ComboFix 16-10-23.01 - Keity 30/10/2016 15:12:13.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.1500.404 [GMT -3:00]
Executando de: c:\users\Keity\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\ntUsrrIP_1_0.dll
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2016-09-28 to 2016-10-30 ))))))))))))))))))))))))))))
.
.
2016-10-30 19:27 . 2016-10-30 19:27 -------- d-----w- c:\users\Suellen\AppData\Local\temp
2016-10-30 19:27 . 2016-10-30 19:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-10-30 19:27 . 2016-10-30 19:27 -------- d-----w- c:\users\Convidado\AppData\Local\temp
2016-10-30 19:27 . 2016-10-30 19:27 -------- d-----w- c:\users\Convidado.Keity-PC\AppData\Local\temp
2016-10-30 17:55 . 2016-10-30 17:55 79064 ----a-w- c:\windows\system32\drivers\cchlxws.sys
2016-10-30 02:55 . 2016-10-30 16:49 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-10-30 02:50 . 2016-10-30 02:50 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2016-10-30 02:50 . 2016-10-30 02:50 -------- d-----w- c:\programdata\Malwarebytes
2016-10-30 02:50 . 2016-03-10 17:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-10-30 02:50 . 2016-03-10 17:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-10-30 02:50 . 2016-03-10 17:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-30 00:19 . 2016-10-30 00:19 -------- d-----w- c:\program files (x86)\Age of Empires II - HD Edition
2016-10-28 18:13 . 2016-10-28 18:13 -------- d-----w- c:\users\Keity\AppData\Local\ESET
2016-10-28 01:36 . 2016-10-28 01:36 -------- d-----w- c:\program files\VS Revo Group
2016-10-27 13:06 . 2016-10-27 13:07 -------- d-----w- c:\programdata\Avira
2016-10-27 12:55 . 2016-10-27 12:55 -------- d-----w- c:\users\Keity\AppData\Roaming\Profiles
2016-10-14 23:17 . 2016-10-14 23:17 117 ----a-w- c:\programdata\xlink.sys
2016-10-14 23:17 . 2016-10-14 23:17 -------- d-----w- c:\programdata\XlinkSoft
2016-10-14 17:20 . 2016-10-14 17:20 -------- d-----w- c:\users\Keity\AppData\Local\AVAST Software
2016-10-14 13:00 . 2016-10-14 13:00 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-10-14 12:56 . 2016-10-14 12:56 -------- d-----w- c:\users\Keity\AppData\Roaming\AVAST Software
2016-10-14 12:54 . 2016-10-14 12:35 391496 ----a-w- c:\windows\system32\aswBoot.exe
2016-10-14 12:36 . 2016-10-14 12:36 -------- d-----w- c:\program files\Common Files\AV
2016-10-14 12:36 . 2016-10-14 12:36 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-10-14 12:35 . 2016-10-14 12:35 163416 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-10-14 12:35 . 2016-10-14 12:55 293352 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-10-14 12:35 . 2016-10-14 12:55 513632 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-10-14 12:35 . 2016-10-14 12:35 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-10-14 12:35 . 2016-10-14 12:35 108816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-10-14 12:35 . 2016-10-14 12:35 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-10-14 12:35 . 2016-10-14 12:35 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-10-14 12:35 . 2016-10-14 12:55 969184 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-10-14 12:35 . 2016-10-14 12:35 921280 ----a-w- c:\windows\SysWow64\ucrtbase.dll
2016-10-14 12:35 . 2016-10-14 12:35 992960 ----a-w- c:\windows\system32\ucrtbase.dll
2016-10-14 12:34 . 2016-10-14 12:34 53208 ----a-w- c:\windows\avastSS.scr
2016-10-14 12:32 . 2016-10-14 13:00 -------- d-----w- c:\program files\AVAST Software
2016-10-14 12:31 . 2016-10-14 13:00 -------- d-----w- c:\programdata\AVAST Software
2016-10-14 11:28 . 2016-10-14 11:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.2532.dll
2016-10-13 18:51 . 2016-10-13 18:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.2272.dll
2016-10-13 02:46 . 2016-10-27 13:05 -------- d-----w- c:\program files (x86)\Arcade!
2016-10-13 02:42 . 2016-10-27 13:05 -------- d-----w- c:\program files (x86)\Age of Empires II HD
2016-10-12 16:40 . 2016-10-27 13:05 -------- d-s---w- c:\program files (x86)\Age of Empires 2 The Conqueros Expansion
2016-10-11 22:57 . 2016-10-28 04:17 -------- d-----w- c:\users\Keity\AppData\Roaming\mIRC
2016-10-10 01:28 . 2015-05-29 13:28 7680 ----a-w- c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-10-09 20:48 . 2016-10-09 20:51 -------- d-----w- c:\users\Keity\AppData\Local\gm_ttt_33868
2016-10-09 20:41 . 2016-10-09 20:42 -------- d-----w- c:\users\Keity\AppData\Local\gm_ttt_97070
2016-10-09 20:40 . 2016-10-09 20:45 -------- d-----w- c:\users\Keity\AppData\Local\gm_ttt_15830
2016-10-09 20:04 . 2016-10-09 20:04 -------- d-----w- C:\Official server
2016-10-09 20:04 . 2016-10-09 20:04 -------- d-----w- c:\users\Keity\AppData\Roaming\SpringLobby
2016-10-09 19:45 . 2016-10-09 19:45 -------- d-----w- c:\users\Keity\AppData\Local\YoYo_Games_Ltd
2016-10-09 19:34 . 2016-10-09 19:44 -------- d-----w- c:\users\Keity\AppData\Local\gm_ttt_95607
2016-10-09 15:59 . 2016-10-13 02:51 -------- d-----w- c:\programdata\Package Cache
2016-10-09 15:55 . 2016-10-09 20:51 -------- d-----w- c:\users\Keity\AppData\Local\GameMaker-Studio
2016-10-09 15:51 . 2016-10-09 15:51 -------- d-----w- c:\users\Keity\AppData\Roaming\SpringSettings
2016-10-08 03:11 . 2016-10-27 13:06 -------- d-----w- c:\program files (x86)\Caesar III
2016-10-07 19:45 . 2016-10-27 13:06 -------- d-----w- c:\program files (x86)\Sierra
2016-10-07 19:40 . 2016-10-07 19:40 -------- d-----w- c:\users\Keity\AppData\Roaming\InstallShield
2016-10-07 12:27 . 2016-10-20 19:31 -------- d-----w- c:\program files\Recuva
2016-10-06 15:42 . 2016-10-27 13:06 -------- d-----w- c:\program files (x86)\Sierra On-Line
2016-10-06 15:42 . 2016-10-06 15:48 -------- d-----w- C:\SIERRA
2016-10-06 15:41 . 1998-01-23 15:22 304128 ----a-w- c:\windows\IsUninst.exe
2016-10-05 23:12 . 2016-10-27 13:06 -------- d-----w- c:\program files (x86)\Origin Games
2016-10-05 23:02 . 2016-10-05 23:02 -------- d-----w- c:\users\Keity\.Origin
2016-10-05 00:37 . 2016-10-27 13:06 -------- d-----w- c:\program files (x86)\WinImage
2016-10-04 04:54 . 2016-10-04 04:54 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.2544.dll
2016-10-03 00:19 . 2016-09-12 21:18 920168 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2016-10-03 00:19 . 2016-09-12 21:17 149256 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2016-10-03 00:19 . 2016-10-03 00:19 -------- d-----w- c:\program files\Oracle
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-10-29 15:58 . 2016-02-16 21:14 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-10-29 15:58 . 2015-10-08 22:00 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-06 13:24 . 2015-10-05 19:55 164880 ---ha-w- c:\users\Keity\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2016-09-24 12:24 . 2016-09-24 12:24 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.2396.dll
2016-09-18 16:07 . 2016-09-18 16:07 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.2020.dll
2016-09-17 17:20 . 2016-09-17 17:20 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.1928.dll
2016-09-12 21:17 . 2016-09-12 21:17 195936 ----a-w- c:\windows\system32\drivers\VBoxNetLwf.sys
2016-09-12 21:17 . 2016-09-12 21:17 135824 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2016-09-12 21:17 . 2016-09-12 21:17 121248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp6.sys
2016-09-04 03:02 . 2016-09-04 03:02 394296 ----a-w- c:\windows\system32\drivers\sptd.sys
2016-09-01 23:27 . 2016-09-01 23:27 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.1996.dll
2016-08-25 23:53 . 2016-08-25 23:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.1992.dll
2016-08-21 12:28 . 2016-08-21 12:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.1952.dll
2016-08-18 11:30 . 2016-08-18 11:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2F82005A-2146-461B-943E-06C343F1EE5E}\offreg.1964.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"iDailyDiary"="c:\progra~2\IDAILY~1\iDD.exe" [2013-05-21 6432824]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-10-27 9099440]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" [2016-03-10 55264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]
2016-09-12 21:32 1903328 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg64.sys;c:\windows\SYSNATIVE\drivers\gbpddreg64.sys [x]
R1 gbpddfac;Warsaw File Access svc;c:\windows\system32\drivers\gbpddfac64.sys;c:\windows\SYSNATIVE\drivers\gbpddfac64.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 Origin Web Helper Service;Origin Web Helper Service;c:\program files (x86)\Origin\OriginWebHelperService.exe;c:\program files (x86)\Origin\OriginWebHelperService.exe [x]
R3 AndnetBus;LGE Mobile USB Composite Device;c:\windows\system32\DRIVERS\lgandnetbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetbus64.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
R3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxNetAdp;VirtualBox NDIS 6.0 Miniport Service;c:\windows\system32\DRIVERS\VBoxNetAdp6.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp6.sys [x]
S1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetLwf.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetLwf.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 GBPRCM;Service for G-Buster Driver (PM);c:\program files (x86)\GbPlugin\gbprcm64.sys;c:\program files (x86)\GbPlugin\gbprcm64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - GbFtIn
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Clsikthelersy REG_MULTI_SZ Clsikthelersy
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-25 12:50 1363560 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2016-10-30 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_205_pepper.exe [2016-10-29 15:58]
.
2016-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-16 15:58]
.
2016-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17 18:12]
.
2016-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17 18:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-10-14 12:35 1031520 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: caixa.gov.br\imagem
Trusted Zone: caixa.gov.br\imagem2
Trusted Zone: caixa.gov.br\internetbanking
Trusted Zone: caixa.gov.br\internetbankingpf
Trusted Zone: caixa.gov.br\www
TCP: DhcpNameServer = 177.84.120.165 177.84.120.164
FF - ProfilePath - c:\users\Keity\AppData\Roaming\Mozilla\Firefox\Profiles\x3u3morx.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\system32\StikyNot.exe
BHO-{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B} - c:\program files (x86)\Youtube AdBlock\IEEF\Z2alrNPqBp.dll
AddRemove-1207664823_is1 - c:\gog games\Shovel Knight\unins000.exe
AddRemove-Age of Empires Gold 1.0 - c:\program files (x86)\Microsoft Games\Age of Empires\UNINSTAL.EXE
AddRemove-Multi Jogos 1.00 - d:\arcade multi jogos\Multi Jogos\Uninstall.exe
AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe
AddRemove-{15134cb0-b767-4960-a911-f2d16ae54797} - c:\programdata\Package Cache\{15134cb0-b767-4960-a911-f2d16ae54797}\vcredist_x64.exe
AddRemove-{22154f09-719a-4619-bb71-5b3356999fbf} - c:\programdata\Package Cache\{22154f09-719a-4619-bb71-5b3356999fbf}\vcredist_x86.exe
AddRemove-{90342E10-6EF6-4070-9562-1009F581F8FE}_is1 - c:\program files (x86)\Microsoft Games\Age of Empires\unins000.exe
AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-4143182876-3243299370-2476077602-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:cf,9a,19,cd,ca,99,9e,21,0f,00,0c,77,79,8d,9c,b9,6a,70,34,3b,ca,61,f8,
4e,a0,52,4f,e5,c4,de,a7,38,7d,25,30,98,a3,05,f8,19,be,39,12,da,71,25,94,5b,\
"??"=hex:82,9d,27,a6,c1,dd,b6,52,f4,dc,2d,cb,34,61,0d,1b
.
[HKEY_USERS\S-1-5-21-4143182876-3243299370-2476077602-1000_Classes\Wow6432Node\CLSID\{2c084ad6-76c5-4e31-8992-59eac53180d5}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000068
"Therad"=dword:00000001
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-4143182876-3243299370-2476077602-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):2d,72,c3,04,ac,b5,03,a6,85,04,88,a0,74,72,51,3a,42,4a,1b,1a,cc,
a6,34,88,2b,fe,14,ef,be,ba,28,b5,e8,d9,4a,f1,86,63,3c,5c,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_23_0_0_205_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.23"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_23_0_0_205.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2016-10-30 17:06:37
ComboFix-quarantined-files.txt 2016-10-30 20:06
ComboFix2.txt 2016-10-14 00:36
.
Pré-execução: 62.243.356.672 bytes disponíveis
Pós execução: 62.182.916.096 bytes disponíveis
.
- - End Of File - - 38EBA88340105322E023A42DAA3A5AB7
A36C5E4F47E84449FF07ED3517B43A31
