cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation

ComboFix 15-10-01.01 - Usuario 05/10/2015 13:17:47.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.1789.521 [GMT -3:00]
Executando de: C:\Users\Usuario\Desktop\ComboFix.exe
Comandos utilizados :: C:\Users\Usuario\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DiagTrack


(((((((((((((((( Arquivos/Ficheiros criados de 2015-09-05 to 2015-10-05 ))))))))))))))))))))))))))))


2015-09-29 02:20:50 . 2015-09-29 20:17:06 780488 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2015-09-29 02:20:50 . 2015-09-29 20:17:05 142536 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-29 02:20:46 . 2015-09-29 02:20:46 -------- d-----w- C:\Windows\system32\Macromed
2015-09-29 02:19:56 . 2015-09-29 20:17:12 -------- d-----w- C:\Users\Usuario\AppData\Local\Adobe
2015-09-16 18:49:53 . 2015-09-16 18:49:53 -------- d-----w- C:\TOOLWIZ
2015-09-16 18:49:50 . 2015-09-17 00:54:16 -------- d-----w- C:\Users\Usuario\AppData\Local\ToolwizCareFree
2015-09-16 18:49:44 . 2015-09-17 00:54:16 -------- d-----w- C:\Program Files\ToolwizCareFree
2015-09-16 17:13:18 . 2015-09-16 17:13:18 -------- d-----w- C:\_OTS
2015-09-15 21:16:05 . 2015-09-15 21:16:05 -------- d-----w- C:\Windows\ERUNT
2015-09-10 13:23:04 . 2015-09-10 13:23:56 -------- d-----w- C:\ProgramData\Auslogics
2015-09-10 13:21:50 . 2015-09-10 13:23:34 -------- d-----w- C:\Program Files\Auslogics
2015-09-10 13:15:16 . 2015-09-10 13:15:16 -------- d-----w- C:\Program Files\VS Revo Group
2015-09-09 13:23:27 . 2015-10-05 16:38:28 -------- d-----w- C:\Users\Usuario\AppData\Local\Temp
.


((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2015-08-10 15:05:26 . 2015-08-10 15:05:26 93184 ----a-w- C:\Windows\system32\wudriver.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 73728 ----a-w- C:\Windows\system32\WinSetupUI.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 566784 ----a-w- C:\Windows\system32\wuapi.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 35840 ----a-w- C:\Windows\system32\wups2.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 34816 ----a-w- C:\Windows\system32\wuapp.exe
2015-08-10 15:05:26 . 2015-08-10 15:05:26 30208 ----a-w- C:\Windows\system32\wups.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 2943488 ----a-w- C:\Windows\system32\wucltux.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 2061312 ----a-w- C:\Windows\system32\wuaueng.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 173056 ----a-w- C:\Windows\system32\wuwebv.dll
2015-08-10 15:05:26 . 2015-08-10 15:05:26 135680 ----a-w- C:\Windows\system32\wuauclt.exe
2015-08-10 15:05:26 . 2015-08-10 15:05:26 11776 ----a-w- C:\Windows\system32\wu.upgrade.ps.dll
2015-07-24 21:38:14 . 2015-07-24 21:38:14 70656 ----a-w- C:\Windows\system32\fontsub.dll
2015-07-24 21:38:14 . 2015-07-24 21:38:14 34304 ----a-w- C:\Windows\system32\atmlib.dll
2015-07-24 21:38:14 . 2015-07-24 21:38:14 299008 ----a-w- C:\Windows\system32\atmfd.dll
2015-07-24 21:38:14 . 2015-07-24 21:38:14 26624 ----a-w- C:\Windows\system32\lpk.dll
2015-07-24 21:38:14 . 2015-07-24 21:38:14 10240 ----a-w- C:\Windows\system32\dciman32.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 98304 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
2015-07-18 13:18:08 . 2015-07-18 13:18:08 686080 ----a-w- C:\Windows\system32\adtschema.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 67520 ----a-w- C:\Windows\system32\drivers\ksecdd.sys
2015-07-18 13:18:08 . 2015-07-18 13:18:08 655360 ----a-w- C:\Windows\system32\rpcrt4.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 65536 ----a-w- C:\Windows\system32\TSpkg.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 60416 ----a-w- C:\Windows\system32\msobjs.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 552960 ----a-w- C:\Windows\system32\kerberos.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 50176 ----a-w- C:\Windows\system32\auditpol.exe
2015-07-18 13:18:08 . 2015-07-18 13:18:08 36864 ----a-w- C:\Windows\system32\cryptbase.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 259584 ----a-w- C:\Windows\system32\msv1_0.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 248832 ----a-w- C:\Windows\system32\schannel.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 225792 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
2015-07-18 13:18:08 . 2015-07-18 13:18:08 22528 ----a-w- C:\Windows\system32\lsass.exe
2015-07-18 13:18:08 . 2015-07-18 13:18:08 221184 ----a-w- C:\Windows\system32\ncrypt.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 22016 ----a-w- C:\Windows\system32\secur32.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 17408 ----a-w- C:\Windows\system32\credssp.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 172032 ----a-w- C:\Windows\system32\wdigest.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 15872 ----a-w- C:\Windows\system32\sspisrv.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 146432 ----a-w- C:\Windows\system32\msaudite.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 137664 ----a-w- C:\Windows\system32\drivers\ksecpkg.sys
2015-07-18 13:18:08 . 2015-07-18 13:18:08 124416 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
2015-07-18 13:18:08 . 2015-07-18 13:18:08 1061376 ----a-w- C:\Windows\system32\lsasrv.dll
2015-07-18 13:18:08 . 2015-07-18 13:18:08 100352 ----a-w- C:\Windows\system32\sspicli.dll
2015-07-18 13:17:27 . 2015-07-18 13:17:27 856064 ----a-w- C:\Windows\system32\rdvidcrl.dll
2015-07-18 13:17:27 . 2015-07-18 13:17:27 6131200 ----a-w- C:\Windows\system32\mstscax.dll
2015-07-18 13:17:27 . 2015-07-18 13:17:27 53248 ----a-w- C:\Windows\system32\tsgqec.dll
2015-07-18 13:17:26 . 2015-07-18 13:17:26 355840 ----a-w- C:\Windows\system32\wksprt.exe
2015-07-18 13:16:59 . 2015-07-18 13:16:59 2745856 ----a-w- C:\Windows\system32\rdpcorets.dll
2015-07-18 13:16:59 . 2015-07-18 13:16:59 13824 ----a-w- C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-18 13:16:10 . 2015-07-18 13:16:10 1414656 ----a-w- C:\Windows\system32\ole32.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 667648 ----a-w- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-18 13:15:40 . 2015-07-18 13:15:40 64000 ----a-w- C:\Windows\system32\MshtmlDac.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 62464 ----a-w- C:\Windows\system32\iesetup.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 620032 ----a-w- C:\Windows\system32\jscript9diag.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 60416 ----a-w- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 504320 ----a-w- C:\Windows\system32\vbscript.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 47616 ----a-w- C:\Windows\system32\ieetwproxystub.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 4520448 ----a-w- C:\Windows\system32\jscript9.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 4096 ----a-w- C:\Windows\system32\ieetwcollectorres.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 341504 ----a-w- C:\Windows\system32\html.iec
2015-07-18 13:15:40 . 2015-07-18 13:15:40 2724864 ----a-w- C:\Windows\system32\mshtml.tlb
2015-07-18 13:15:40 . 2015-07-18 13:15:40 2052608 ----a-w- C:\Windows\system32\inetcpl.cpl
2015-07-18 13:15:40 . 2015-07-18 13:15:40 1951232 ----a-w- C:\Windows\system32\wininet.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 115712 ----a-w- C:\Windows\system32\ieUnatt.exe
2015-07-18 13:15:40 . 2015-07-18 13:15:40 1155072 ----a-w- C:\Windows\system32\mshtmlmedia.dll
2015-07-18 13:15:40 . 2015-07-18 13:15:40 102912 ----a-w- C:\Windows\system32\ieetwcollector.exe
2015-07-18 13:14:36 . 2015-07-18 13:14:36 305664 ----a-w- C:\Windows\system32\gdi32.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 73216 ----a-w- C:\Windows\system32\msiexec.exe
2015-07-18 13:14:17 . 2015-07-18 13:14:17 47104 ----a-w- C:\Windows\system32\appinfo.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 337408 ----a-w- C:\Windows\system32\msihnd.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 25088 ----a-w- C:\Windows\system32\msimsg.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 2364416 ----a-w- C:\Windows\system32\msi.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 1805824 ----a-w- C:\Windows\system32\authui.dll
2015-07-18 13:14:17 . 2015-07-18 13:14:17 101824 ----a-w- C:\Windows\system32\consent.exe
2015-07-18 13:13:46 . 2015-07-18 13:13:46 2383872 ----a-w- C:\Windows\system32\win32k.sys
2015-07-18 13:13:29 . 2015-07-18 13:13:29 210432 ----a-w- C:\Windows\system32\cewmdm.dll


(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))


*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner.exe" [2015-05-08 19:49:04 6369048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 17:46:54 1458176]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 22:21:50 7625248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 8]
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BTMeter]
2008-07-11 14:15:46 537896 ----a-w- C:\Program Files\Battery Meter\BTMeter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-05-08 19:49:04 6369048 ----a-w- C:\Program Files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DoroServer]
2012-05-03 00:34:40 172032 ----a-w- C:\Program Files\DoroPDFWriter\DoroServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSTray]
2010-12-15 17:22:16 557056 ----a-w- C:\Program Files\SiS VGA Utilities\SiSTray.exe

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 21:29:03 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe [2015-07-18 13:15:40 102912]
R3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler;C:\Program Files\PDF Architect 3\crash-handler-ws.exe [2015-04-24 15:21:06 901336]
R3 PDF Architect 3;PDF Architect 3;C:\Program Files\PDF Architect 3\ws.exe [2015-04-24 15:21:22 2244312]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14:44:32 14848]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [2010-11-20 21:29:03 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys [2012-08-23 14:46:55 24064]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 00:42:31 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 21:29:03 27264]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 21:29:03 112640]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [2015-04-30 03:01:06 20256]
S0 EMSC;COMPAL Embedded System Control;C:\Windows\system32\DRIVERS\EMSC.SYS [2007-04-19 18:21:14 9856]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\system32\drivers\HWiNFO32.SYS [2015-06-16 00:02:45 23840]
S3 SiS6350;SiS6350;C:\Windows\system32\DRIVERS\SISGRKMD.sys [2010-12-15 17:09:44 466432]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSGB6.sys [2009-07-13 22:02:53 48128]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack

Conteúdo da pasta 'Tarefas Agendadas'

2015-09-29 C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- C:\Windows\system32\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-09-29 02:20:50 . 2015-09-29 20:17:05]

2015-10-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-29 02:20:52 . 2015-09-29 20:17:07]


------- Scan Suplementar -------

uStart Page = https://www.google.com.br/
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD08596B-109F-492C-8729-24AA1C79DB28}: NameServer = 189.38.95.95,189.38.95.96


Publicité


Signaler le contenu de ce document

Publicité