Scribd
Upload
90 views5 pages

Combo Fix

ComboFix is a utility that scans for malware and other issues on a Windows system. The scan found several files created between April and May 2018, including temporary files and Google Drive sync files. No malware was detected, but some third-party applications and drivers were installed, including Avast antivirus, Google Chrome, and Realtek audio drivers. The system hosts no active malware based on the scan results.

Uploaded by

VIGIAR TECH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
90 views5 pages

Combo Fix

ComboFix is a utility that scans for malware and other issues on a Windows system. The scan found several files created between April and May 2018, including temporary files and Google Drive sync files. No malware was detected, but some third-party applications and drivers were installed, including Avast antivirus, Google Chrome, and Realtek audio drivers. The system hosts no active malware based on the scan results.

Uploaded by

VIGIAR TECH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

ComboFix 18-03-14.01 - Casa 10/05/2018 23:54:37.1.

2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.1016.263 [GMT -3:00]
Executando de: D:\Users\Downloads\ComboFix.exe
AV: Avast Antivirus *Enabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Enabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

[i] ADS - drivers: deleted 0 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((((( Outras
Exclus�es )))))))))))))))))))))))))))))))))))))))))))))))))))

D:\Users\Documents\~WRL1029.tmp

((((((((((((((((((((((((((((((((((((((( Drivers/Servi�os ))))))))))))))))))))))


)))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF

(((((((((((((((( Arquivos/Ficheiros criados de 2018-04-11 to 2018-05-


11 ))))))))))))))))))))))))))))

2018-05-11 03:08:52 . 2018-05-11 03:39:50 -------- d-----w-


C:\Users\Casa\AppData\Local\temp
2018-05-11 03:08:52 . 2018-05-11 03:08:52 -------- d-----w-
C:\Users\Default\AppData\Local\temp
2018-05-02 17:59:10 . 2018-05-02 17:59:10 -------- d-----w-
C:\Users\Casa\AppData\Roaming\Ahead
2018-05-01 00:45:52 . 2018-01-09 16:09:40 41000 ------w-
C:\Windows\system32\drivers\wsddprm.sys
2018-05-01 00:45:52 . 2016-06-16 21:43:32 31864 ----a-w-
C:\Windows\system32\drivers\wsddntf.sys
2018-05-01 00:45:51 . 2018-05-08 00:09:40 22744 ----a-w-
C:\Windows\system32\drivers\wsddfac.sys
2018-05-01 00:45:51 . 2017-11-29 16:33:10 42576 ------w-
C:\Windows\system32\drivers\wsddpp.sys
2018-05-01 00:45:49 . 2018-05-01 00:45:49 -------- d--h--w- C:\Program
Files\GAS Tecnologia
.

((((((((((((((((((((((((((((((((((((( Relat�rio
Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

2018-05-10 18:42:27 . 2015-08-20 05:59:21 804864 ----a-w-


C:\Windows\system32\FlashPlayerApp.exe
2018-05-10 18:42:27 . 2015-08-20 05:59:21 144896 ----a-w-
C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-05-01 01:02:15 . 2017-10-23 20:29:32 1856 ----a-w- C:\Windows\Fonts\Warsaw
Bold.ttf
2018-04-02 15:17:04 . 2017-10-21 16:22:16 124392 ----a-w-
C:\Windows\system32\drivers\aswMonFlt.sys
2018-03-09 14:47:28 . 2018-05-01 00:45:52 1864 ----a-w-
C:\Windows\Fonts\dbldwrsw.ttf
2018-03-05 15:17:55 . 2017-10-21 16:22:07 50336 ----a-w-
C:\Windows\system32\drivers\aswbunivx.sys
2018-03-05 15:17:55 . 2017-10-21 16:22:04 276688 ----a-w-
C:\Windows\system32\drivers\aswblogx.sys
2018-03-05 15:17:54 . 2017-10-21 16:22:03 157368 ----a-w-
C:\Windows\system32\drivers\aswbidshx.sys
2018-03-05 15:17:54 . 2017-10-21 16:22:01 185432 ----a-w-
C:\Windows\system32\drivers\aswbidsdriverx.sys

(((((((((((((((((((((((((( Pontos de Carregamento do


Registro )))))))))))))))))))))))))))))))))))))))

*Nota* entradas vazias e leg�timas por padr�o n�o s�o apresentadas.


REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\ GoogleDriveBlacklisted]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2018-04-12 17:39:10 576952 ----a-w- C:\Program
Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\ GoogleDriveSynced]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2018-04-12 17:39:10 576952 ----a-w- C:\Program
Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\ GoogleDriveSyncing]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2018-04-12 17:39:10 576952 ----a-w- C:\Program
Files\Google\Drive\googledrivesync32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconove
rlayidentifiers\00asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2007-01-01 03:08:40 1377496 ----a-w- C:\Program Files\AVAST
Software\Avast\ashShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chromium"="c:\users\casa\appdata\local\chromium\application\chrome.exe" [2017-01-
20 23:27:22 828416]
"GoogleChromeAutoLaunch_CC646BDC974E08327854BCB848F4265B"="C:\Users\Casa\AppData\Lo
cal\chromium\Application\chrome.exe" [2017-01-20 23:27:22 828416]
"GoogleDriveSync"="C:\Program Files\Google\Drive\googledrivesync.exe" [2018-04-12
17:39:10 42644816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-09-23 11:30:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-09-23 11:30:48 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-09-23 11:30:48 150552]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" [2013-08-21 16:19:36
12005080]
"USB Security"="C:\Program Files\USB Disk Security\USBGuard.exe" [2015-02-03
22:59:20 695528]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvLaunch.exe" [2007-01-01
03:08:50 242392]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-
01 16:57:24 153136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
[2006-10-27 02:47:42 31016]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
[2017-12-19 20:30:46 587288]

C:\Users\Casa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitorar alertas de cartuchos - HP DJ 2130 series.lnk -
C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP DeskJet 2130
series\bin\HPStatusBL.dll",RunDLLEntry
SERIALNUMBER=CN592392KF065V;CONNECTION=USB;MONITOR=1; [2009-7-13 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 ByteFenceService;ByteFence Anti-Malware Service;C:\Program


Files\ByteFence\ByteFenceService.exe [2017-10-03 09:11:38 156640]
R3 aswHwid;aswHwid;C:\Windows\system32\drivers\aswHwid.sys [2007-01-01 03:08:54
42808]
R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 21:29:03 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector
Service;C:\Windows\system32\IEEtwCollector.exe [2014-08-28 21:13:45 108032]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 21:29:24
52224]
R3 TsUsbGD;Remote Desktop Generic USB
Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 21:29:03 27264]
R3 WatAdminSvc;Servi�o de Tecnologias de Ativa��o do
Windows;C:\Windows\system32\Wat\WatAdminSvc.exe [2014-08-28 21:09:27 1343400]
S0 aswbidsh;aswbidsh;C:\Windows\system32\drivers\aswbidshx.sys [2018-03-05 15:17:54
157368]
S0 aswblog;aswblog;C:\Windows\system32\drivers\aswblogx.sys [2018-03-05 15:17:55
276688]
S0 aswbuniv;aswbuniv;C:\Windows\system32\drivers\aswbunivx.sys [2018-03-05 15:17:55
50336]
S0 aswRvrt;aswRvrt;C:\Windows\system32\drivers\aswRvrt.sys [2007-01-01 03:08:54
70816]
S0 aswVmm;aswVmm;C:\Windows\system32\drivers\aswVmm.sys [2007-01-01 03:08:54
310784]
S1 aswArPot;aswArPot;C:\Windows\system32\drivers\aswArPot.sys [2007-01-01 03:08:54
167040]
S1 aswbidsdriver;aswbidsdriver;C:\Windows\system32\drivers\aswbidsdriverx.sys
[2018-03-05 15:17:54 185432]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys [2007-01-01 03:08:34
783600]
S1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys [2007-01-01 03:08:54 391856]
S1 wsddfac;wsddfac;C:\Windows\system32\drivers\wsddfac.sys [2018-05-11 03:41:15
22744]
S1 wsddntf;Diebold Network Monitor;C:\Windows\system32\DRIVERS\wsddntf.sys [2016-
06-16 21:43:32 31864]
S1 wsddpp;Warsaw - Driver (PP);C:\Windows\system32\drivers\wsddpp.sys [2017-11-29
16:33:10 42576]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2018-04-02
15:17:04 124392]
S2 aswStm;aswStm;C:\Windows\system32\drivers\aswStm.sys [2007-01-01 03:08:54
152344]
S2 NetExpress Updater;NetExpress Updater;C:\Program
Files\AppBrad\NetExpressUpdater.exe [2017-07-31 15:11:46 20424]
S2 rtop;rtop;C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [2018-04-01 23:45:43
297288]
S2 Warsaw Technology;Warsaw Technology;C:\Program Files\Diebold\Warsaw\core.exe
[2017-10-20 19:30:06 874840]
S3 aswbIDSAgent;aswbIDSAgent;C:\Program Files\AVAST Software\Avast\aswidsagent.exe
[2007-01-01 03:08:34 5947256]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [2017-
02-16 20:48:13 783360]
S3 wsddprm;Warsaw - Driver (PRM);C:\Windows\system32\drivers\wsddprm.sys [2018-01-
09 16:09:40 41000]

--- =Outros Servi�os/Drivers Na Mem�ria ---

*NewlyCreated* - WS2IFSL
*Deregistered* - mad_inj_driver

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-


D564-463c-AFF1-A69D9E530F96}]
2018-05-02 13:55:33 1644888 ----a-w- C:\Program
Files\Google\Chrome\Application\66.0.3359.139\Installer\chrmstp.exe

------- Scan Suplementar -------

uStart Page = https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-


fullyhosted_003&type=wbf_bxinw_17_47_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr
%26pa%3Dwincy%26cd
%3D2XzuyEtN2Y1L1QzutDtDtC0F0DtD0FtD0AzyyEtD0E0FyC0DtN0D0Tzu0StBtCyDtBtN1L2XzuyEtFtC
zztFtDtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0AtDzy0CyDyBtGyB0AyCyDtGyE0FyByBtGyD0
CtDyCtGtCyBtDzzyBtDyEyBtCyBtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyByCyD1OzyyEtGyC1QyDtC
tGyEyB1QyCtGzzzzyB1OtG1Q1OyByEtDyBtAyCzy1QyE1Q2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEzyyDt
CtN1Q2Z1B1P1RzutCyDtCtCtAzyzytDyByC%26cr%3D1954016899%26a
%3Dwbf_bxinw_17_47_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
mStart Page = https://br.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
fullyhosted_003&type=wbf_bxinw_17_47_ssg02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dbr
%26pa%3Dwincy%26cd
%3D2XzuyEtN2Y1L1QzutDtDtC0F0DtD0FtD0AzyyEtD0E0FyC0DtN0D0Tzu0StBtCyDtBtN1L2XzuyEtFtC
zztFtDtFyDtBtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyB0E0AtDzy0CyDyBtGyB0AyCyDtGyE0FyByBtGyD0
CtDyCtGtCyBtDzzyBtDyEyBtCyBtB0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtCyByCyD1OzyyEtGyC1QyDtC
tGyEyB1QyCtGzzzzyB1OtG1Q1OyByEtDyBtAyCzy1QyE1Q2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyEzyyDt
CtN1Q2Z1B1P1RzutCyDtCtCtAzyzytDyByC%26cr%3D1954016899%26a
%3Dwbf_bxinw_17_47_ssg02%26os_ver%3D6.1%26os%3DWindows%2B7%2BProfessional
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath -
C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\jreybji9.default-
1517711852200\

You might also like