Publicité
Publicité
Format du document : text/plain
Prévisualisation
ComboFix 17-01-29.01 - Administrator 02/02/2017 17:41:56.13.2 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.3069.2399 [GMT -2:00]
Executando de: c:\users\Administrator\Desktop\ComboFix.exe
* Criado um novo ponto de restauração
.
[i] ADS - drivers: deleted 514 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\6976e282ec4c91bcb7bb589987f00957.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2017-01-02 to 2017-02-02 ))))))))))))))))))))))))))))
.
.
2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2017-02-02 18:49 . 2017-02-02 18:51 -------- d-----w- C:\Rem-VBSqt
2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\programdata\MalwarebytesARW
2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\program files\Malwarebytes
2017-02-02 15:51 . 2017-02-02 15:51 -------- d-----w- c:\program files\Maoha
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avira
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avg
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\AVAST Software
2017-02-02 15:48 . 2017-02-02 17:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Drikegemojagh
2017-02-02 15:48 . 2017-02-02 16:13 -------- d-----w- c:\program files\Ckijtion
2017-02-02 15:48 . 2017-02-02 15:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Profiles
2017-02-02 15:48 . 2017-02-02 15:48 -------- d--h--w- c:\programdata\902m30u92q1005
2017-01-27 04:51 . 2017-01-27 04:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.1124.dll
2017-01-20 22:11 . 2017-01-20 22:11 -------- d-----w- c:\program files\Common Files\Java
2017-01-20 22:08 . 2017-01-20 22:08 -------- d-----w- c:\program files\Microsoft XNA
2017-01-20 16:02 . 2017-01-20 16:02 -------- d-----w- c:\windows\system32\DAX3
2017-01-20 15:59 . 2017-01-20 15:59 7704619 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2017-01-20 15:59 . 2017-01-20 15:59 72520712 ----a-w- c:\windows\system32\RCoRes.dat
2017-01-20 15:59 . 2017-01-20 15:59 2946560 ----a-w- c:\windows\system32\RTSndMgr.cpl
2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-01-20 15:56 . 2017-01-20 15:56 108032 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-01-05 20:32 . 2017-01-05 20:32 -------- d-----w- c:\program files\LinuxLive USB Creator
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-20 22:10 . 2016-08-30 20:48 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-01-20 16:03 . 2016-08-29 23:14 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-20 16:03 . 2016-08-29 23:14 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-20 15:04 . 2016-08-29 23:51 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2016-12-08 22:21 . 2016-10-14 23:03 25848 ----a-w- c:\windows\system32\drivers\gbpddreg32.sys
2016-12-08 06:25 . 2016-11-24 05:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2196.dll
2016-11-21 06:03 . 2016-11-21 06:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2176.dll
2016-11-20 02:28 . 2016-11-20 02:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2264.dll
2016-11-18 16:49 . 2016-10-14 23:06 80728 ----a-w- c:\windows\system32\drivers\wsddfac.sys
2016-11-14 11:00 . 2016-08-30 01:14 4395456 ----a-w- c:\windows\system32\nvcpl.dll
2016-11-14 11:00 . 2016-08-30 01:14 3069496 ----a-w- c:\windows\system32\nvsvc.dll
2016-11-14 11:00 . 2016-08-30 01:14 70200 ----a-w- c:\windows\system32\nvshext.dll
2016-11-14 11:00 . 2016-08-30 01:14 677312 ----a-w- c:\windows\system32\nvvsvc.exe
2016-11-14 11:00 . 2016-08-30 01:14 381888 ----a-w- c:\windows\system32\nvmctray.dll
2016-11-14 11:00 . 2016-08-30 01:14 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-11-10 07:30 . 2016-11-18 17:11 9834504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\mpengine.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-01-13 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZALFree"="c:\program files\Zemana AntiLogger Free\AntiLogger Free.exe" [2015-11-05 8980016]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 792112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2016-1-28 1108224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2015-09-22 1896160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2016-11-29 16:38 1947872 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2015-09-22 21:51 1896160 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H
"Malwarebytes Anti-Ransomware"="c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe"--starttray
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-09-15 17472]
R1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952]
R1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys [2016-11-18 80728]
R1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys [2015-03-18 79064]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2016-11-29 631520]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2016-03-02 67592]
R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2016-06-22 792112]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2016-01-26 176856]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2016-01-26 510168]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832]
R3 Ckemghrajock;Ckemghrajock;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-01-20 108032]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-08-30 102912]
R3 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MB3Service.exe [2016-08-26 2525136]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2016-08-30 7530736]
R3 PlexUpdateService;Plex Update Service;c:\program files\Plex\Plex Media Server\Plex Update Service.exe [2016-11-04 1897456]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-01-20 199936]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2017-01-20 199936]
R4 JZYOSNANKECleanUp;JZYOSNANKECleanUp;rundll32.exe c:\program files\JZYOSNANKE\JZYOSNANKECleanUp.dll,soeasy [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2016-07-14 100088]
R4 TTService;TTService;c:\program files\TorrentsTime Media Player\bin\TTService.exe [2016-10-07 3312152]
R4 wpscloudsvr;WPS Office Cloud Service;c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe LocalService [x]
S0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg32.sys [2016-12-08 25848]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2015-12-04 49496]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008]
S1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2016-10-14 29400]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2015-11-05 127936]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Ckemghrajock REG_MULTI_SZ Ckemghrajock
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-16 13:29 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2017-02-02 c:\windows\Tasks\902m30u92q1005.job
- c:\programdata\902m30u92q1005\902m30u92q1005.dll [2017-02-02 15:19]
.
2017-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-29 16:03]
.
2017-01-24 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2017-01-13 06:37]
.
2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09]
.
2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09]
.
2017-01-24 c:\windows\Tasks\GU5SkipUAC.job
- c:\program files\Glary Utilities 5\Integrator.exe [2017-01-13 06:37]
.
2017-02-02 c:\windows\Tasks\Siutainbamersp Update.job
- c:\program files\Ckijtion\geucult.exe [2017-02-02 15:48]
.
2016-12-02 c:\windows\Tasks\WpsExternal_Administrator_20161129131536.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2016-11-29 15:12]
.
2016-12-12 c:\windows\Tasks\WpsKtpcntrQingTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\office6\ktpcntr.exe [2016-11-29 15:12]
.
2016-12-13 c:\windows\Tasks\WpsUpdateTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\wtoolex\wpsupdate.exe [2016-11-29 15:12]
.
.
------- Scan Suplementar -------
.
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: google.com\www
Trusted Zone: google.com.br\www
Trusted Zone: itau.b.br
Trusted Zone: itau.b.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\banklineplus
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
TCP: DhcpNameServer = 201.17.1.98 201.17.0.42
.
.
------- Associação de arquivos/ficheiros -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellExecuteHooks-{AB4DE836-DE47-11E6-9EBB-64006A5CFC23} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,07,
69,c5,87,46,03,ab,e8,9f,9a,f3,9d,68,5f
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db,
c4,70,f5,31,06,a1,77,d7,65,c3,81,cd,b5
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f8,83,04,3f,60,02,d2,01
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\FormatFactory.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Windows.IsoFile"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoScape.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoScape.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\1by1.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR.ZIP"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@DACL=(02 0016)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@DACL=(02 0016)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2017-02-02 17:56:23
ComboFix-quarantined-files.txt 2017-02-02 19:56
ComboFix2.txt 2017-01-24 13:43
.
Pré-execução: 37.145.239.552 bytes free
Pós execução: 36.958.879.744 bytes free
.
- - End Of File - - 9E0DCB3C402510D5730572D33CAE177F
A36C5E4F47E84449FF07ED3517B43A31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.3069.2399 [GMT -2:00]
Executando de: c:\users\Administrator\Desktop\ComboFix.exe
* Criado um novo ponto de restauração
.
[i] ADS - drivers: deleted 514 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\6976e282ec4c91bcb7bb589987f00957.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2017-01-02 to 2017-02-02 ))))))))))))))))))))))))))))
.
.
2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2017-02-02 18:49 . 2017-02-02 18:51 -------- d-----w- C:\Rem-VBSqt
2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\programdata\MalwarebytesARW
2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\program files\Malwarebytes
2017-02-02 15:51 . 2017-02-02 15:51 -------- d-----w- c:\program files\Maoha
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avira
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avg
2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\AVAST Software
2017-02-02 15:48 . 2017-02-02 17:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Drikegemojagh
2017-02-02 15:48 . 2017-02-02 16:13 -------- d-----w- c:\program files\Ckijtion
2017-02-02 15:48 . 2017-02-02 15:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Profiles
2017-02-02 15:48 . 2017-02-02 15:48 -------- d--h--w- c:\programdata\902m30u92q1005
2017-01-27 04:51 . 2017-01-27 04:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.1124.dll
2017-01-20 22:11 . 2017-01-20 22:11 -------- d-----w- c:\program files\Common Files\Java
2017-01-20 22:08 . 2017-01-20 22:08 -------- d-----w- c:\program files\Microsoft XNA
2017-01-20 16:02 . 2017-01-20 16:02 -------- d-----w- c:\windows\system32\DAX3
2017-01-20 15:59 . 2017-01-20 15:59 7704619 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT
2017-01-20 15:59 . 2017-01-20 15:59 72520712 ----a-w- c:\windows\system32\RCoRes.dat
2017-01-20 15:59 . 2017-01-20 15:59 2946560 ----a-w- c:\windows\system32\RTSndMgr.cpl
2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudserd.sys
2017-01-20 15:56 . 2017-01-20 15:56 108032 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2017-01-05 20:32 . 2017-01-05 20:32 -------- d-----w- c:\program files\LinuxLive USB Creator
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-01-20 22:10 . 2016-08-30 20:48 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2017-01-20 16:03 . 2016-08-29 23:14 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-01-20 16:03 . 2016-08-29 23:14 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-01-20 15:04 . 2016-08-29 23:51 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS
2016-12-08 22:21 . 2016-10-14 23:03 25848 ----a-w- c:\windows\system32\drivers\gbpddreg32.sys
2016-12-08 06:25 . 2016-11-24 05:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2196.dll
2016-11-21 06:03 . 2016-11-21 06:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2176.dll
2016-11-20 02:28 . 2016-11-20 02:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2264.dll
2016-11-18 16:49 . 2016-10-14 23:06 80728 ----a-w- c:\windows\system32\drivers\wsddfac.sys
2016-11-14 11:00 . 2016-08-30 01:14 4395456 ----a-w- c:\windows\system32\nvcpl.dll
2016-11-14 11:00 . 2016-08-30 01:14 3069496 ----a-w- c:\windows\system32\nvsvc.dll
2016-11-14 11:00 . 2016-08-30 01:14 70200 ----a-w- c:\windows\system32\nvshext.dll
2016-11-14 11:00 . 2016-08-30 01:14 677312 ----a-w- c:\windows\system32\nvvsvc.exe
2016-11-14 11:00 . 2016-08-30 01:14 381888 ----a-w- c:\windows\system32\nvmctray.dll
2016-11-14 11:00 . 2016-08-30 01:14 2563128 ----a-w- c:\windows\system32\nvsvcr.dll
2016-11-10 07:30 . 2016-11-18 17:11 9834504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\mpengine.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-01-13 43984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZALFree"="c:\program files\Zemana AntiLogger Free\AntiLogger Free.exe" [2015-11-05 8980016]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 792112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2016-1-28 1108224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2015-09-22 1896160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2016-11-29 16:38 1947872 ----a-w- c:\program files\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
2015-09-22 21:51 1896160 ----a-w- c:\program files\GbPlugin\gbiehuni.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe"
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H
"Malwarebytes Anti-Ransomware"="c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe"--starttray
.
R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344]
R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-09-15 17472]
R1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952]
R1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys [2016-11-18 80728]
R1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys [2015-03-18 79064]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2016-11-29 631520]
R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2016-03-02 67592]
R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2016-06-22 792112]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2016-01-26 176856]
R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2016-01-26 510168]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832]
R3 Ckemghrajock;Ckemghrajock;c:\windows\system32\svchost.exe [2009-07-14 20992]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-01-20 108032]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-08-30 102912]
R3 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MB3Service.exe [2016-08-26 2525136]
R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2016-08-30 7530736]
R3 PlexUpdateService;Plex Update Service;c:\program files\Plex\Plex Media Server\Plex Update Service.exe [2016-11-04 1897456]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984]
R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-01-20 199936]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2017-01-20 199936]
R4 JZYOSNANKECleanUp;JZYOSNANKECleanUp;rundll32.exe c:\program files\JZYOSNANKE\JZYOSNANKECleanUp.dll,soeasy [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2016-07-14 100088]
R4 TTService;TTService;c:\program files\TorrentsTime Media Player\bin\TTService.exe [2016-10-07 3312152]
R4 wpscloudsvr;WPS Office Cloud Service;c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe LocalService [x]
S0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg32.sys [2016-12-08 25848]
S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2015-12-04 49496]
S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008]
S1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2016-10-14 29400]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2015-11-05 127936]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
utcsvc REG_MULTI_SZ DiagTrack
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Ckemghrajock REG_MULTI_SZ Ckemghrajock
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-16 13:29 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2017-02-02 c:\windows\Tasks\902m30u92q1005.job
- c:\programdata\902m30u92q1005\902m30u92q1005.dll [2017-02-02 15:19]
.
2017-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-29 16:03]
.
2017-01-24 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files\Glary Utilities 5\Initialize.exe [2017-01-13 06:37]
.
2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09]
.
2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09]
.
2017-01-24 c:\windows\Tasks\GU5SkipUAC.job
- c:\program files\Glary Utilities 5\Integrator.exe [2017-01-13 06:37]
.
2017-02-02 c:\windows\Tasks\Siutainbamersp Update.job
- c:\program files\Ckijtion\geucult.exe [2017-02-02 15:48]
.
2016-12-02 c:\windows\Tasks\WpsExternal_Administrator_20161129131536.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2016-11-29 15:12]
.
2016-12-12 c:\windows\Tasks\WpsKtpcntrQingTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\office6\ktpcntr.exe [2016-11-29 15:12]
.
2016-12-13 c:\windows\Tasks\WpsUpdateTask_Administrator.job
- c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\wtoolex\wpsupdate.exe [2016-11-29 15:12]
.
.
------- Scan Suplementar -------
.
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: google.com\www
Trusted Zone: google.com.br\www
Trusted Zone: itau.b.br
Trusted Zone: itau.b.br\www
Trusted Zone: itau.com.br
Trusted Zone: itau.com.br\bankline
Trusted Zone: itau.com.br\banklineplus
Trusted Zone: itau.com.br\clickbanking
Trusted Zone: itau.com.br\guardiao
Trusted Zone: itau.com.br\www
Trusted Zone: itaupersonnalite.com.br\www
TCP: DhcpNameServer = 201.17.1.98 201.17.0.42
.
.
------- Associação de arquivos/ficheiros -------
.
inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellExecuteHooks-{AB4DE836-DE47-11E6-9EBB-64006A5CFC23} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,07,
69,c5,87,46,03,ab,e8,9f,9a,f3,9d,68,5f
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db,
c4,70,f5,31,06,a1,77,d7,65,c3,81,cd,b5
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f8,83,04,3f,60,02,d2,01
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\FormatFactory.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Windows.IsoFile"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoScape.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\PhotoScape.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\1by1.exe"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WinRAR.ZIP"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@DACL=(02 0016)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@DACL=(02 0016)
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2017-02-02 17:56:23
ComboFix-quarantined-files.txt 2017-02-02 19:56
ComboFix2.txt 2017-01-24 13:43
.
Pré-execução: 37.145.239.552 bytes free
Pós execução: 36.958.879.744 bytes free
.
- - End Of File - - 9E0DCB3C402510D5730572D33CAE177F
A36C5E4F47E84449FF07ED3517B43A31