cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-06-09.01 - ADMI 14/06/2015 20:50:43.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.55.1046.18.3063.1909 [GMT -3:00]
Executando de: c:\users\ADMI\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Outdated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - system32: deleted 2 bytes in 1 streams. [/i]
[i] ADS - drivers: deleted 212 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\ADMI\AppData\Roaming\AdobeReader
c:\users\ADMI\AppData\Roaming\AdobeReader\temp.zip
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-05-15 to 2015-06-15 ))))))))))))))))))))))))))))
.
.
2015-06-15 00:01 . 2015-06-15 00:05 -------- d-----w- c:\users\ADMI\AppData\Local\temp
2015-06-15 00:01 . 2015-06-15 00:01 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2015-06-15 00:01 . 2015-06-15 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-06-15 00:01 . 2015-06-15 00:01 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2015-06-14 23:13 . 2015-06-14 23:13 -------- d-----w- c:\users\ADMI\AppData\Roaming\AVG2015
2015-06-14 23:12 . 2015-06-14 23:12 -------- d-----w- c:\program files\Common Files\AV
2015-06-14 23:11 . 2015-06-14 23:13 -------- d-----w- c:\programdata\AVG2015
2015-06-14 22:51 . 2015-06-14 23:13 -------- d-----w- c:\users\ADMI\AppData\Local\Avg2015
2015-06-07 17:01 . 2015-06-14 23:38 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-06-07 17:00 . 2015-06-07 17:00 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-06-07 17:00 . 2015-06-07 17:00 -------- d-----w- c:\programdata\Malwarebytes
2015-06-07 17:00 . 2015-04-14 12:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-07 17:00 . 2015-04-14 12:37 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-07 17:00 . 2015-04-14 12:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-06 22:33 . 2015-06-06 22:01 24064 ----a-w- c:\windows\zoek-delete.exe
2015-06-06 22:01 . 2015-06-06 22:28 -------- d-----w- C:\zoek_backup
2015-06-06 21:39 . 2015-06-06 21:39 -------- d-----w- C:\RegBackup
2015-06-06 13:52 . 2015-06-14 22:34 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-06-06 00:11 . 2015-06-14 22:34 -------- d-----w- c:\program files\ZHPDiag
2015-06-06 00:11 . 2015-06-14 22:30 -------- d-----w- c:\users\ADMI\AppData\Roaming\ZHP
2015-05-31 23:57 . 2015-05-31 23:57 -------- d-----w- c:\windows\system32\SPReview
2015-05-31 23:49 . 2015-05-31 23:57 -------- d-----w- c:\windows\system32\MRT
2015-05-31 23:48 . 2015-05-18 07:57 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{684C46D9-61DD-407D-BE2B-7A75B3A1759A}\mpengine.dll
2015-05-19 12:57 . 2015-05-19 12:57 227808 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-05-18 01:06 . 2015-05-18 01:06 -------- d-----w- c:\windows\system32\vbox
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 16:49 . 2015-05-14 16:49 29664 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2015-05-12 17:46 . 2015-05-12 17:46 213984 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2015-05-12 17:45 . 2015-05-12 17:45 190944 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2015-05-12 17:45 . 2015-05-12 17:45 169440 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-05-07 16:52 . 2015-05-07 16:52 290272 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-04-15 16:05 . 2015-04-15 16:05 206816 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2015-03-20 15:18 . 2015-03-20 15:18 35808 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-04-28 14:33 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-04-28 14:33 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-04-28 14:33 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-04-28 14:33 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-04-28 14:33 576840 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-01-27 157480]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2014-09-06 507704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-06-05 3727824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-05-31 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2015-04-20 18:56 1824608 ----a-w- c:\program files\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^ADMI^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Assoc Home.lnk]
path=c:\users\ADMI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Assoc Home.lnk
backup=c:\windows\pss\Assoc Home.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wizard Fwd]
2012-06-09 04:46 12868608 ----a-w- c:\windows\System32\shell32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Compat]
2012-06-09 04:46 12868608 ----a-w- c:\windows\System32\shell32.dll
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2015\avgidsagent.exe [2015-06-05 3461072]
R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2014-09-06 507704]
R3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2014-08-16 18944]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2015-05-12 190944]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2015-05-07 290272]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2015-03-20 35808]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2014-09-02 46552]
S1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2015-03-11 132576]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2015-05-19 227808]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2015-05-14 29664]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2015-04-15 206816]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2015-05-12 213984]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-08-12 42784]
S1 Ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2014-06-20 29400]
S2 avgwd;Watchdog do AVG;c:\program files\AVG\AVG2015\avgwdsvc.exe [2015-06-05 312816]
S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2015-01-20 565560]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [2013-06-07 4150112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-06-14 119512]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-06-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-24 22:29]
.
2015-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-24 23:53]
.
2015-06-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-06-24 23:53]
.
2004-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072497237-4223285161-653604977-1001Core.job
- c:\users\ADMI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 14:08]
.
2015-06-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2072497237-4223285161-653604977-1001UA.job
- c:\users\ADMI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 14:08]
.
.
------- Scan Suplementar -------
.
uStart Page = https://www.google.com/?trackid=sp-006
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{5d01f486-f32d-462e-8830-cc1d116e8ece}_is1 - c:\users\ADMI\AppData\Roaming\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
AddRemove-ClickMeIn Packages - c:\users\ADMI\AppData\Roaming\ClickMeInPackages\UninstallPackages\Uninstall.exe
AddRemove-Video Player Packages - c:\users\ADMI\AppData\Roaming\Video Player Packages\uninstaller.exe
AddRemove-Video Player Packages 16 - c:\users\ADMI\AppData\Roaming\Video Player Packages\uninstaller.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2072497237-4223285161-653604977-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2072497237-4223285161-653604977-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2015-06-14 21:08:23
ComboFix-quarantined-files.txt 2015-06-15 00:08
.
Pré-execução: 87.684.726.784 bytes disponíveis
Pós execução: 87.961.853.952 bytes disponíveis
.
- - End Of File - - 85C0D9611EC9EA1BD6B5E0507D111E78
A36C5E4F47E84449FF07ED3517B43A31

Publicité


Signaler le contenu de ce document

Publicité