ComboFix 16-06-01.01 - Fabio 27/11/2016 17:15:13.4.2 - x86 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.55.1046.18.3002.1965 [GMT -2:00] Executando de: c:\users\Fabio\Downloads\ComboFix.exe AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((( Arquivos/Ficheiros criados de 2016-10-27 to 2016-11-27 )))))))))))))))))))))))))))) . . 2016-11-27 19:25 . 2016-11-27 19:25 -------- d-----w- c:\users\Public\AppData\Local\temp 2016-11-27 19:25 . 2016-11-27 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2016-11-26 13:04 . 2016-11-27 18:47 -------- d-----w- c:\users\Fabio\AppData\Roaming\Kodi 2016-11-26 13:00 . 2016-11-26 13:01 -------- d-----w- c:\program files\Kodi . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2016-11-27 18:44 . 2015-09-23 01:56 13464 ----a-w- c:\windows\system32\drivers\SWDUMon.sys 2016-11-14 21:27 . 2015-01-04 02:36 796352 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2016-11-14 21:27 . 2015-01-04 02:36 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2016-10-15 11:34 . 2015-01-03 16:59 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys 2016-10-15 11:34 . 2015-01-03 16:59 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys 2016-10-15 11:34 . 2015-01-03 16:59 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys 2016-10-15 11:33 . 2015-01-03 16:59 118664 ----a-w- c:\windows\system32\drivers\aswStm.sys 2016-10-15 11:33 . 2015-01-03 16:59 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2016-10-15 11:33 . 2015-01-03 16:59 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2016-10-15 11:33 . 2015-01-03 16:59 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2016-10-15 11:33 . 2015-01-03 16:59 91232 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2016-10-15 11:33 . 2016-10-15 11:33 921280 ----a-w- c:\windows\ucrtbase.dll 2016-10-15 11:33 . 2016-10-15 11:33 319760 ----a-w- c:\windows\system32\aswBoot.exe 2016-10-15 11:33 . 2016-10-15 11:33 53208 ----a-w- c:\windows\avastSS.scr 2016-10-15 11:33 . 2016-03-19 10:57 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2016-10-15 11:33 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\users\Fabio\AppData\Roaming\uTorrent\uTorrent.exe" [2016-11-26 2145984] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-25 9080768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138808] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 172088] "Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 173624] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-08-10 27184] "DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2015-09-04 433160] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2015-06-26 1861640] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2016-10-15 118664] R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416] R2 MyLocalService;Net.Tcp Service Handler;c:\windows\system32\NetService\netservice.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2016-09-20 324224] R3 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2016-10-15 34008] R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-01-07 15384] R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys [2012-06-22 19984] R3 Lenovo EasyPlus Hotspot;Lenovo EasyPlus Hotspot;c:\program files\Common Files\LENOVO\easyplussdk\bin\EPHotspot.exe [2015-07-22 509408] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928] R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\5.0.0.0\PCFApiUtil.sys [x] R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2016-11-27 13464] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 Bhbase;Baidu Hook Base;c:\windows\System32\drivers\Bhbase.sys [2014-03-11 47456] S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2016-10-15 35096] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2016-10-15 735488] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2016-10-15 433768] S2 ADUServiceNSRT;ADU Service (Nokia Software Recovery Tool);c:\program files\Common Files\Microsoft\Care Suite\ADUService\ADUService.exe [2015-09-30 94888] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2016-10-15 92256] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2000-01-01 127488] S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2000-01-01 100504] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256] . . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2016-11-14 21:25 1364072 ----a-w- c:\program files\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe . Conteúdo da pasta 'Tarefas Agendadas' . 2016-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-04 21:27] . 2016-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-05-10 00:53] . 2016-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2016-05-10 00:53] . 2016-11-27 c:\windows\Tasks\SlimDrivers Startup.job - c:\program files\SlimDrivers\SlimDrivers.exe [2013-09-24 14:49] . . ------- Scan Suplementar ------- . uStart Page = www.google.com mStart Page = www.google.com Trusted Zone: hola.org TCP: DhcpNameServer = 187.2.80.37 192.168.0.1 . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Tempo para conclusão: 2016-11-27 17:27:17 ComboFix-quarantined-files.txt 2016-11-27 19:27 ComboFix2.txt 2016-06-24 12:51 ComboFix3.txt 2015-09-23 01:29 ComboFix4.txt 2015-05-09 12:20 . Pré-execução: 70.652.022.784 bytes disponíveis Pós execução: 70.756.564.992 bytes disponíveis . - - End Of File - - 18C608B44867A4A4057DACBDFFD4ECA6 A36C5E4F47E84449FF07ED3517B43A31