Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Combo fix

296 views

Published on

  • Be the first to comment

  • Be the first to like this

Combo fix

  1. 1. ComboFix 13-02-15.01 - Red 16/02/2013 18:55:48.1.2 - x64Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.3027 [GMT -3:00]Executando de: c:usersRedDesktopComboFix.exeFW: Outpost Firewall Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}SP: Outpost Firewall Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-3926A73ACBD3}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((( OutrasExclusões )))))))))))))))))))))))))))))))))))))))))))))))))))..c:usersRedguefae.exec:windowsSysWow64muzapp.exe..(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-16 to 2013-02-16 ))))))))))))))))))))))))))))..2013-02-16 22:02 . 2013-02-16 22:02 -------- d-----w- c:usersDefaultAppDataLocaltemp2013-02-16 20:56 . 2013-01-31 08:19 203104 ----a-w- c:windowssystem32driversssudmdm.sys2013-02-16 20:56 . 2013-01-31 08:19 102368 ----a-w- c:windowssystem32driversssudbus.sys2013-02-16 20:51 . 2012-12-18 13:06 4659712 ----a-w- c:windowsSysWow64Redemption.dll2013-02-16 20:51 . 2012-12-18 13:06 821824 ----a-w- c:windowsSysWow64dgderapi.dll2013-02-16 20:50 . 2013-02-16 20:56 -------- d-----w- c:program files(x86)Samsung2013-02-16 20:50 . 2013-02-16 20:55 -------- d-----w- c:programdataSamsung2013-02-16 20:49 . 2013-02-16 20:49 -------- d-----w- c:usersRedAppDataLocalDownloaded Installations2013-01-19 16:31 . 2013-01-19 16:31 -------- d-----w- c:usersRedAppDataRoamingNero2013-01-19 15:21 . 2013-01-19 15:21 -------- d-----w- c:usersRedAppDataLocalAVG Secure Search2013-01-19 15:21 . 2013-01-21 13:01 -------- d-----w- c:programdataAVGSecure Search2013-01-19 15:21 . 2013-02-12 14:08 39768 ----a-w- c:windowssystem32driversavgtpx64.sys2013-01-19 15:21 . 2013-01-31 02:06 -------- d-----w- c:program files(x86)Common FilesAVG Secure Search2013-01-19 15:21 . 2013-02-12 14:09 -------- d-----w- c:program files(x86)AVG Secure Search2013-01-19 15:20 . 2013-01-19 15:20 -------- d--h--w- c:programdataCommonFiles2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:program files(x86)Common FilesNero2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:program files(x86)Nero2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:programdataNero...((((((((((((((((((((((((((((((((((((( RelatórioFind3M )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-16 20:39 . 2012-08-11 22:04 32320 ----a-w- c:windowssystem32driversFNETTBOH_305.SYS
  2. 2. 2013-01-11 00:11 . 2012-08-12 01:20 697864 ----a-w- c:windowsSysWow64FlashPlayerApp.exe2013-01-11 00:11 . 2012-08-11 21:09 74248 ----a-w- c:windowsSysWow64FlashPlayerCPLApp.cpl2012-12-18 13:06 . 2012-12-18 13:06 90112 ----a-w- c:windowsMAMCityDownload.ocx2012-12-18 13:06 . 2012-12-18 13:06 330240 ----a-w- c:windowsMASetupCaller.dll2012-12-18 13:06 . 2012-12-18 13:06 30568 ----a-w- c:windowsMusiccityDownload.exe2012-12-18 13:06 . 2012-12-18 13:06 974848 ----a-w- c:windowsSysWow64cis-2.4.dll2012-12-18 13:06 . 2012-12-18 13:06 81920 ----a-w- c:windowsSysWow64issacapi_bs-2.3.dll2012-12-18 13:06 . 2012-12-18 13:06 65536 ----a-w- c:windowsSysWow64issacapi_pe-2.3.dll2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w- c:windowsSysWow64MTXSYNCICON.dll2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w- c:windowsSysWow64MK_Lyric.dll2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w- c:windowsSysWow64issacapi_se-2.3.dll2012-12-18 13:06 . 2012-12-18 13:06 569344 ----a-w- c:windowsSysWow64muzdecode.ax2012-12-18 13:06 . 2012-12-18 13:06 491520 ----a-w- c:windowsSysWow64muzapp.dll2012-12-18 13:06 . 2012-12-18 13:06 49152 ----a-w- c:windowsSysWow64MaJGUILib.dll2012-12-18 13:06 . 2012-12-18 13:06 45320 ----a-w- c:windowsSysWow64MAMACExtract.dll2012-12-18 13:06 . 2012-12-18 13:06 45056 ----a-w- c:windowsSysWow64MaXMLProto.dll2012-12-18 13:06 . 2012-12-18 13:06 45056 ----a-w- c:windowsSysWow64MACXMLProto.dll2012-12-18 13:06 . 2012-12-18 13:06 40960 ----a-w- c:windowsSysWow64MTTELECHIP.dll2012-12-18 13:06 . 2012-12-18 13:06 352256 ----a-w- c:windowsSysWow64MSLUR71.dll2012-12-18 13:06 . 2012-12-18 13:06 258048 ----a-w- c:windowsSysWow64muzoggsp.ax2012-12-18 13:06 . 2012-12-18 13:06 245760 ----a-w- c:windowsSysWow64MSCLib.dll2012-12-18 13:06 . 2012-12-18 13:06 24576 ----a-w- c:windowsSysWow64MASetupCleaner.exe2012-12-18 13:06 . 2012-12-18 13:06 200704 ----a-w- c:windowsSysWow64muzwmts.dll2012-12-18 13:06 . 2012-12-18 13:06 155648 ----a-w- c:windowsSysWow64MSFLib.dll2012-12-18 13:06 . 2012-12-18 13:06 143360 ----a-w- c:windowsSysWow643DAudio.ax2012-12-18 13:06 . 2012-12-18 13:06 135168 ----a-w- c:windowsSysWow64muzaf1.dll2012-12-18 13:06 . 2012-12-18 13:06 131072 ----a-w- c:windowsSysWow64muzmpgsp.ax2012-12-18 13:06 . 2012-12-18 13:06 122880 ----a-w- c:windowsSysWow64muzeffect.ax2012-12-18 13:06 . 2012-12-18 13:06 118784 ----a-w- c:windowsSysWow64MaDRM.dll2012-12-18 13:06 . 2012-12-18 13:06 110592 ----a-w- c:windowsSysWow64muzmp4sp.ax..(((((((((((((((((((((((((( Pontos de Carregamento doRegistro )))))))))))))))))))))))))))))))))))))))
  3. 3. ..*Nota* entradas vazias e legítimas por padrão não são apresentadas.REGEDIT4.[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{95B7759C-8C7F-4BF1-B163-73684A933233}]2013-02-12 14:08 1920688 ----a-w- c:program files (x86)AVG SecureSearch14.1.0.10AVG Secure Search_toolbar.dll.[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG SecureSearch14.1.0.10AVG Secure Search_toolbar.dll" [2013-02-12 1920688].[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}][HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1][HKEY_CLASSES_ROOTAVG Secure Search.PugiObj].[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]"KiesPreload"="c:program files (x86)SamsungKiesKies.exe" [2012-12-201476104].[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]"KiesTrayAgent"="c:program files (x86)SamsungKiesKiesTrayAgent.exe" [2012-12-20 310280].c:programdataMicrosoftWindowsStart MenuProgramsStartupMonitor Apache Servers.lnk - c:program files (x86)Apache SoftwareFoundationApache2.2binApacheMonitor.exe [2011-9-9 41051].[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowsntcurrentversionwindows]"LoadAppInit_DLLs"=1 (0x1)"AppInit_DLLs"=c:progra~1AgnitumOUTPOS~1wl_hook.dll.[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindowsntcurrentversiondrivers32]"mixer3"=wdmaud.drv.R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe[2012-06-15 3268448]R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:program files(x86)FinalWireAIDA64 Extreme Editionkerneld.x64 [2012-05-30 28320]R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt64.dll [2012-03-19 66184]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURUVer.);c:windowssystem32DRIVERSssudbus.sys [2013-01-31 102368]R3 FNETTBOH_305;FNETTBOH_305;c:windowssystem32driversFNETTBOH_305.SYS [2013-02-16 32320]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURUVer.);c:windowssystem32DRIVERSssudmdm.sys [2013-01-31 203104]R3 X6va009;X6va009;c:windowsSysWOW64DriversX6va009 [x]R4 NAUpdate;Nero Update;c:program files (x86)NeroUpdateNASvc.exe [2012-07-13769432]R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files(x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2012-05-15 382272]R4 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:program files (x86)CommonFilesAVG Secure SearchvToolbarUpdater14.1.7ToolbarUpdater.exe [2013-02-12965296]S1 afw;Agnitum Firewall Driver;c:windowssystem32DRIVERSafw.sys [2011-03-28
  4. 4. 38488]S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2013-02-12 39768]S1 FNETURPX;FNETURPX;c:windowssystem32driversFNETURPX.SYS [2012-08-11 15936]S1 SandBox;SandBox;c:windowssystem32driversSandBox64.sys [2012-03-191266544]S2 Apache2.2;Apache2.2;c:program files (x86)Apache SoftwareFoundationApache2.2binhttpd.exe [2011-09-09 20549]S2 VBoxDrv;VBox Support Driver;c:program files(x86)YouWave_AndroidvbVBoxDrv.sys [2011-11-20 202592]S3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2012-06-14 445568]S3 VIAHdAudAddService;VIA High Definition Audio DriverService;c:windowssystem32driversviahduaa.sys [2012-08-11 1196032]..Conteúdo da pasta Tarefas Agendadas.2013-02-16 c:windowsTasksAdobe Flash Player Updater.job- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-1200:11].2013-02-16 c:windowsTasksROC_JAN2013_TB_rmv.job- c:program files (x86)AVG Secure SearchPostInstallROC.exe [2013-01-3102:06]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersOutpost]@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"[HKEY_CLASSES_ROOTCLSID{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]2012-06-15 18:46 287408 ----a-w- c:program filesAgnitumOutpostFirewall Proop_shell.dll.[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]"OutpostMonitor"="c:progra~1AgnitumOUTPOS~1op_mon.exe" [2012-06-15 4366392].[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]"AppInit_DLLs"=c:progra~1AgnitumOUTPOS~1wl_hook64.dll.------- Scan Suplementar -------.uLocal Page = c:windowssystem32blank.htmuStart Page = about:blankmStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=902815487mLocal Page = c:windowsSysWOW64blank.htmIE: &Download by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/201IE: &Grab video by Orbit - c:program files(x86)Orbitdownloaderorbitmxt.dll/204IE: Baixar com Mipony - file://c:program files(x86)MiPonyBrowserIEContext.htmIE: Do&wnload selected by Orbit - c:program files(x86)Orbitdownloaderorbitmxt.dll/203IE: Down&load all by Orbit - c:program files(x86)Orbitdownloaderorbitmxt.dll/202LSP: %SystemRoot%system32PrxerDrv.dllTCP: DhcpNameServer = 192.168.1.254Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files(x86)Common FilesAVG Secure SearchViProtocolInstaller14.1.7ViProtocol.dllFF - ProfilePath -c:usersRedAppDataRoamingMozillaFirefoxProfilesf38n2r7c.default
  5. 5. FF - ExtSQL: 2013-01-19 13:21; avg@toolbar; c:programdataAVG SecureSearchFireFoxExt14.1.0.10FF - user.js: extensions.funmoods.hmpg - trueFF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272FF - user.js: extensions.funmoods.dfltSrch - trueFF - user.js: extensions.funmoods.srchPrvdr - SearchFF - user.js: extensions.funmoods.dnsErr - trueFF - user.js: extensions.funmoods_i.newTab - trueFF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272&q=FF - user.js: extensions.funmoods.id - 002522695355EFC2FF - user.js: extensions.funmoods.instlDay - 15577FF - user.js: extensions.funmoods.vrsn - 1.5.23.22FF - user.js: extensions.funmoods.vrsni - 1.5.23.22FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:36FF - user.js: extensions.funmoods.prtnrId - funmoodsFF - user.js: extensions.funmoods.prdct - funmoodsFF - user.js: extensions.funmoods.aflt - ironpubFF - user.js: extensions.funmoods_i.smplGrp - noneFF - user.js: extensions.funmoods.tlbrId - baseFF - user.js: extensions.funmoods.instlRef - ironpubFF - user.js: extensions.funmoods.dfltLng -FF - user.js: extensions.funmoods.excTlbr - falseFF - user.js: extensions.funmoods.autoRvrt - falseFF - user.js: extensions.funmoods.envrmnt - productionFF - user.js: extensions.funmoods.isdcmntcmplt - trueFF - user.js: extensions.funmoods.mntrvrsn - 1.3.0FF - user.js: extensions.BabylonToolbar.autoRvrt - falseFF - user.js: extensions.BabylonToolbar_i.newTab - falseFF - user.js: extensions.BabylonToolbar.tlbrSrchUrl -hxxp://search.babylon.com/?babsrc=TB_def&mntrId=fce4efc2000000000000002522695355&q=FF - user.js: extensions.BabylonToolbar.id - fce4efc2000000000000002522695355FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}FF - user.js: extensions.BabylonToolbar.instlDay - 15585FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1211:28FF - user.js: extensions.BabylonToolbar.prtnrId - babylonFF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbarFF - user.js: extensions.BabylonToolbar.aflt - babsstFF - user.js: extensions.BabylonToolbar_i.smplGrp - noneFF - user.js: extensions.BabylonToolbar.tlbrId - tb9FF - user.js: extensions.BabylonToolbar.instlRef - sstFF - user.js: extensions.BabylonToolbar.dfltLng - enFF - user.js: extensions.BabylonToolbar.excTlbr - falseFF - user.js: extensions.BabylonToolbar.admin - falseFF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110808&tt=3512_8FF - user.js: extensions.BabylonToolbar_i.babExt -FF - user.js: extensions.BabylonToolbar_i.srcExt - ssFF - user.js: extensions.searchya.hmpg - trueFF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=902815487FF - user.js: extensions.searchya.dfltSrch - trueFF - user.js: extensions.searchya.srchPrvdr - Search
  6. 6. FF - user.js: extensions.searchya.dnsErr - trueFF - user.js: extensions.searchya_i.newTab - trueFF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?s=2&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=902815487FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?s=3&a=foxtab&chnl=tc-100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=902815487&q=FF - user.js: extensions.searchya.id - 002522695355EFC2FF - user.js: extensions.searchya.instlDay - 15585FF - user.js: extensions.searchya.vrsn - 1.5.25.0FF - user.js: extensions.searchya.vrsni - 1.5.25.0FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.011:37FF - user.js: extensions.searchya.prtnrId - searchyaFF - user.js: extensions.searchya.prdct - searchyaFF - user.js: extensions.searchya.aflt - foxtabFF - user.js: extensions.searchya_i.smplGrp - noneFF - user.js: extensions.searchya.tlbrId - baseFF - user.js: extensions.searchya.instlRef - tc-100FF - user.js: extensions.searchya.dfltLng -FF - user.js: extensions.searchya.excTlbr - falseFF - user.js: extensions.searchya.autoRvrt - falseFF - user.js: extensions.searchya.envrmnt - productionFF - user.js: extensions.searchya.isdcmntcmplt - trueFF - user.js: extensions.searchya.mntrvrsn - 1.3.0.- - - - ORFÃOS REMOVIDOS - - - -.BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -c:progra~2Funmoods1.5.23.22bhescort.dllToolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -c:progra~2Funmoods1.5.23.22escorTlbr.dllWow6432Node-HKCU-Run-KiesAirMessage - c:program files(x86)SamsungKiesKiesAirMessage.exe...[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesAIDA64Driver]"ImagePath"="??c:program files (x86)FinalWireAIDA64 ExtremeEditionkerneld.x64".[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesX6va009]"ImagePath"="??c:windowsSysWOW64DriversX6va009".--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------.[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-
  7. 7. 0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe,-101".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}LocalServer32]@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}MiscStatus]@="0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}Version]
  8. 8. @="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}InprocServer32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}ToolboxBitmap32]@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}Version]@="1.0".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-444553540000}VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-B0C4-0800200C9A66}TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}0000AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]@Denied: (Full) (Everyone).Tempo para conclusão: 2013-02-16 19:05:27ComboFix-quarantined-files.txt 2013-02-16 22:05.Pré-execução: 83.803.574.272 bytes disponíveis
  9. 9. Pós execução: 88.894.566.400 bytes disponíveis.- - End Of File - - 3D19EA6D09A1C6663E6BC8E5F7A04275

×