Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
ariwendell

Alguem pode dar uma olhada no meu log do Combofix?

Recommended Posts

Foi isso o q apareceu( o q devo fazer?):

ComboFix 08-10-16.08 - Ari Wendell 2008-10-17 14:27:53.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1046.18.1514 [GMT -2:00]

Executando de: C:\Documents and Settings\Ari Wendell\Desktop\ComboFix.exe

Comandos utilizados :: C:\Documents and Settings\Ari Wendell\Desktop\WinXP_BR_PRO_BF.EXE

* Criado um novo ponto de restauro

* Resident AV is active

.

(((((((((((((((( Arquivos/Ficheiros criados de 2008-09-17 to 2008-10-17 ))))))))))))))))))))))))))))

.

2008-10-17 12:54 . 2008-10-17 12:54 10,148 --a------ C:\WINDOWS\NTWLOG.003

2008-10-17 12:54 . 2008-10-17 12:54 8,986 --a------ C:\WINDOWS\NTWLOG.002

2008-10-17 12:54 . 2008-10-17 12:54 3,326 --a------ C:\WINDOWS\NTWLOG.000

2008-10-17 12:54 . 2008-10-17 12:54 2,032 --a------ C:\WINDOWS\NTWLOG.001

2008-10-17 12:54 . 2008-10-17 12:54 1,268 --a------ C:\WINDOWS\NTWLOG.005

2008-10-17 12:54 . 2008-10-17 12:54 1,136 --a------ C:\WINDOWS\NTWLOG.006

2008-10-17 12:52 . 2008-10-17 12:52 27,318 --a------ C:\WINDOWS\NTWLOG.007

2008-10-17 12:50 . 2008-10-17 12:51 <DIR> d-------- C:\Arquivos de programas\Cable e ADSL Speed

2008-10-17 12:50 . 2008-10-17 12:50 200,704 --------- C:\WINDOWS\Setup1.exe

2008-10-17 12:50 . 2008-10-17 12:50 73,216 --a------ C:\WINDOWS\ST6UNST.EXE

2008-10-17 11:56 . 2005-08-31 00:14 219,648 --a------ C:\WINDOWS\system32\uxtheme.backup

2008-10-17 10:39 . 2008-10-17 10:39 <DIR> d-------- C:\Arquivos de programas\Microsoft CAPICOM 2.1.0.2

2008-10-17 10:36 . 2008-05-09 08:55 512,000 --------- C:\WINDOWS\system32\DllCache\jscript.dll

2008-10-17 10:36 . 2008-05-09 08:55 430,080 --------- C:\WINDOWS\system32\DllCache\vbscript.dll

2008-10-17 10:36 . 2008-05-09 08:55 180,224 --------- C:\WINDOWS\system32\DllCache\scrobj.dll

2008-10-17 10:36 . 2008-05-09 08:55 172,032 --------- C:\WINDOWS\system32\DllCache\scrrun.dll

2008-10-17 10:36 . 2008-05-08 09:24 155,648 --------- C:\WINDOWS\system32\DllCache\wscript.exe

2008-10-17 10:36 . 2008-05-09 06:45 135,168 --------- C:\WINDOWS\system32\DllCache\cscript.exe

2008-10-17 10:36 . 2008-05-09 08:55 90,112 --------- C:\WINDOWS\system32\DllCache\wshext.dll

2008-10-17 08:33 . 2008-10-17 08:33 <DIR> d-------- C:\WINDOWS\system32\xircom

2008-10-17 08:33 . 2008-10-17 08:33 <DIR> d-------- C:\Arquivos de programas\microsoft frontpage

2008-10-17 08:30 . 2008-10-17 08:30 <DIR> d-------- C:\WINDOWS\system32\oobe

2008-10-17 08:30 . 2008-10-17 08:30 <DIR> d-------- C:\WINDOWS\system32\bits

2008-10-17 08:30 . 2008-10-17 08:30 <DIR> d-------- C:\WINDOWS\l2schemas

2008-10-17 08:28 . 2008-10-17 08:28 <DIR> d-------- C:\WINDOWS\ServicePackFiles

2008-10-17 00:07 . 2008-04-14 00:20 4,274,816 --------- C:\WINDOWS\system32\nv4_disp.dll

2008-10-16 23:00 . 2008-10-16 23:00 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\MozillaControl

2008-10-16 22:17 . 2008-10-17 12:49 <DIR> d-------- C:\Arquivos de programas\'Full Speed' Internet Booster + Performance Tests

2008-10-16 22:01 . 2008-10-16 22:01 <DIR> d-------- C:\WINDOWS\'Full Speed' Internet Booster + Performance Tests

2008-10-16 22:01 . 2008-10-17 12:49 <DIR> d-------- C:\aidualc3

2008-10-16 20:38 . 2008-10-16 20:38 <DIR> d-------- C:\Arquivos de programas\MSXML 4.0

2008-10-16 13:13 . 2008-10-16 13:14 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\TypingMaster7

2008-10-16 11:24 . 2008-08-14 11:24 2,193,408 --------- C:\WINDOWS\system32\DllCache\ntoskrnl.exe

2008-10-16 11:24 . 2008-08-14 11:24 2,149,376 --------- C:\WINDOWS\system32\DllCache\ntkrnlmp.exe

2008-10-16 11:24 . 2008-08-14 11:24 2,070,272 --------- C:\WINDOWS\system32\DllCache\ntkrnlpa.exe

2008-10-16 11:24 . 2008-08-14 11:24 2,028,032 --------- C:\WINDOWS\system32\DllCache\ntkrpamp.exe

2008-10-16 10:39 . 2008-06-14 15:34 272,384 --------- C:\WINDOWS\system32\DllCache\bthport.sys

2008-10-16 10:34 . 2008-09-08 08:41 333,824 --------- C:\WINDOWS\system32\DllCache\srv.sys

2008-10-16 10:32 . 2008-09-15 13:26 1,846,528 --------- C:\WINDOWS\system32\DllCache\win32k.sys

2008-10-16 10:12 . 2008-05-08 12:02 203,136 --------- C:\WINDOWS\system32\DllCache\rmcast.sys

2008-10-16 10:11 . 2008-05-01 12:36 331,776 --------- C:\WINDOWS\system32\DllCache\msadce.dll

2008-10-16 10:10 . 2008-04-11 17:05 691,712 --------- C:\WINDOWS\system32\DllCache\inetcomm.dll

2008-10-16 09:58 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-10-16 09:58 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-10-16 09:09 . 2006-09-01 22:42 694,532 --a------ C:\WINDOWS\system32\Tutorial.chm

2008-10-16 09:09 . 2007-10-02 01:59 1,806 --a------ C:\WINDOWS\system32\Chave.reg

2008-10-16 07:44 . 2008-10-16 07:44 <DIR> d-------- C:\Documents and Settings\ari\Dados de aplicativos\GetRight

2008-10-15 23:02 . 2008-10-15 23:02 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\GetRight

2008-10-15 22:18 . 2008-10-15 22:21 <DIR> d-------- C:\Downloads

2008-10-15 22:17 . 2008-10-16 08:46 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\GetRight

2008-10-15 22:04 . 2008-10-15 22:04 <DIR> d-------- C:\Arquivos de programas\Portabilizer

2008-10-15 21:46 . 2008-10-17 10:06 <DIR> d-------- C:\Arquivos de programas\Zylom Games

2008-10-15 21:36 . 2008-10-15 21:36 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Zylom

2008-10-13 22:06 . 2008-10-13 22:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Two Pilots

2008-10-13 20:30 . 2008-10-13 20:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\xing shared

2008-10-13 20:21 . 2008-10-13 20:21 <DIR> d-------- C:\Arquivos de programas\Real

2008-10-13 20:21 . 2008-10-13 20:30 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Real

2008-10-12 23:02 . 2008-10-12 23:02 <DIR> d-------- C:\Documents and Settings\ari\Tracing

2008-10-11 09:07 . 2008-10-11 09:07 <DIR> d-------- C:\Documents and Settings\ari\Dados de aplicativos\Windows Search

2008-10-07 17:41 . 2008-09-04 23:03 56,344 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys

2008-10-04 20:33 . 2008-10-04 20:33 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

2008-10-04 20:19 . 2008-10-04 20:19 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2008-10-03 23:57 . 2008-10-03 23:57 <DIR> d-------- C:\ATUALIZACAO

2008-10-02 16:52 . 2008-10-02 16:52 <DIR> d-------- C:\Arquivos de programas\VVSN

2008-10-02 16:51 . 2008-10-02 16:51 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

2008-10-02 13:10 . 2008-10-02 15:39 <DIR> d-------- C:\Arquivos de programas\NCSoft

2008-10-02 13:02 . 2008-10-02 13:10 <DIR> d-------- C:\Documents and Settings\ari\Dados de aplicativos\GetRightToGo

2008-10-01 23:48 . 2008-10-17 14:28 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\DNA

2008-10-01 23:48 . 2008-10-16 14:43 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\BitTorrent

2008-10-01 23:48 . 2008-10-01 23:48 <DIR> d-------- C:\Arquivos de programas\DNA

2008-10-01 19:02 . 2008-10-01 19:06 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Adobe

2008-10-01 18:47 . 2008-10-01 18:53 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2008-10-01 17:22 . 2008-10-01 18:53 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\NOS

2008-10-01 17:22 . 2008-10-01 18:53 <DIR> d-------- C:\Arquivos de programas\NOS

2008-10-01 15:44 . 2008-10-01 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Winferno

2008-10-01 14:05 . 2008-10-01 14:05 <DIR> d-------- C:\Arquivos de programas\Free Offers from Freeze.com

2008-10-01 13:44 . 2008-10-01 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Yahoo! Companion

2008-10-01 13:34 . 2008-10-01 13:34 <DIR> d-------- C:\Arquivos de programas\Yahoo!

2008-10-01 13:10 . 2008-10-01 17:04 <DIR> d-------- C:\Arquivos de programas\Ultimate Racing Showdown

2008-09-30 23:13 . 2008-09-30 23:13 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Wings3D

2008-09-30 22:56 . 2008-09-30 23:01 <DIR> d-------- C:\Arquivos de programas\weblin

2008-09-30 22:52 . 2008-09-30 23:01 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\zweitgeist

2008-09-30 22:13 . 2008-09-30 22:13 <DIR> d-------- C:\Arquivos de programas\wings3d_0.99.03

2008-09-30 22:09 . 2008-09-30 22:09 <DIR> d-------- C:\Arquivos de programas\UVMapper Professional Demo

2008-09-30 14:51 . 2008-09-30 14:51 <DIR> d-------- C:\Documents and Settings\ari\Dados de aplicativos\Windows Desktop Search

2008-09-29 23:02 . 2008-10-09 23:10 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-09-29 08:07 . 2008-09-29 08:07 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Windows Search

2008-09-29 08:07 . 2008-09-29 08:07 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\Windows Desktop Search

2008-09-28 19:20 . 2008-09-28 19:20 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Windows Search

2008-09-28 19:18 . 2008-09-28 19:18 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Windows Desktop Search

2008-09-28 19:18 . 2008-09-28 19:18 <DIR> d-------- C:\Arquivos de programas\Windows Desktop Search

2008-09-28 19:17 . 2008-03-07 15:02 192,000 --------- C:\WINDOWS\system32\DllCache\offfilt.dll

2008-09-28 19:17 . 2008-03-07 15:02 98,304 --------- C:\WINDOWS\system32\DllCache\nlhtml.dll

2008-09-28 19:17 . 2008-03-07 15:02 29,696 --------- C:\WINDOWS\system32\DllCache\mimefilt.dll

2008-09-25 16:02 . 2008-09-25 22:06 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Apple Computer

2008-09-25 16:01 . 2008-10-16 13:57 <DIR> d-------- C:\Arquivos de programas\Bonjour

2008-09-25 16:00 . 2008-10-07 17:29 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple Computer

2008-09-25 16:00 . 2008-09-25 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Dados de aplicativos\Apple

2008-09-25 16:00 . 2008-10-07 17:29 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Apple

2008-09-25 16:00 . 2008-09-25 16:00 <DIR> d-------- C:\Arquivos de programas\Apple Software Update

2008-09-23 23:44 . 2008-09-29 15:18 <DIR> d-------- C:\Arquivos de programas\UltraISO

2008-09-23 23:44 . 2008-09-23 23:44 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\EZB Systems

2008-09-23 19:17 . 2008-09-23 19:17 <DIR> d-------- C:\Arquivos de programas\Shock Utility

2008-09-23 19:17 . 2008-09-23 19:17 65,536 --a------ C:\WINDOWS\IFinst27.exe

2008-09-23 19:14 . 2008-09-23 19:15 <DIR> d-------- C:\Arquivos de programas\AeroDesktop

2008-09-23 18:20 . 2008-09-23 18:20 <DIR> d-------- C:\WINDOWS\system32\hitman_ss dir

2008-09-23 18:19 . 2008-09-23 18:20 520,192 --a------ C:\WINDOWS\system32\hitman_ss.scr

2008-09-23 14:19 . 2008-09-23 14:19 0 --a------ C:\WINDOWS\graphedit.INI

2008-09-21 19:33 . 2008-10-07 17:39 <DIR> d-------- C:\Arquivos de programas\Windows Live Toolbar

2008-09-21 19:33 . 2008-09-21 19:33 <DIR> d-------- C:\Arquivos de programas\Windows Live Favorites

2008-09-21 19:29 . 2008-09-21 19:29 <DIR> d-------- C:\Arquivos de programas\Microsoft SQL Server Compact Edition

2008-09-21 18:53 . 2008-10-07 17:29 <DIR> d-------- C:\Arquivos de programas\QuickTime

2008-09-21 09:45 . 2008-09-21 09:45 <DIR> d-------- C:\Arquivos de programas\K-Lite Codec Pack

2008-09-20 22:30 . 2008-09-21 16:28 <DIR> d-------- C:\Arquivos de programas\SopCast

2008-09-20 14:41 . 2008-09-28 19:18 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy

2008-09-20 14:40 . 2008-09-20 14:44 <DIR> d-------- C:\Arquivos de programas\Hitman Pro

2008-09-20 10:25 . 2008-09-20 10:25 <DIR> dr-h----- C:\Documents and Settings\Administrador\Dados de aplicativos\SecuROM

2008-09-20 08:01 . 2008-09-20 08:01 <DIR> d-------- C:\Documents and Settings\Administrador\Dados de aplicativos\AdobeUM

2008-09-20 07:19 . 2008-10-17 13:56 <DIR> d-------- C:\Documents and Settings\Administrador\Tracing

2008-09-19 21:52 . 2008-10-17 13:58 <DIR> d-------- C:\Documents and Settings\Ari Wendell\Tracing

2008-09-19 21:52 . 2008-09-19 21:52 <DIR> d-------- C:\Arquivos de programas\Microsoft Office Outlook Connector

2008-09-19 21:52 . 2006-11-29 14:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll

2008-09-19 21:50 . 2008-09-19 21:50 <DIR> d-------- C:\Arquivos de programas\Microsoft

2008-09-19 20:57 . 2008-09-19 20:57 <DIR> d-------- C:\Arquivos de programas\Arquivos comuns\Windows Live

2008-09-17 16:08 . 2008-08-23 18:13 <DIR> d-------- C:\Documents and Settings\ari\nodtmpb

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-10-17 15:59 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Lightcomm

2008-10-17 14:44 --------- d-----w C:\Arquivos de programas\Windows Live Safety Center

2008-10-17 12:51 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2008-10-16 00:59 --------- d-----w C:\Arquivos de programas\Windows Media Connect 2

2008-10-13 22:29 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2008-10-13 22:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2008-10-13 16:00 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Lightcomm

2008-10-11 10:45 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Vso

2008-10-07 19:41 --------- d-----w C:\Arquivos de programas\Windows Live

2008-10-04 11:44 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\WLInstaller

2008-10-03 19:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-10-03 17:26 6,066,176 ----a-w C:\WINDOWS\system32\DllCache\ieframe.dll

2008-10-02 17:39 --------- d--h--w C:\Arquivos de programas\InstallShield Installation Information

2008-09-21 21:15 --------- dcsh--w C:\Arquivos de programas\Arquivos comuns\WindowsLiveInstaller

2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys

2008-09-14 20:40 201,728 ----a-w C:\WINDOWS\system32\HSM3_ScreenSaver.scr

2008-09-14 11:14 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Zylom

2008-09-13 12:53 --------- d-----w C:\Arquivos de programas\Reference Assemblies

2008-09-13 12:53 --------- d-----w C:\Arquivos de programas\MSBuild

2008-09-13 12:50 --------- d-----w C:\Arquivos de programas\MSXML 6.0

2008-09-13 10:47 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Zylom

2008-09-11 17:01 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\DAEMON Tools

2008-09-09 03:03 51,712 ----a-w C:\WINDOWS\system32\sirenacm.dll

2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys

2008-09-08 00:51 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Gizmo5

2008-09-07 11:10 --------- d-----w C:\Arquivos de programas\Sun

2008-09-07 11:09 --------- d-----w C:\Arquivos de programas\Java

2008-09-06 17:20 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Nero

2008-09-06 17:20 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Nero

2008-09-06 01:31 267,304 ------w C:\WINDOWS\system32\DllCache\wgaLogon.dll

2008-09-06 01:30 951,336 ------w C:\WINDOWS\system32\DllCache\WgaTray.exe

2008-09-05 23:11 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\IGN_DLM

2008-09-05 19:04 288,768 ----a-w C:\WINDOWS\WLXPGSS.SCR

2008-09-04 18:56 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Yahoo!

2008-09-04 18:47 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\Nero

2008-09-04 18:44 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Nero

2008-09-02 15:17 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-09-02 15:17 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\DAEMON Tools

2008-09-02 02:15 --------- d-----w C:\Arquivos de programas\DirecteX

2008-09-01 16:40 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Yahoo!

2008-09-01 16:40 --------- d-----w C:\Arquivos de programas\IObit

2008-08-31 20:23 --------- d-----w C:\Arquivos de programas\Conduit

2008-08-30 21:28 77,824 ----a-w C:\WINDOWS\system32\kdfapi.dll

2008-08-30 21:28 640,352 ----a-w C:\WINDOWS\system32\kdfmgr.exe

2008-08-30 21:28 53,248 ----a-w C:\WINDOWS\system32\Kdfhok.dll

2008-08-30 21:28 192,512 ----a-w C:\WINDOWS\system32\kdfvmgr.exe

2008-08-30 21:21 766,816 ----a-w C:\WINDOWS\system32\kdfinj.dll

2008-08-30 21:21 213,075 ----a-w C:\WINDOWS\system32\kdfmod.dll

2008-08-30 02:46 2,887,680 ----a-w C:\WINDOWS\system32\VagalumePluginWMP.dll

2008-08-29 13:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe

2008-08-29 12:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll

2008-08-29 00:16 --------- d-----w C:\Arquivos de programas\Google

2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\DllCache\mshtml.dll

2008-08-27 00:40 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\FDRLab

2008-08-27 00:31 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\TVU Networks

2008-08-27 00:31 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\TVU Networks

2008-08-27 00:08 --------- d-----w C:\Arquivos de programas\RelevantKnowledge

2008-08-26 22:15 --------- d-----w C:\Arquivos de programas\Programas RFB

2008-08-25 20:00 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\AdobeUM

2008-08-25 16:14 --------- d-----w C:\Arquivos de programas\Oi Velox

2008-08-25 08:42 70,656 ------w C:\WINDOWS\system32\DllCache\ie4uinit.exe

2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\DllCache\ieudinit.exe

2008-08-25 01:29 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\SmarThru4

2008-08-25 01:29 --------- d-----w C:\Arquivos de programas\SmarThru 4

2008-08-25 01:29 --------- d-----w C:\Arquivos de programas\Readiris10

2008-08-25 01:29 --------- d-----w C:\Arquivos de programas\Arquivos comuns\SRC Shared

2008-08-25 01:28 --------- d-----w C:\Arquivos de programas\Arquivos comuns\InstallShield

2008-08-25 01:25 --------- d-----w C:\Arquivos de programas\SAMSUNG

2008-08-25 00:14 --------- d-----w C:\Documents and Settings\Ari Wendell\Dados de aplicativos\Media Player Classic

2008-08-23 21:01 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\Windows Live Toolbar

2008-08-23 20:36 --------- d-----w C:\Documents and Settings\Administrador\Dados de aplicativos\InstallShield

2008-08-23 20:36 --------- d-----w C:\Arquivos de programas\Realtek

2008-08-23 20:33 --------- d-----w C:\Arquivos de programas\Intel

2008-08-23 20:29 --------- d-----w C:\Documents and Settings\All Users\Dados de aplicativos\ESET

2008-08-23 20:29 --------- d-----w C:\Arquivos de programas\ESET

2008-08-23 20:23 --------- d-----w C:\Arquivos de programas\Microsoft Works

2008-08-23 20:13 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Java

2008-08-23 20:11 --------- d-----w C:\Arquivos de programas\Serviços on-line

2008-08-23 20:09 --------- d-----w C:\Arquivos de programas\Arquivos comuns\Serviços

2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\DllCache\iexplore.exe

2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\DllCache\ieakui.dll

2008-08-14 13:24 2,149,376 ----a-w C:\WINDOWS\system32\ntoskrnl.exe

2008-08-14 13:24 2,028,032 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe

2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\DllCache\afd.sys

2008-08-06 12:18 69,632 ----a-r C:\WINDOWS\system32\MSJCE.dll

2008-07-29 23:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe

2008-07-29 22:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll

2008-07-29 22:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll

2008-07-29 22:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2008-07-29 22:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll

2008-07-29 22:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe

2008-07-29 22:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll

2008-07-25 14:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll

2008-07-25 14:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll

2008-07-25 14:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll

2008-07-25 14:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll

2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll

2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll

2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

2008-08-21 16:15 94736 --a------ C:\Arquivos de programas\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{21FA44EF-376D-4D53-9B0F-8A89D3229068}"= "C:\Arquivos de programas\Windows Live\Toolbar\wltcore.dll" [2008-09-02 953360]

[HKEY_CLASSES_ROOT\clsid\{21fa44ef-376d-4d53-9b0f-8a89d3229068}]

[HKEY_CLASSES_ROOT\TypeLib\{182E05A4-F4FF-4F73-8C84-D36B87D915AF}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2008-09-09 3513344]

"swg"="C:\Arquivos de programas\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-28 171448]

"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe" [bU]

"BitTorrent DNA"="C:\Arquivos de programas\DNA\btdna.exe" [2008-10-01 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"GrooveMonitor"="C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"egui"="C:\Arquivos de programas\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]

"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 98304]

"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 77824]

"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 118784]

"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-08-16 503808]

"desp2k"="C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe" [2006-08-03 65536]

"Adobe Reader Speed Launcher"="C:\Arquivos de programas\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"VVSN"="C:\Arquivos de programas\VVSN\VVSN.exe" [2005-10-25 107520]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2008-10-13 185896]

"CASpeed"="C:\Arquivos de programas\Cable e ADSL Speed\NtwCA.exe" [2002-10-16 157696]

"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nlsf"="move" [X]

"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-03 44544]

C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\Ari Wendell\Menu Iniciar\Programas\Inicializar\

Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Arquivos de programas\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

Windows Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Arquivos de programas\\SopCast\\adv\\SopAdver.exe"=

"D:\\Arquivos de programas\\eMule\\emule.exe"=

"C:\\Arquivos de programas\\Bonjour\\mDNSResponder.exe"=

"C:\\Arquivos de programas\\DNA\\btdna.exe"=

"D:\\Arquivos de programas\\BitTorrent\\bittorrent.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]

R2 cmpe;Context Manager Process Extension;C:\WINDOWS\system32\cmpe.exe [2007-02-26 61440]

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 31232]

S3 fsssvc;Windows Live Proteção para a Família;C:\Arquivos de programas\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]

S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 XDva195;XDva195;C:\WINDOWS\system32\XDva195.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1ded7fa9-7d13-11dd-9693-001a4dacb637}]

\Shell\AutoRun\command - F:\Autorun.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

2008-10-14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

- C:\Arquivos de programas\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2008-10-15 C:\WINDOWS\Tasks\rpc.job

- C:\Arquivos de programas\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-updateMgr - C:\Arquivos de programas\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

HKCU-Run-igndlm.exe - C:\Arquivos de programas\Download Manager\DLM.exe

HKCU-Run-QuickPhrase - C:\Arquivos de programas\TypingMaster\quickphrase\quickphrase.exe

.

------- Scan Suplementar -------

.

R0 -: HKCU-Main,Start Page = hxxp://www.centralexpert.net/

R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore

O8 -: &Windows Live Search - C:\Arquivos de programas\Windows Live Toolbar\msntb.dll/search.htm

O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 -: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O17 -: HKLM\CCS\Interface\{BDC9B16E-013E-4ED2-9DAC-29A5C0F47983}: NameServer = 200.165.132.155 200.149.55.142

O16 -: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://kings.nefficient.co.kr/kings/kdfx/kdfx308/kdfense8.cab

C:\WINDOWS\Downloaded Program Files\kdfense8.inf

C:\WINDOWS\system32\mfc42.dll

C:\WINDOWS\system32\msvcrt.dll

C:\WINDOWS\system32\olepro32.dll

C:\WINDOWS\system32\uninstallkdf8.exe

C:\WINDOWS\Downloaded Program Files\kdfense8.ocx

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-10-17 14:31:49

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

Tempo para conclusão: 2008-10-17 14:32:54

ComboFix-quarantined-files.txt 2008-10-17 16:32:30

ComboFix2.txt 2008-10-17 15:57:36

Pré-execução: 18 pasta(s) 12,979,789,824 bytes disponíveis

Pós execução: 18 pasta(s) 12,966,899,712 bytes disponíveis

WinXP_BR_PRO_BF.EXE

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

364 --- E O F --- 2008-10-17 13:11:48

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro ariwendell

Desculpe-nos pela demora mas, se ainda precisa de ajuda, por favor poste o log do Hijackthis.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×