Sie sind auf Seite 1von 4

ComboFix 16-03-07.01 - Valjean 08/03/2016 12:06:31.1.

4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.1942.990 [GMT -3:00]
Executando de: c:\users\Valjean\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
.
c:\programdata\DRV10.tmp
c:\programdata\E1010.tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2016-02-08 to 2016-03-08 )))))
)))))))))))))))))))))))
.
.
2016-03-08 15:12 . 2016-03-08 15:12
-------d-----wc:\users
\Default\AppData\Local\temp
2016-03-08 14:54 . 2016-03-08 14:54
-------d-----wc:\progr
am files (x86)\Common Files\Java
2016-03-08 14:54 . 2016-03-08 14:54
-------d-----wc:\users
\Valjean\.oracle_jre_usage
2016-03-07 12:33 . 2016-03-07 12:34
-------d-----wc:\users
\Valjean\AppData\Local\FFV_Game
2016-03-07 12:33 . 2016-03-07 12:33
466456 ----a-wc:\windows\syste
m32\wrap_oal.dll
2016-03-07 12:33 . 2016-03-07 12:33
444952 ----a-wc:\windows\SysWo
w64\wrap_oal.dll
2016-03-07 12:33 . 2016-03-07 12:33
122904 ----a-wc:\windows\syste
m32\OpenAL32.dll
2016-03-07 12:33 . 2016-03-07 12:33
109080 ----a-wc:\windows\SysWo
w64\OpenAL32.dll
2016-03-07 12:33 . 2016-03-07 12:33
-------d-----wc:\progr
am files (x86)\OpenAL
2016-03-06 01:24 . 2007-04-04 21:54
107368 ----a-wc:\windows\syste
m32\xinput1_3.dll
2016-03-06 01:24 . 2007-04-04 21:53
81768 ----a-wc:\windows\SysWo
w64\xinput1_3.dll
2016-03-06 01:14 . 2006-03-31 15:40
352464 ----a-wc:\windows\syste
m32\xactengine2_1.dll
2016-03-06 00:53 . 2016-03-06 00:53
-------d-----wc:\progr
am files\Microsoft Xbox 360 Accessories
2016-03-06 00:30 . 2016-03-06 00:30
-------d-----wc:\users
\Valjean\AppData\Local\Steam
2016-03-06 00:23 . 2016-03-06 00:58
-------d-----wc:\progr
am files (x86)\Common Files\Steam
2016-03-06 00:23 . 2016-03-08 14:37
-------d-----wc:\progr
am files (x86)\Steam
2016-02-23 11:17 . 2015-12-16 12:15
11154520
----a-wc:\progr
amdata\Microsoft\Windows Defender\Definition Updates\{A618BE7E-B625-4FAA-876A-C5
6A16576F92}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2016-03-08 14:54 . 2015-08-02 03:11
97888 ----a-wc:\windows\SysWo

w64\WindowsAccessBridge-32.dll
2016-02-10 05:44 . 2015-08-02 03:13
796864 ----a-wc:\windows\SysWo
w64\FlashPlayerApp.exe
2016-02-10 05:44 . 2015-08-02 03:13
142528 ----a-wc:\windows\SysWo
w64\FlashPlayerCPLApp.cpl
2016-02-10 05:43 . 2016-01-28 12:41
8817344 ----a-wc:\windows\SysWo
w64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2016-01-29 594992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 bmfilter;D-Link USB Composite Device Filter Driver;c:\windows\system32\DRIVER
S\qcusbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbfilter.sys [x]
R3 bmusbser;D-Link USB Device for Legacy Serial Communication;c:\windows\system3
2\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 bmusbwwan;D-Link USB-NDIS WWAN miniport;c:\windows\system32\DRIVERS\qcusbwwan
.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbwwan.sys [x]
R3 Disc Soft Ultra Bus Service;Disc Soft Ultra Bus Service;c:\program files (x86
)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools
Ultra\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\driver
s\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\syst
em32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
vers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\wi
ndows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\dr
ivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\te
rminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
VE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD
.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\
windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\driver
s\rdvgkmd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\S
YSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNAT

IVE\drivers\vsock.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;
c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\R
IconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
[x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing
Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program
files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R)
Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x
86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [
x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\pro
gram files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_serv
ice.exe [x]
S2 SoilIO;SoilIO; [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:
\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\
program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common
Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\
VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Wo
rkstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmwa
re-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vst
or2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S2 YSearchUtilSvc;YSearchUtilSvc;c:\program files (x86)\Yahoo!\yset\{EEBC170D-24
F1-2E4C-AB8E-58631B6F87B4}\YSearchUtilSvc.exe;c:\program files (x86)\Yahoo!\yset
\{EEBC170D-24F1-2E4C-AB8E-58631B6F87B4}\YSearchUtilSvc.exe [x]
S3 dtultrascsibus;DAEMON Tools Ultra Virtual SCSI Bus;c:\windows\system32\DRIVER
S\dtultrascsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtultrascsibus.sys [x]
S3 IntcDAud;udio do vdeo Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\wind
ows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsB
aStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\wi
ndows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system3
2\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 soilkbc;soilkbc; [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
ents\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-02-20 00:10
1088664 ----a-wc:\program files (x86)\Google\Ch
rome\Application\48.0.2564.116\Installer\chrmstp.exe
.
Contedo da pasta 'Tarefas Agendadas'
.
2016-03-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-02 05
:44]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 01:36]
.
2016-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-02 01:36]


.
.
--------- X64 Entries ----------.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-08-02 1326307
2]
.
------- Scan Suplementar ------.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3
000
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.43.1
TCP: Interfaces\{ED98B527-6E4C-49AC-ACF5-B8E21C72BACD}\46C696E6B6: NameServer =
8.8.8.8,8.8.8.9
FF - ProfilePath - c:\users\Valjean\AppData\Roaming\Mozilla\Firefox\Profiles\qw9
8n84u.default\
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
nsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para concluso: 2016-03-08 12:16:14
ComboFix-quarantined-files.txt 2016-03-08 15:16
.
Pr-execuo: 179.639.099.392 bytes disponveis
Ps execuo: 181.060.780.032 bytes disponveis
.
- - End Of File - - BC8C9D82609D779DE7158253611A3BB0
EA923EB0EC0060F1451E9AD7B5762CFE