a1 89AF41F8

Device \Driver\anf1o28a \Device\Scsi\anf1o28a1Port3Path0Target0Lun0 89AF41F8

Device \FileSystem\Cdfs \Cdfs 89996500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x56 0xDE 0x29 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0x66 0x12 0xD0 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0x03 0xDC 0xF2 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x91 0x11 0xF4 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD8 0x56 0xDE 0x29 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEF 0x66 0x12 0xD0 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x17 0x03 0xDC 0xF2 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD4 0x91 0x11 0xF4 ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×