ComboFix 17-01-29.01 - Administrator 02/02/2017 17:41:56.13.2 - x86 NETWORK Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1033.18.3069.2399 [GMT -2:00] Executando de: c:\users\Administrator\Desktop\ComboFix.exe * Criado um novo ponto de restauração . [i] ADS - drivers: deleted 514 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\6976e282ec4c91bcb7bb589987f00957.exe . . (((((((((((((((( Arquivos/Ficheiros criados de 2017-01-02 to 2017-02-02 )))))))))))))))))))))))))))) . . 2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2017-02-02 19:53 . 2017-02-02 19:53 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2017-02-02 18:49 . 2017-02-02 18:51 -------- d-----w- C:\Rem-VBSqt 2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\programdata\MalwarebytesARW 2017-02-02 18:43 . 2017-02-02 18:43 -------- d-----w- c:\program files\Malwarebytes 2017-02-02 15:51 . 2017-02-02 15:51 -------- d-----w- c:\program files\Maoha 2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avira 2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\Avg 2017-02-02 15:49 . 2017-02-02 15:49 -------- d-----w- c:\programdata\AVAST Software 2017-02-02 15:48 . 2017-02-02 17:24 -------- d-----w- c:\users\Administrator\AppData\Roaming\Drikegemojagh 2017-02-02 15:48 . 2017-02-02 16:13 -------- d-----w- c:\program files\Ckijtion 2017-02-02 15:48 . 2017-02-02 15:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\Profiles 2017-02-02 15:48 . 2017-02-02 15:48 -------- d--h--w- c:\programdata\902m30u92q1005 2017-01-27 04:51 . 2017-01-27 04:51 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.1124.dll 2017-01-20 22:11 . 2017-01-20 22:11 -------- d-----w- c:\program files\Common Files\Java 2017-01-20 22:08 . 2017-01-20 22:08 -------- d-----w- c:\program files\Microsoft XNA 2017-01-20 16:02 . 2017-01-20 16:02 -------- d-----w- c:\windows\system32\DAX3 2017-01-20 15:59 . 2017-01-20 15:59 7704619 ----a-w- c:\windows\system32\drivers\RTAIODAT.DAT 2017-01-20 15:59 . 2017-01-20 15:59 72520712 ----a-w- c:\windows\system32\RCoRes.dat 2017-01-20 15:59 . 2017-01-20 15:59 2946560 ----a-w- c:\windows\system32\RTSndMgr.cpl 2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2017-01-20 15:56 . 2017-01-20 15:56 199936 ----a-w- c:\windows\system32\drivers\ssudserd.sys 2017-01-20 15:56 . 2017-01-20 15:56 108032 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2017-01-05 20:32 . 2017-01-05 20:32 -------- d-----w- c:\program files\LinuxLive USB Creator . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2017-01-20 22:10 . 2016-08-30 20:48 95808 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2017-01-20 16:03 . 2016-08-29 23:14 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2017-01-20 16:03 . 2016-08-29 23:14 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2017-01-20 15:04 . 2016-08-29 23:51 23840 ----a-w- c:\windows\system32\drivers\HWiNFO32.SYS 2016-12-08 22:21 . 2016-10-14 23:03 25848 ----a-w- c:\windows\system32\drivers\gbpddreg32.sys 2016-12-08 06:25 . 2016-11-24 05:17 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2196.dll 2016-11-21 06:03 . 2016-11-21 06:03 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2176.dll 2016-11-20 02:28 . 2016-11-20 02:28 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\offreg.2264.dll 2016-11-18 16:49 . 2016-10-14 23:06 80728 ----a-w- c:\windows\system32\drivers\wsddfac.sys 2016-11-14 11:00 . 2016-08-30 01:14 4395456 ----a-w- c:\windows\system32\nvcpl.dll 2016-11-14 11:00 . 2016-08-30 01:14 3069496 ----a-w- c:\windows\system32\nvsvc.dll 2016-11-14 11:00 . 2016-08-30 01:14 70200 ----a-w- c:\windows\system32\nvshext.dll 2016-11-14 11:00 . 2016-08-30 01:14 677312 ----a-w- c:\windows\system32\nvvsvc.exe 2016-11-14 11:00 . 2016-08-30 01:14 381888 ----a-w- c:\windows\system32\nvmctray.dll 2016-11-14 11:00 . 2016-08-30 01:14 2563128 ----a-w- c:\windows\system32\nvsvcr.dll 2016-11-10 07:30 . 2016-11-18 17:11 9834504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{26923815-0882-4070-9A0E-55CDAA039828}\mpengine.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GUDelayStartup"="c:\program files\Glary Utilities 5\StartupManager.exe" [2017-01-13 43984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ZALFree"="c:\program files\Zemana AntiLogger Free\AntiLogger Free.exe" [2015-11-05 8980016] "Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2016-06-22 792112] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2016-1-28 1108224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files\GbPlugin\gbiehuni.dll" [2015-09-22 1896160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2016-11-29 16:38 1947872 ----a-w- c:\program files\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni] 2015-09-22 21:51 1896160 ----a-w- c:\program files\GbPlugin\gbiehuni.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" -H "Malwarebytes Anti-Ransomware"="c:\program files\Malwarebytes\Anti-Ransomware\mbarw.exe"--starttray . R0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2013-04-17 633344] R1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys [2016-09-15 17472] R1 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-04-22 164952] R1 wsddfac;wsddfac;c:\windows\system32\drivers\wsddfac.sys [2016-11-18 80728] R1 wsddpp;Warsaw - Driver (PP);c:\windows\system32\drivers\wsddpp.sys [2015-03-18 79064] R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992] R2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [2016-11-29 631520] R2 gzserv;Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [2016-03-02 67592] R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe [2016-06-22 792112] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2013-04-17 486536] R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2016-01-26 176856] R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] R3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2016-01-26 510168] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 33832] R3 Ckemghrajock;Ckemghrajock;c:\windows\system32\svchost.exe [2009-07-14 20992] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2017-01-20 108032] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2016-08-30 102912] R3 MB3Service;MB3Service;c:\program files\Malwarebytes\Anti-Ransomware\MB3Service.exe [2016-08-26 2525136] R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2016-08-30 7530736] R3 PlexUpdateService;Plex Update Service;c:\program files\Plex\Plex Media Server\Plex Update Service.exe [2016-11-04 1897456] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104] R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-06-24 1738168] R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-09-21 4088608] R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-11-24 235984] R3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-07-25 324224] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2017-01-20 199936] R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys [2017-01-20 199936] R4 JZYOSNANKECleanUp;JZYOSNANKECleanUp;rundll32.exe c:\program files\JZYOSNANKE\JZYOSNANKECleanUp.dll,soeasy [x] R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2016-07-14 100088] R4 TTService;TTService;c:\program files\TorrentsTime Media Player\bin\TTService.exe [2016-10-07 3312152] R4 wpscloudsvr;WPS Office Cloud Service;c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe LocalService [x] S0 gbpddreg;Gbpddreg svc;c:\windows\system32\drivers\gbpddreg32.sys [2016-12-08 25848] S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys [2015-12-04 49496] S1 bdfwfpf;bdfwfpf;c:\program files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [2013-07-02 108008] S1 ndisrd;GAS Tecnologia Filter Driver;c:\windows\system32\DRIVERS\gbpndisrdn.sys [2016-10-14 29400] S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt32.sys [2015-11-05 127936] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr fdrespub AppIDSvc QWAVE wcncsvc SensrSvc utcsvc REG_MULTI_SZ DiagTrack HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Ckemghrajock REG_MULTI_SZ Ckemghrajock . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-11-16 13:29 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe . Conteúdo da pasta 'Tarefas Agendadas' . 2017-02-02 c:\windows\Tasks\902m30u92q1005.job - c:\programdata\902m30u92q1005\902m30u92q1005.dll [2017-02-02 15:19] . 2017-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-08-29 16:03] . 2017-01-24 c:\windows\Tasks\GlaryInitialize 5.job - c:\program files\Glary Utilities 5\Initialize.exe [2017-01-13 06:37] . 2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09] . 2016-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-08-29 22:09] . 2017-01-24 c:\windows\Tasks\GU5SkipUAC.job - c:\program files\Glary Utilities 5\Integrator.exe [2017-01-13 06:37] . 2017-02-02 c:\windows\Tasks\Siutainbamersp Update.job - c:\program files\Ckijtion\geucult.exe [2017-02-02 15:48] . 2016-12-02 c:\windows\Tasks\WpsExternal_Administrator_20161129131536.job - c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe [2016-11-29 15:12] . 2016-12-12 c:\windows\Tasks\WpsKtpcntrQingTask_Administrator.job - c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\office6\ktpcntr.exe [2016-11-29 15:12] . 2016-12-13 c:\windows\Tasks\WpsUpdateTask_Administrator.job - c:\users\Administrator\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\wtoolex\wpsupdate.exe [2016-11-29 15:12] . . ------- Scan Suplementar ------- . Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\seg Trusted Zone: bb.com.br\www Trusted Zone: google.com\www Trusted Zone: google.com.br\www Trusted Zone: itau.b.br Trusted Zone: itau.b.br\www Trusted Zone: itau.com.br Trusted Zone: itau.com.br\bankline Trusted Zone: itau.com.br\banklineplus Trusted Zone: itau.com.br\clickbanking Trusted Zone: itau.com.br\guardiao Trusted Zone: itau.com.br\www Trusted Zone: itaupersonnalite.com.br\www TCP: DhcpNameServer = 201.17.1.98 201.17.0.42 . . ------- Associação de arquivos/ficheiros ------- . inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 . - - - - ORFÃOS REMOVIDOS - - - - . ShellExecuteHooks-{AB4DE836-DE47-11E6-9EBB-64006A5CFC23} - (no file) . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,07, 69,c5,87,46,03,ab,e8,9f,9a,f3,9d,68,5f "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,db, c4,70,f5,31,06,a1,77,d7,65,c3,81,cd,b5 . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (Administrator) "Timestamp"=hex:f8,83,04,3f,60,02,d2,01 . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,a0,16,32,16,6d,8b,41,af,ea,22,\ . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\notepad.exe" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\FormatFactory.exe" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\UserChoice] @Denied: (2) (Administrator) "Progid"="Windows.IsoFile" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\PhotoScape.exe" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\PhotoScape.exe" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice] @Denied: (2) (Administrator) "Progid"="Applications\\1by1.exe" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice] @Denied: (2) (Administrator) "Progid"="WMP11.AssocFile.MP4" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (Administrator) "Progid"="pngfile" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (Administrator) "Progid"="ChromeHTML" . [HKEY_USERS\S-1-5-21-1162258189-2700963299-316469091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\UserChoice] @Denied: (2) (Administrator) "Progid"="WinRAR.ZIP" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @DACL=(02 0016) @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @DACL=(02 0016) @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet004\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2017-02-02 17:56:23 ComboFix-quarantined-files.txt 2017-02-02 19:56 ComboFix2.txt 2017-01-24 13:43 . Pré-execução: 37.145.239.552 bytes free Pós execução: 36.958.879.744 bytes free . - - End Of File - - 9E0DCB3C402510D5730572D33CAE177F A36C5E4F47E84449FF07ED3517B43A31