ComboFix 16-03-19.01 - Intel 22/03/2016 18:31:09.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.2038.1025 [GMT -3:00] Executando de: c:\users\Intel\Downloads\Programs\ComboFix.exe AV: Bitdefender Antivirus Free Edition *Enabled/Updated* {3FB17364-4FCC-0FA7-6BBF-973897395371} SP: Bitdefender Antivirus Free Edition *Enabled/Updated* {84D09280-69F6-0029-510F-AC4AECBE19CC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\HP Support Framework\HPSF_Config1.dll . . (((((((((((((((( Arquivos/Ficheiros criados de 2016-02-22 to 2016-03-22 )))))))))))))))))))))))))))) . . 2043-09-05 05:20 . 2043-09-05 05:20 -------- d-----w- c:\program files\Common Files 2016-03-22 22:11 . 2016-03-22 22:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-03-21 18:47 . 2016-03-21 18:47 261056 ----a-w- c:\windows\system32\drivers\avchv.sys 2016-03-20 20:17 . 2016-03-21 21:38 -------- d-----w- c:\users\Intel\AppData\Roaming\Mipony 2016-03-20 20:17 . 2016-03-20 20:17 -------- d-----w- c:\program files (x86)\MiPony 2016-03-17 01:11 . 2016-03-17 01:11 -------- d-----w- c:\users\Intel\AppData\Local\CEF 2016-03-16 23:40 . 2016-03-16 23:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2016-03-13 23:38 . 2016-03-13 23:38 -------- d-----w- c:\program files (x86)\EA GAMES 2016-03-13 16:50 . 2016-03-13 16:50 -------- d-----w- c:\program files (x86)\GameVicio 2016-03-13 16:08 . 2016-03-13 16:08 -------- d-----w- c:\users\Intel\AppData\Local\Diagnostics 2016-03-13 14:56 . 2016-03-13 14:56 -------- d-----w- c:\windows\Migration 2016-03-13 14:54 . 2009-11-25 14:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll 2016-03-13 14:54 . 2009-11-25 14:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll 2016-03-13 14:54 . 2009-11-25 14:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe 2016-03-13 14:54 . 2009-11-25 14:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll 2016-03-13 14:54 . 2009-11-25 14:47 48960 ----a-w- c:\windows\system32\netfxperf.dll 2016-03-13 14:54 . 2009-11-25 14:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll 2016-03-13 14:54 . 2009-11-25 14:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2016-03-13 14:54 . 2009-11-25 14:47 444752 ----a-w- c:\windows\system32\mscoree.dll 2016-03-13 14:54 . 2009-11-25 14:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe 2016-03-13 14:54 . 2009-11-25 14:47 1942856 ----a-w- c:\windows\system32\dfshim.dll 2016-03-13 14:19 . 2016-03-13 14:19 -------- d-----w- c:\users\Intel\AppData\Local\Xenocode 2016-03-13 14:19 . 2016-03-13 14:19 -------- d-----w- c:\program files (x86)\Xenocode 2016-03-13 03:13 . 2016-03-13 23:14 -------- d-----w- c:\users\Intel\AppData\Roaming\IDM 2016-03-13 03:13 . 2016-03-13 03:49 -------- d-----w- c:\program files (x86)\Internet Download Manager 2016-03-11 11:49 . 2016-01-28 09:20 209056 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2016-03-10 12:44 . 2016-03-10 12:44 -------- d-----w- C:\zoek 2016-03-07 20:59 . 2016-03-07 20:59 -------- d-----w- c:\programdata\IDM 2016-03-06 22:29 . 2016-03-07 13:14 -------- d-----w- c:\program files (x86)\AdwCleaner 2016-03-06 18:49 . 2016-03-19 00:50 -------- d-----w- C:\FRST 2016-03-03 22:22 . 2016-03-03 22:21 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2016-03-03 22:22 . 2016-03-02 02:59 110176 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-64.dll 2016-03-03 22:20 . 2016-03-03 22:20 -------- d-----w- c:\program files (x86)\Java 2016-03-03 22:03 . 2016-03-03 22:03 -------- d-----w- c:\users\Intel\.receitanet 2016-03-03 22:02 . 2016-03-03 22:02 -------- d-----w- c:\program files (x86)\Programas RFB 2016-03-03 13:04 . 2009-07-15 04:21 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2016-03-03 13:04 . 2013-04-17 17:59 593144 ----a-w- c:\windows\system32\drivers\avckf.sys 2016-03-03 13:04 . 2013-04-17 17:59 718840 ----a-w- c:\windows\system32\drivers\avc3.sys 2016-03-03 13:04 . 2016-03-03 13:04 -------- d-----w- c:\program files\Bitdefender 2016-03-03 13:03 . 2013-04-22 16:21 148696 ----a-w- c:\windows\system32\drivers\gzflt.sys 2016-03-03 13:03 . 2013-05-28 15:12 382536 ----a-w- c:\windows\system32\drivers\trufos.sys 2016-03-03 12:51 . 2016-03-03 12:51 -------- d-----w- c:\users\Intel\AppData\Roaming\Apple Computer 2016-03-02 12:33 . 2016-03-12 13:05 -------- d-----w- c:\users\Intel\AppData\Local\PrivaZer 2016-03-02 12:33 . 2016-03-02 12:34 -------- d-----w- c:\program files (x86)\PrivaZer 2016-03-02 12:33 . 2016-03-02 12:33 -------- d-----w- c:\programdata\privazer 2016-03-02 12:24 . 2016-03-02 12:24 -------- d-----w- C:\Quarentena 2016-03-02 03:57 . 2016-03-22 21:07 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2016-03-02 03:06 . 2016-03-03 22:02 -------- d--h--w- c:\program files (x86)\InstallJammer Registry 2016-03-02 03:05 . 2016-03-02 03:05 -------- d-----w- C:\Arquivos de Programas RFB 2016-03-02 03:02 . 2016-03-02 03:02 -------- d-----w- c:\program files (x86)\Common Files\Java 2016-03-02 03:00 . 2016-03-03 22:22 -------- d-----w- c:\users\Intel\.oracle_jre_usage 2016-03-02 03:00 . 2016-03-02 02:59 110176 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2016-03-02 02:59 . 2016-03-03 22:23 -------- d-----w- c:\programdata\Oracle 2016-03-02 02:58 . 2016-03-02 02:58 -------- d-----w- c:\program files\Java 2016-02-29 14:30 . 2016-02-29 14:31 -------- d-----w- c:\users\Intel\AppData\Roaming\ProductData 2016-02-29 14:30 . 2016-03-22 12:00 -------- d-----w- c:\programdata\ProductData 2016-02-29 14:29 . 2016-03-02 03:29 -------- d-----w- c:\program files (x86)\Common Files\IObit 2016-02-29 14:25 . 2016-02-29 14:31 -------- d-----w- c:\users\Intel\AppData\Roaming\IObit 2016-02-29 14:24 . 2016-03-18 23:45 -------- d-----w- c:\programdata\IObit 2016-02-29 14:24 . 2016-03-13 02:59 -------- d-----w- c:\program files (x86)\IObit 2016-02-27 14:16 . 2016-02-27 14:18 -------- d-----w- c:\program files (x86)\Motorola Mobility 2016-02-27 14:16 . 2016-02-27 14:16 -------- d-----w- c:\program files (x86)\Motorola 2016-02-27 14:16 . 2016-02-27 14:16 -------- d-----w- c:\program files (x86)\MSXML 4.0 2016-02-27 14:15 . 2016-02-27 14:15 -------- d-----w- c:\program files\Motorola Mobility LLC 2016-02-27 14:14 . 2016-02-27 14:14 -------- d-----w- c:\users\Intel\AppData\Roaming\Motorola 2016-02-26 11:26 . 2016-03-21 18:41 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2016-02-26 11:25 . 2016-02-26 11:25 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware 2016-02-26 11:25 . 2016-02-26 11:25 -------- d-----w- c:\programdata\Malwarebytes 2016-02-26 11:25 . 2015-10-05 12:50 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2016-02-26 11:25 . 2015-10-05 12:50 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2016-02-26 11:25 . 2015-10-05 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2016-02-26 11:22 . 2016-03-13 16:59 -------- d-----w- c:\users\Intel\AppData\Local\VirtualStore 2016-02-26 10:55 . 2016-03-22 22:11 -------- d-----w- c:\users\Intel\AppData\Local\Temp 2016-02-25 14:08 . 2015-03-18 13:23 103640 ------w- c:\windows\system32\drivers\wsddpp.sys 2016-02-25 14:08 . 2016-03-22 21:08 101080 ----a-w- c:\windows\system32\drivers\wsddfac.sys 2016-02-25 14:07 . 2016-02-25 14:07 -------- d--h--w- c:\program files (x86)\GAS Tecnologia 2016-02-25 14:07 . 2016-02-25 14:07 -------- d--h--w- c:\program files (x86)\Diebold 2016-02-25 14:07 . 2016-02-25 14:07 -------- d-----w- c:\program files\Diebold 2016-02-25 14:04 . 2016-02-25 14:04 -------- d-----w- c:\programdata\GAS Tecnologia 2016-02-25 14:04 . 2016-03-22 21:08 -------- d---a-w- c:\program files (x86)\GbPlugin 2016-02-25 14:04 . 2016-02-25 14:06 -------- d-----w- c:\programdata\GbPlugin 2016-02-25 14:03 . 2016-02-25 14:03 -------- d-----w- c:\users\Intel\AppData\Local\Programs . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-02-25 14:14 . 2016-02-25 14:14 1856 ----a-w- c:\windows\Fonts\Warsaw Bold.ttf 2016-02-17 18:03 . 2016-02-17 18:03 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2016-02-17 18:03 . 2016-02-17 18:03 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 9"="c:\program files (x86)\IObit\Advanced SystemCare\ASCTray.exe" [2016-01-11 2019616] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2016-02-11 3933392] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSimpleNetIDList"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef] 2015-09-22 23:25 1888480 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll . R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg64.sys;c:\windows\SYSNATIVE\drivers\gbpddreg64.sys [x] R1 gbpddfac;Warsaw File Access svc;c:\windows\system32\drivers\gbpddfac64.sys;c:\windows\SYSNATIVE\drivers\gbpddfac64.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [x] S1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x] S1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys;c:\windows\SYSNATIVE\drivers\wsddfac.sys [x] S1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys;c:\windows\SYSNATIVE\drivers\wsddpp.sys [x] S2 AdvancedSystemCareService9;Advanced SystemCare Service 9;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare\ASCService.exe [x] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x] S2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x] S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x] S3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] S3 GBPRCM;Service for G-Buster Driver (PM);c:\program files (x86)\GbPlugin\gbprcm64.sys;c:\program files (x86)\GbPlugin\gbprcm64.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x] S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert64.sys;c:\program files\Diebold\Warsaw\WinDivert64.sys [x] . . --- =Outros Serviços/Drivers Na Memória --- . *Deregistered* - GbFtIn *Deregistered* - mad_inj_driver . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}] 2015-12-18 15:42 286904 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll . Conteúdo da pasta 'Tarefas Agendadas' . 2016-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02 04:04] . 2016-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-03-02 04:04] . 2016-03-20 c:\windows\Tasks\HPCeeScheduleForIntel.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 12:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}] 2015-11-12 13:39 2472224 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2015-08-14 12:52 25624 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-19 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-19 385560] "Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2015-11-04 904928] . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Fazer o download usando o IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm Trusted Zone: caixa.gov.br\imagem Trusted Zone: caixa.gov.br\imagem2 Trusted Zone: caixa.gov.br\internetbanking Trusted Zone: caixa.gov.br\internetbankingpf Trusted Zone: caixa.gov.br\www TCP: DhcpNameServer = 201.46.240.49 201.46.240.41 FF - ProfilePath - c:\users\Intel\AppData\Roaming\Mozilla\Firefox\Profiles\y1u3n3gc.default-1456410701351\ FF - prefs.js: browser.startup.homepage - about:home FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ------- Associação de arquivos/ficheiros ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-455878060-1618394087-3157549068-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (S-1-5-32) @SACL= "scansk"=hex(0):b5,2d,74,18,32,e4,9e,64,50,96,af,71,f5,85,a4,04,d7,cf,2b,dc,b2, e4,40,c3,1a,6e,b9,9f,cb,d0,9a,ff,57,af,d3,91,69,bd,58,90,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-455878060-1618394087-3157549068-1000_Classes\Wow6432Node\CLSID\{9238bd4d-99fb-43c5-9860-46577954c3f9}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000048 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,67,ef,b4,65,e2,48,06,87,a6,03,ac,3f,96,87,73,82,87,c5,4c,62,ee,b6,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2016-03-22 19:38:25 ComboFix-quarantined-files.txt 2016-03-22 22:38 ComboFix2.txt 2016-03-21 00:20 . Pré-execução: 102.626.803.712 bytes disponíveis Pós execução: 102.461.030.400 bytes disponíveis . - - End Of File - - 0F4560B3B9808B08552BBBA5EA646F4D A36C5E4F47E84449FF07ED3517B43A31