More Related Content
Similar to Combo fix (20)
Combo fix
- 1. ComboFix 13-02-15.01 - Red 16/02/2013 18:55:48.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.4095.3027 [GMT -3:00]
Executando de: c:usersRedDesktopComboFix.exe
FW: Outpost Firewall Pro *Disabled* {D4D1EAE8-EA68-0A9F-FEFA-AB61226EC615}
SP: Outpost Firewall Pro *Disabled/Updated* {578B8A29-863D-0449-EF15-
3926A73ACBD3}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras
Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:usersRedguefae.exe
c:windowsSysWow64muzapp.exe
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-01-16 to 2013-02-
16 ))))))))))))))))))))))))))))
.
.
2013-02-16 22:02 . 2013-02-16 22:02 -------- d-----w-
c:usersDefaultAppDataLocaltemp
2013-02-16 20:56 . 2013-01-31 08:19 203104 ----a-w-
c:windowssystem32driversssudmdm.sys
2013-02-16 20:56 . 2013-01-31 08:19 102368 ----a-w-
c:windowssystem32driversssudbus.sys
2013-02-16 20:51 . 2012-12-18 13:06 4659712 ----a-w-
c:windowsSysWow64Redemption.dll
2013-02-16 20:51 . 2012-12-18 13:06 821824 ----a-w-
c:windowsSysWow64dgderapi.dll
2013-02-16 20:50 . 2013-02-16 20:56 -------- d-----w- c:program files
(x86)Samsung
2013-02-16 20:50 . 2013-02-16 20:55 -------- d-----w-
c:programdataSamsung
2013-02-16 20:49 . 2013-02-16 20:49 -------- d-----w-
c:usersRedAppDataLocalDownloaded Installations
2013-01-19 16:31 . 2013-01-19 16:31 -------- d-----w-
c:usersRedAppDataRoamingNero
2013-01-19 15:21 . 2013-01-19 15:21 -------- d-----w-
c:usersRedAppDataLocalAVG Secure Search
2013-01-19 15:21 . 2013-01-21 13:01 -------- d-----w- c:programdataAVG
Secure Search
2013-01-19 15:21 . 2013-02-12 14:08 39768 ----a-w-
c:windowssystem32driversavgtpx64.sys
2013-01-19 15:21 . 2013-01-31 02:06 -------- d-----w- c:program files
(x86)Common FilesAVG Secure Search
2013-01-19 15:21 . 2013-02-12 14:09 -------- d-----w- c:program files
(x86)AVG Secure Search
2013-01-19 15:20 . 2013-01-19 15:20 -------- d--h--w- c:programdataCommon
Files
2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:program files
(x86)Common FilesNero
2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:program files
(x86)Nero
2013-01-19 15:19 . 2013-01-19 15:20 -------- d-----w- c:programdataNero
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório
Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-16 20:39 . 2012-08-11 22:04 32320 ----a-w-
c:windowssystem32driversFNETTBOH_305.SYS
- 2. 2013-01-11 00:11 . 2012-08-12 01:20 697864 ----a-w-
c:windowsSysWow64FlashPlayerApp.exe
2013-01-11 00:11 . 2012-08-11 21:09 74248 ----a-w-
c:windowsSysWow64FlashPlayerCPLApp.cpl
2012-12-18 13:06 . 2012-12-18 13:06 90112 ----a-w-
c:windowsMAMCityDownload.ocx
2012-12-18 13:06 . 2012-12-18 13:06 330240 ----a-w-
c:windowsMASetupCaller.dll
2012-12-18 13:06 . 2012-12-18 13:06 30568 ----a-w-
c:windowsMusiccityDownload.exe
2012-12-18 13:06 . 2012-12-18 13:06 974848 ----a-w-
c:windowsSysWow64cis-2.4.dll
2012-12-18 13:06 . 2012-12-18 13:06 81920 ----a-w-
c:windowsSysWow64issacapi_bs-2.3.dll
2012-12-18 13:06 . 2012-12-18 13:06 65536 ----a-w-
c:windowsSysWow64issacapi_pe-2.3.dll
2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w-
c:windowsSysWow64MTXSYNCICON.dll
2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w-
c:windowsSysWow64MK_Lyric.dll
2012-12-18 13:06 . 2012-12-18 13:06 57344 ----a-w-
c:windowsSysWow64issacapi_se-2.3.dll
2012-12-18 13:06 . 2012-12-18 13:06 569344 ----a-w-
c:windowsSysWow64muzdecode.ax
2012-12-18 13:06 . 2012-12-18 13:06 491520 ----a-w-
c:windowsSysWow64muzapp.dll
2012-12-18 13:06 . 2012-12-18 13:06 49152 ----a-w-
c:windowsSysWow64MaJGUILib.dll
2012-12-18 13:06 . 2012-12-18 13:06 45320 ----a-w-
c:windowsSysWow64MAMACExtract.dll
2012-12-18 13:06 . 2012-12-18 13:06 45056 ----a-w-
c:windowsSysWow64MaXMLProto.dll
2012-12-18 13:06 . 2012-12-18 13:06 45056 ----a-w-
c:windowsSysWow64MACXMLProto.dll
2012-12-18 13:06 . 2012-12-18 13:06 40960 ----a-w-
c:windowsSysWow64MTTELECHIP.dll
2012-12-18 13:06 . 2012-12-18 13:06 352256 ----a-w-
c:windowsSysWow64MSLUR71.dll
2012-12-18 13:06 . 2012-12-18 13:06 258048 ----a-w-
c:windowsSysWow64muzoggsp.ax
2012-12-18 13:06 . 2012-12-18 13:06 245760 ----a-w-
c:windowsSysWow64MSCLib.dll
2012-12-18 13:06 . 2012-12-18 13:06 24576 ----a-w-
c:windowsSysWow64MASetupCleaner.exe
2012-12-18 13:06 . 2012-12-18 13:06 200704 ----a-w-
c:windowsSysWow64muzwmts.dll
2012-12-18 13:06 . 2012-12-18 13:06 155648 ----a-w-
c:windowsSysWow64MSFLib.dll
2012-12-18 13:06 . 2012-12-18 13:06 143360 ----a-w-
c:windowsSysWow643DAudio.ax
2012-12-18 13:06 . 2012-12-18 13:06 135168 ----a-w-
c:windowsSysWow64muzaf1.dll
2012-12-18 13:06 . 2012-12-18 13:06 131072 ----a-w-
c:windowsSysWow64muzmpgsp.ax
2012-12-18 13:06 . 2012-12-18 13:06 122880 ----a-w-
c:windowsSysWow64muzeffect.ax
2012-12-18 13:06 . 2012-12-18 13:06 118784 ----a-w-
c:windowsSysWow64MaDRM.dll
2012-12-18 13:06 . 2012-12-18 13:06 110592 ----a-w-
c:windowsSysWow64muzmp4sp.ax
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do
Registro )))))))))))))))))))))))))))))))))))))))
- 3. .
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432Node~Browser Helper Objects{95B7759C-
8C7F-4BF1-B163-73684A933233}]
2013-02-12 14:08 1920688 ----a-w- c:program files (x86)AVG Secure
Search14.1.0.10AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftInternet ExplorerToolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:program files (x86)AVG Secure
Search14.1.0.10AVG Secure Search_toolbar.dll" [2013-02-12 1920688]
.
[HKEY_CLASSES_ROOTclsid{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOTAVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"KiesPreload"="c:program files (x86)SamsungKiesKies.exe" [2012-12-20
1476104]
.
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun]
"KiesTrayAgent"="c:program files (x86)SamsungKiesKiesTrayAgent.exe" [2012-
12-20 310280]
.
c:programdataMicrosoftWindowsStart MenuProgramsStartup
Monitor Apache Servers.lnk - c:program files (x86)Apache Software
FoundationApache2.2binApacheMonitor.exe [2011-9-9 41051]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows
ntcurrentversionwindows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:progra~1AgnitumOUTPOS~1wl_hook.dll
.
[HKEY_LOCAL_MACHINEsoftwarewow6432nodemicrosoftwindows
ntcurrentversiondrivers32]
"mixer3"=wdmaud.drv
.
R2 acssrv;Agnitum Client Security Service;c:progra~1AgnitumOUTPOS~1acs.exe
[2012-06-15 3268448]
R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:program files
(x86)FinalWireAIDA64 Extreme Editionkerneld.x64 [2012-05-30 28320]
R3 ASWFilt;ASWFilt;c:windowssystem32FiltASWFilt64.dll [2012-03-19 66184]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU
Ver.);c:windowssystem32DRIVERSssudbus.sys [2013-01-31 102368]
R3 FNETTBOH_305;FNETTBOH_305;c:windowssystem32driversFNETTBOH_305.SYS [2013-
02-16 32320]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU
Ver.);c:windowssystem32DRIVERSssudmdm.sys [2013-01-31 203104]
R3 X6va009;X6va009;c:windowsSysWOW64DriversX6va009 [x]
R4 NAUpdate;Nero Update;c:program files (x86)NeroUpdateNASvc.exe [2012-07-13
769432]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:program files
(x86)NVIDIA Corporation3D VisionnvSCPAPISvr.exe [2012-05-15 382272]
R4 vToolbarUpdater14.1.7;vToolbarUpdater14.1.7;c:program files (x86)Common
FilesAVG Secure SearchvToolbarUpdater14.1.7ToolbarUpdater.exe [2013-02-12
965296]
S1 afw;Agnitum Firewall Driver;c:windowssystem32DRIVERSafw.sys [2011-03-28
- 4. 38488]
S1 avgtp;avgtp;c:windowssystem32driversavgtpx64.sys [2013-02-12 39768]
S1 FNETURPX;FNETURPX;c:windowssystem32driversFNETURPX.SYS [2012-08-11 15936]
S1 SandBox;SandBox;c:windowssystem32driversSandBox64.sys [2012-03-19
1266544]
S2 Apache2.2;Apache2.2;c:program files (x86)Apache Software
FoundationApache2.2binhttpd.exe [2011-09-09 20549]
S2 VBoxDrv;VBox Support Driver;c:program files
(x86)YouWave_AndroidvbVBoxDrv.sys [2011-11-20 202592]
S3 afwcore;afwcore;c:windowssystem32driversafwcore.sys [2012-06-14 445568]
S3 VIAHdAudAddService;VIA High Definition Audio Driver
Service;c:windowssystem32driversviahduaa.sys [2012-08-11 1196032]
.
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-02-16 c:windowsTasksAdobe Flash Player Updater.job
- c:windowsSysWOW64MacromedFlashFlashPlayerUpdateService.exe [2012-08-12
00:11]
.
2013-02-16 c:windowsTasksROC_JAN2013_TB_rmv.job
- c:program files (x86)AVG Secure SearchPostInstallROC.exe [2013-01-31
02:06]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershellicon
overlayidentifiersOutpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOTCLSID{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2012-06-15 18:46 287408 ----a-w- c:program filesAgnitumOutpost
Firewall Proop_shell.dll
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"OutpostMonitor"="c:progra~1AgnitumOUTPOS~1op_mon.exe" [2012-06-15 4366392]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWindows]
"AppInit_DLLs"=c:progra~1AgnitumOUTPOS~1wl_hook64.dll
.
------- Scan Suplementar -------
.
uLocal Page = c:windowssystem32blank.htm
uStart Page = about:blank
mStart Page = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=tc-
100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2Xzut
BtFtCtFtCtFtAtCtB&cr=902815487
mLocal Page = c:windowsSysWOW64blank.htm
IE: &Download by Orbit - c:program files (x86)Orbitdownloaderorbitmxt.dll/201
IE: &Grab video by Orbit - c:program files
(x86)Orbitdownloaderorbitmxt.dll/204
IE: Baixar com Mipony - file://c:program files
(x86)MiPonyBrowserIEContext.htm
IE: Do&wnload selected by Orbit - c:program files
(x86)Orbitdownloaderorbitmxt.dll/203
IE: Down&load all by Orbit - c:program files
(x86)Orbitdownloaderorbitmxt.dll/202
LSP: %SystemRoot%system32PrxerDrv.dll
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:program files
(x86)Common FilesAVG Secure SearchViProtocolInstaller14.1.7ViProtocol.dll
FF - ProfilePath -
c:usersRedAppDataRoamingMozillaFirefoxProfilesf38n2r7c.default
- 5. FF - ExtSQL: 2013-01-19 13:21; avg@toolbar; c:programdataAVG Secure
SearchFireFoxExt14.1.0.10
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?
f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN
0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?
f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN
0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?
f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN
0D0Tzu0StBtAyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1335891272&q=
FF - user.js: extensions.funmoods.id - 002522695355EFC2
FF - user.js: extensions.funmoods.instlDay - 15577
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2219:36
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - ironpub
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - ironpub
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl -
hxxp://search.babylon.com/?
babsrc=TB_def&mntrId=fce4efc2000000000000002522695355&q=
FF - user.js: extensions.BabylonToolbar.id - fce4efc2000000000000002522695355
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-
F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15585
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1211:28
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110808&tt=3512_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.searchya.hmpg - true
FF - user.js: extensions.searchya.hmpgUrl - hxxp://www.searchya.com/?
s=0&a=foxtab&chnl=tc-
100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2Xzut
BtFtCtFtCtFtAtCtB&cr=902815487
FF - user.js: extensions.searchya.dfltSrch - true
FF - user.js: extensions.searchya.srchPrvdr - Search
- 6. FF - user.js: extensions.searchya.dnsErr - true
FF - user.js: extensions.searchya_i.newTab - true
FF - user.js: extensions.searchya.newTabUrl - hxxp://www.searchya.com/?
s=2&a=foxtab&chnl=tc-
100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2Xzut
BtFtCtFtCtFtAtCtB&cr=902815487
FF - user.js: extensions.searchya.tlbrSrchUrl - hxxp://www.searchya.com/?
s=3&a=foxtab&chnl=tc-
100&cd=2XzuyEtN2Y1L1QzutDtDtByDtBtByCzyyDtAyDyD0E0F0CtBtN0D0Tzu0StByEyDtN1L2Xzut
BtFtCtFtCtFtAtCtB&cr=902815487&q=
FF - user.js: extensions.searchya.id - 002522695355EFC2
FF - user.js: extensions.searchya.instlDay - 15585
FF - user.js: extensions.searchya.vrsn - 1.5.25.0
FF - user.js: extensions.searchya.vrsni - 1.5.25.0
FF - user.js: extensions.searchya_i.vrsnTs - 1.5.25.011:37
FF - user.js: extensions.searchya.prtnrId - searchya
FF - user.js: extensions.searchya.prdct - searchya
FF - user.js: extensions.searchya.aflt - foxtab
FF - user.js: extensions.searchya_i.smplGrp - none
FF - user.js: extensions.searchya.tlbrId - base
FF - user.js: extensions.searchya.instlRef - tc-100
FF - user.js: extensions.searchya.dfltLng -
FF - user.js: extensions.searchya.excTlbr - false
FF - user.js: extensions.searchya.autoRvrt - false
FF - user.js: extensions.searchya.envrmnt - production
FF - user.js: extensions.searchya.isdcmntcmplt - true
FF - user.js: extensions.searchya.mntrvrsn - 1.3.0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} -
c:progra~2Funmoods1.5.23.22bhescort.dll
Toolbar-{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} -
c:progra~2Funmoods1.5.23.22escorTlbr.dll
Wow6432Node-HKCU-Run-KiesAirMessage - c:program files
(x86)SamsungKiesKiesAirMessage.exe
.
.
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesAIDA64Driver]
"ImagePath"="??c:program files (x86)FinalWireAIDA64 Extreme
Editionkerneld.x64"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001servicesX6va009]
"ImagePath"="??c:windowsSysWOW64DriversX6va009"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:Windowssystem32MacromedFlashFlashUtil64_11_5_502
_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}LocalServer32]
@="c:Windowssystem32MacromedFlashFlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{73C9DFA0-750D-11E1-B0C4-
- 7. 0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesInterface{6AE38AE0-750C-11E1-B0C4-
0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502
_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}LocalServer32]
@="c:WindowsSysWOW64MacromedFlashFlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{73C9DFA0-750D-11E1-B0C4-
0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}Version]
- 8. @="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB6E-AE6D-11cf-96B8-
444553540000}VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}InprocServer32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}ToolboxBitmap32]
@="c:WindowsSysWOW64MacromedFlashFlash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}Version]
@="1.0"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeCLSID{D27CDB70-AE6D-11cf-96B8-
444553540000}VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINESOFTWAREClassesWow6432NodeInterface{6AE38AE0-750C-11E1-
B0C4-0800200C9A66}TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-
08002BE10318}0000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlPCWSecurity]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2013-02-16 19:05:27
ComboFix-quarantined-files.txt 2013-02-16 22:05
.
Pré-execução: 83.803.574.272 bytes disponíveis