ComboFix 14-01-23. 01 Vanessa Benko 23/01/2014 14: 13: 05 4 x86



Download 201.61 Kb.
Page1/6
Date05.01.2017
Size201.61 Kb.
#7122
  1   2   3   4   5   6
ComboFix

ComboFix 14-01-23.01 - Vanessa Benko 23/01/2014 14:13:05.2.4 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.3574.1549 [GMT -2:00]

Executando de: c:\users\Vanessa Benko\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

[i] ADS - drivers: deleted 412 bytes in 1 streams. [/i]



.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-12-23 to 2014-01-23 ))))))))))))))))))))))))))))

.

.

2014-01-23 16:02 . 2014-01-23 16:02 -------- d-----w- c:\program files\iPod



2014-01-23 16:02 . 2014-01-23 16:03 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2014-01-23 16:02 . 2014-01-23 16:03 -------- d-----w- c:\program files\iTunes

2014-01-23 13:18 . 2014-01-23 13:18 -------- d-----w- c:\programdata\Doctor Web

2014-01-23 13:18 . 2014-01-23 15:16 -------- d-----w- c:\users\Vanessa Benko\Doctor Web

2014-01-22 18:30 . 2014-01-22 18:30 -------- d-----w- c:\users\Vanessa Benko\AppData\Roaming\Malwarebytes

2014-01-22 18:29 . 2014-01-22 18:29 -------- d-----w- c:\programdata\Malwarebytes

2014-01-22 18:14 . 2014-01-22 18:15 -------- d-----w- C:\LinhaDefensiva

2014-01-22 16:35 . 2014-01-23 16:21 -------- d-----w- c:\users\Vanessa Benko\AppData\Local\temp

2014-01-21 11:16 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{42EA4D3A-6552-4723-85E9-875D28D26725}\mpengine.dll

2014-01-15 11:16 . 2013-11-26 10:10 2349056 ----a-w- c:\windows\system32\win32k.sys

2014-01-15 11:16 . 2013-11-26 11:11 240576 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-15 11:16 . 2013-11-27 01:14 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-15 11:16 . 2013-11-27 01:13 284672 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-15 11:16 . 2013-11-27 01:13 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-15 11:16 . 2013-11-27 01:13 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-15 11:16 . 2013-11-27 01:13 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-15 11:16 . 2013-11-27 01:13 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-15 11:16 . 2013-11-27 01:13 6016 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-12-26 13:59 . 2013-12-26 13:59 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys

.

.



.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-23 15:24 . 2013-07-11 12:13 31088 ----a-w- c:\windows\system32\drivers\GbpNdisrd.sys



2014-01-13 17:05 . 2012-03-30 12:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-01-13 17:05 . 2012-03-05 18:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-12-26 13:58 . 2013-05-16 17:51 410528 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-12-26 13:58 . 2013-05-16 17:51 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-12-26 13:58 . 2013-05-16 17:51 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-26 13:58 . 2013-05-16 17:51 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-12-26 13:58 . 2013-05-16 17:51 270240 ----a-w- c:\windows\system32\aswBoot.exe

2013-12-26 13:58 . 2013-05-16 17:50 43152 ----a-w- c:\windows\avastSS.scr

2013-12-18 08:13 . 2012-03-05 17:45 231584 ------w- c:\windows\system32\MpSigStub.exe

2013-12-10 19:49 . 2013-12-10 19:49 86016 ----a-w- c:\windows\system32\iesysprep.dll

2013-12-10 19:49 . 2013-12-10 19:49 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-12-10 19:49 . 2013-12-10 19:49 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2013-12-10 19:49 . 2013-12-10 19:49 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-12-10 19:49 . 2013-12-10 19:49 645120 ----a-w- c:\windows\system32\jsIntl.dll

2013-12-10 19:49 . 2013-12-10 19:49 62464 ----a-w- c:\windows\system32\tdc.ocx

2013-12-10 19:49 . 2013-12-10 19:49 61952 ----a-w- c:\windows\system32\MshtmlDac.dll

2013-12-10 19:49 . 2013-12-10 19:49 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-12-10 19:49 . 2013-12-10 19:49 454656 ----a-w- c:\windows\system32\vbscript.dll

2013-12-10 19:49 . 2013-12-10 19:49 36352 ----a-w- c:\windows\system32\imgutil.dll

2013-12-10 19:49 . 2013-12-10 19:49 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2013-12-10 19:49 . 2013-12-10 19:49 337408 ----a-w- c:\windows\system32\html.iec

2013-12-10 19:49 . 2013-12-10 19:49 24576 ----a-w- c:\windows\system32\licmgr10.dll

2013-12-10 19:49 . 2013-12-10 19:49 194048 ----a-w- c:\windows\system32\elshyph.dll

2013-12-10 19:49 . 2013-12-10 19:49 182272 ----a-w- c:\windows\system32\msls31.dll

2013-12-10 19:49 . 2013-12-10 19:49 151552 ----a-w- c:\windows\system32\iexpress.exe

2013-12-10 19:49 . 2013-12-10 19:49 139264 ----a-w- c:\windows\system32\wextract.exe

2013-12-10 19:49 . 2013-12-10 19:49 13312 ----a-w- c:\windows\system32\mshta.exe

2013-12-10 19:49 . 2013-12-10 19:49 111616 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-12-10 19:49 . 2013-12-10 19:49 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-12-05 15:28 . 2013-05-16 17:51 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-05 15:28 . 2013-05-16 17:51 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-12-05 15:28 . 2013-12-05 15:19 259928 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys

2013-11-26 09:23 . 2013-12-12 19:35 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-26 09:22 . 2013-12-12 19:35 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2013-11-26 08:53 . 2013-12-12 19:35 61952 ----a-w- c:\windows\system32\iesetup.dll

2013-11-26 08:52 . 2013-12-12 19:35 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll

2013-11-26 08:29 . 2013-12-12 19:35 112128 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-26 08:29 . 2013-12-12 19:35 108032 ----a-w- c:\windows\system32\ieetwcollector.exe

2013-11-26 08:28 . 2013-12-12 19:35 553472 ----a-w- c:\windows\system32\jscript9diag.dll

2013-11-26 08:16 . 2013-12-12 19:35 4243968 ----a-w- c:\windows\system32\jscript9.dll

2013-11-26 07:32 . 2013-12-12 19:35 1928192 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-26 06:33 . 2013-12-12 19:35 1820160 ----a-w- c:\windows\system32\wininet.dll

2013-11-23 18:26 . 2013-12-12 11:28 417792 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-22 11:48 . 2012-03-13 18:00 46392 ----a-w- c:\windows\system32\drivers\gbpkm.sys

2013-11-12 02:07 . 2013-12-12 11:28 2048 ----a-w- c:\windows\system32\tzres.dll

2013-10-31 06:46 . 2013-12-05 15:19 104752 ----a-w- c:\windows\system32\drivers\aswFW.sys

2013-10-30 02:19 . 2013-12-12 11:28 301568 ----a-w- c:\windows\system32\msieftp.dll

.

.



(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.



*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4


.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-12-26 13:58 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]



"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-11-18 20587168]

"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]



"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-27 7432736]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]

"SafeNetCertMngr"="c:\program files\SafeNet\Authentication\SAC\x32\SACMonitor.exe" [2011-10-03 1923032]

"CertificateRegistration"="aetcrss1.exe" [2011-03-24 151552]

"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2013-10-24 196608]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-12-26 3764024]

"Syncios device service"="c:\program files\Syncios\SynciosDeviceService.exe" [2013-12-03 723456]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-01-20 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]



"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]



"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2013-11-22 1513528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]



2013-07-15 14:23 1410088 ------w- c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]



2013-10-16 18:01 1479528 ----a-w- c:\program files\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]



2013-11-22 11:45 1513528 ----a-w- c:\program files\GbPlugin\gbiehuni.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]



"aux"=wdmaud.drv

.

[HKLM\~\startupfolder\C:^Users^Vanessa Benko^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]



path=c:\users\Vanessa Benko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk

backup=c:\windows\pss\EvernoteClipper.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]



2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]



2014-01-20 18:32 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OrderReminder]



2006-01-30 09:00 98304 ----a-w- c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]



2013-05-01 06:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]



2013-07-12 12:16 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]



2013-05-29 13:46 1743136 ----a-w- c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

.

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [x]



R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [2014-01-07 104880]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-09-05 171680]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2013-12-26 64168]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]

R3 cxbu0wdm;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0wdm.sys [2011-09-06 119040]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-26 108032]

R3 Ndisrd;GAS Tecnologia Service;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-23 31088]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2011-08-02 18432]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-07 1343400]

R4 RPCNetPrx;RPCNetPrx;c:\windows\system32\rpcnet.exe [x]

R4 RPCNetSVC;RPCNetSVC;c:\windows\system32\rpcnet.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2013-08-08 64480]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [2013-11-22 46392]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1309010.00E\SYMDS.SYS [2011-07-25 340088]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1309010.00E\SYMEFA.SYS [2012-05-22 924320]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-12-26 775952]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-12-26 410528]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130208.001\BHDrvx86.sys [2013-01-16 997464]

S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1309010.00E\ccSetx86.sys [2012-06-07 132768]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130221.001\IDSvix86.sys [2012-09-01 386720]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1309010.00E\Ironx86.SYS [2012-04-18 149624]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAV\1309010.00E\SYMNETS.SYS [2012-04-18 318584]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-12-26 67824]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2013-11-22 449592]

S2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [2012-06-16 138272]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-04-16 39056]

S2 SACSrv;SACSrv;c:\program files\SafeNet\Authentication\SAC\x32\SACSrv.exe [2011-10-03 10200]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2009-06-22 202408]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 106656]

S3 iKeyEnum;Rainbow iKey Enumerator;c:\windows\system32\DRIVERS\ikeyenum.sys [2010-04-29 11616]

S3 iKeyIFD;Rainbow iKey Virtual Reader;c:\windows\system32\DRIVERS\ikeyifd.sys [2010-04-29 18080]

S3 NdisrdMP;NdisrdMP;c:\windows\system32\DRIVERS\gbpndisrd.sys [2014-01-23 31088]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-09-14 47360]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]



2014-01-22 11:47 1077016 ----a-w- c:\program files\Google\Chrome\Application\34.0.1797.2\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'



.

2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-23 19:25]

.

2014-01-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job



- c:\program files\Google\Update\GoogleUpdate.exe [2013-07-23 19:25]

.

.



------- Scan Suplementar -------

.

uStart Page = about:blank



mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br

Trusted Zone: caixa.gov.br\conectividade

Trusted Zone: itau.com.br

Trusted Zone: itau.com.br\bankline

Trusted Zone: itau.com.br\clickbanking

Trusted Zone: itau.com.br\guardiao

Trusted Zone: itau.com.br\www

TCP: Interfaces\{5B92BF65-9856-4F68-9889-6FB479CB973E}: NameServer = 200.225.197.37,200.225.197.34

FF - ProfilePath - c:\users\Vanessa Benko\AppData\Roaming\Mozilla\Firefox\Profiles\86q02pch.default\

FF - prefs.js: browser.search.selectedEngine - Pesquisa Segura

FF - prefs.js: browser.startup.homepage - hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851643&SearchSource=2&CUI=UN00380849040517716&UM=ppi&q=

FF - ExtSQL: 2013-12-20 11:21; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files\McAfee\SiteAdvisor

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - 9e5f5fc800000000000000270e190ed3

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15846

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.59:58

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=119352&tt=gc_

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

FF - user.js: extentions.webcake.installId - ee92647c-bd8d-4bf7-a157-4cdddfe2332d

FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc

.

- - - - ORFÃOS REMOVIDOS - - - -



.

MSConfigStartUp-monitor - c:\windows\system32\monitor.exe

.

.

.



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------



.

[HKEY_USERS\S-1-5-21-770461102-1528469112-2676766293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-770461102-1528469112-2676766293-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]



@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]



@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2014-01-23 14:22:54



ComboFix-quarantined-files.txt 2014-01-23 16:22

.

Pré-execução: 27.631.697.920 bytes disponíveis



Pós execução: 27.569.377.280 bytes disponíveis

.

- - End Of File - - 2FB7CF7A894E20A7925357F8D1C9672C



A36C5E4F47E84449FF07ED3517B43A31

OTL logfile created on: 28/01/2014 15:28:17 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Vanessa Benko\Desktop

Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16476)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,49 Gb Total Physical Memory | 1,51 Gb Available Physical Memory | 43,21% Memory free

6,98 Gb Paging File | 4,60 Gb Available in Paging File | 65,90% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 146,48 Gb Total Space | 27,46 Gb Free Space | 18,75% Space Free | Partition Type: NTFS

Drive D: | 319,18 Gb Total Space | 37,08 Gb Free Space | 11,62% Space Free | Partition Type: NTFS

Computer Name: MICRO050 | User Name: Vanessa Benko | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014/01/28 15:17:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Vanessa Benko\Desktop\OTL.exe

PRC - [2014/01/21 11:10:45 | 000,857,880 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/01/07 10:43:06 | 000,104,880 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2013/12/26 11:58:07 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/12/26 11:58:07 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/12/23 10:12:49 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2013/12/03 08:34:14 | 000,723,456 | ---- | M] () -- C:\Program Files\Syncios\SynciosDeviceService.exe

PRC - [2013/11/22 09:50:14 | 000,449,592 | ---- | M] (GAS Tecnologia) -- C:\Program Files\GbPlugin\gbpsv.exe

PRC - [2013/11/20 15:43:26 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe



Download 201.61 Kb.

Share with your friends:
  1   2   3   4   5   6




The database is protected by copyright ©ininet.org 2022
send message

    Main page