You are on page 1of 5

ComboFix 16-10-17.01 - copiadora 21/10/2016 12:14:31.1.

8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.8151.6113 [GMT -2:00]
Executando de: c:\users\copiadora\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA6
5C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-911
7BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restaurao
.
.
((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2016-09-21 to 2016-10-21 )))))
)))))))))))))))))))))))
.
.
2016-10-21 14:21 . 2016-10-21 14:21
-------d-----wc:\users
\Default\AppData\Local\temp
2016-10-21 12:46 . 2016-10-21 12:48
-------d-----wc:\progr
am files\CCleaner
2016-10-21 11:50 . 2016-10-21 11:50
-------d-----wc:\users
\copiadora\AppData\Roaming\HD Tune Pro
2016-10-21 11:49 . 2016-10-21 11:49
-------d-----wc:\progr
am files (x86)\HD Tune Pro
2016-10-21 11:17 . 2016-10-06 21:42
12033040
----a-wc:\progr
amdata\Microsoft\Microsoft Antimalware\Definition Updates\{DE6B3376-8B08-45E3-9F
11-50345C63C39A}\mpengine.dll
2016-10-20 19:43 . 2016-10-20 19:43
-------d-----wc:\users
\copiadora\AppData\Local\Diagnostics
2016-10-20 10:32 . 2016-10-06 21:42
12033040
----a-wc:\progr
amdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-18 18:10 . 2016-10-18 18:10
-------d-----wc:\progr
am files\Common Files\Corel
2016-10-05 11:12 . 2016-05-09 15:10
1167568 ----a-wc:\programdata\M
icrosoft\Microsoft Antimalware\Definition Updates\{3B6BA63B-BEAB-4C0C-AF62-581F7
5AFB8BC}\gapaengine.dll
2016-10-03 04:30 . 2016-10-03 04:30
365536 ----a-wc:\windows\SysWo
w64\DivXControlPanelApplet.cpl
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2016-07-27 19:25 . 2015-09-09 12:43
504488 ------wc:\windows\syste
m32\MpSigStub.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4

.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FRSSysTrayIcon"="c:\program files (x86)\Fiery\Applications3\FieryRemoteScanApp\
FRSSysTrayIcon.exe" [2016-01-19 57344]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2015-11-25
1336320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\
program files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrame
workService.exe;c:\program files (x86)\Hewlett-Packard\HP Support Solutions\HPSu
pportSolutionsFrameworkService.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbam
service.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Co
mmon Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\pro
gram files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService
64.exe [x]
R3 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe -run;c:
\windows\SYSNATIVE\hasplms.exe -run [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\syst
em32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sy
s;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard
\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoa
rd.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\S
YSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
VE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATI
VE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\driver
s\rdvgkmd.sys [x]
S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Autod
esk\Autodesk Desktop App\AdAppMgrSvc.exe ;c:\program files (x86)\Autodesk\Autode
sk Desktop App\AdAppMgrSvc.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\driver
s\aksdf.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\C
ontent Service\Connect.Service.ContentService.exe;c:\program files\Autodesk\Cont
ent Service\Connect.Service.ContentService.exe [x]
S2 EFI ES1000;EFI ES1000;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Ser

vice\ES1000Service.exe;c:\program files (x86)\Common Files\EFI\EFI ES-1000 Servi


ce\ES1000Service.exe [x]
S2 EFI License Manager;EFI License Manager;c:\program files (x86)\EFI\EFILM\lmgr
d.exe;c:\program files (x86)\EFI\EFILM\lmgrd.exe [x]
S2 Fiery Data Collector;Fiery Data Collector;c:\program files (x86)\Fiery\Applic
ations3\Command WorkStation 5\FDC\FDC.exe;c:\program files (x86)\Fiery\Applicati
ons3\Command WorkStation 5\FDC\FDC.exe [x]
S2 Fiery Mailbox Synchronization;Fiery Mailbox Synchronization;c:\program files
(x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe;c:\progra
m files (x86)\Fiery\Applications3\FieryRemoteScanApp\FRSMailboxSyncService.exe [
x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrv
WFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 ofaApp;ofaApp;c:\program files (x86)\EFI\OFASQ2\ofaApp.exe;c:\program files (
x86)\EFI\OFASQ2\ofaApp.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\N
VIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corpor
ation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\S
YSNATIVE\drivers\mbam.sys [x]
S3 NisSrv;Inspeo de Rede da Microsoft;c:\program files\Microsoft Security Client\N
isSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\wi
ndows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Servios/Drivers Na Memria --.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
ents\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-10-04 11:22
1266792 ----a-wc:\program files (x86)\Google\Ch
rome\Application\53.0.2785.143\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
ents\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55
322232 ----a-wc:\program files (x86)\Adobe\Acr
obat Reader DC\Esl\AiodLite.dll
.
Contedo da pasta 'Tarefas Agendadas'
.
2016-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-09 13:39]
.
2016-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-09-09 13:39]
.
2016-10-18 c:\windows\Tasks\HPCeeScheduleForcopiadora.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16 12:51]
.
2016-10-21 c:\windows\Tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job
- c:\users\copiadora\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\Inst
allHelp.exe [2015-09-22 04:14]
.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 13370


00]
.
------- Scan Suplementar ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.hotmail.com/
mStart Page = hxxp://br.hao123.com/?tn=sdkw_inner_hp_09_hao123_br&fr=HEkW7VokS%2
BJ46DdlNQFq0y97Bu1dKUCqNA%3D%3D
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\A
ctiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files
\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\A
ctiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3
000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\copiadora\AppData\Roaming\Mozilla\Firefox\Profiles\r
grvgu9q.default\
FF - prefs.js: browser.startup.homepage - www.google.com.br
.
- - - - ORFOS REMOVIDOS - - - .
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-{61EB474B-67A6-47F4-B1B7-386851BAB3D0} - c:\program files (x86)\Instal
lShield Installation Information\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}\setup.ex
e
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para concluso: 2016-10-21 12:24:44
ComboFix-quarantined-files.txt 2016-10-21 14:24
.
Pr-execuo: 846.368.071.680 bytes disponveis

Ps execuo: 850.257.911.808 bytes disponveis


.
- - End Of File - - BD4F47758ECBF24B30DABEC5DB25B2F0
A36C5E4F47E84449FF07ED3517B43A31

You might also like