ComboFix 10-12-14.05 - marcoantonio 15/12/2010 8:59:21.1.

1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1022.657 [GMT -2:0
0]
Executando de: C:\Documents and Settings\marcoantonio\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1061 [VPS 101214-1] *Disabled/Updated* {7591DB91-41F0-4
8A3-B128-1A293FD8233D}
.
[i] ADS - drivers: deleted 258 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
C:\Arquivos de programas\opensource
C:\Thumbs.db
C:\win1ks\up.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-15 to 2010-12-15 )))))
)))))))))))))))))))))))
.
2010-12-14 14:08:39 . 2010-12-15 10:21:44 -------- d-----w-
C:\Arquivos de programas\cefd383757d1d
2010-12-14 13:54:48 . 2010-12-14 13:54:48 178597 ----a-w- C:\51942
_bankerfix_30.exe
2010-12-14 13:34:30 . 2010-12-14 13:34:30 -------- d-----w-
C:\Arquivos de programas\13575
2010-12-14 13:05:59 . 2010-12-14 13:05:58 34816 ----a-w- C:\WINDO
WS\stfmon.exe
2010-12-14 13:05:31 . 2010-12-14 13:05:40 1247232 ---h--w- C:\WINDO
WS\jspbbplugin.dll
2010-12-14 13:02:43 . 2010-12-15 11:04:20 -------- d-----w-
C:\win1ks
2010-12-14 12:21:14 . 2010-12-14 12:21:14 -------- d-----w-
C:\Documents and Settings\marcoantonio\Dados de aplicativos\de.makesoft.twhirl.0
EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1
2010-12-02 16:39:04 . 2010-12-13 17:19:13 -------- d-----w-
C:\Documents and Settings\marcoantonio\.freemind
2010-12-02 16:38:50 . 2010-12-06 13:48:14 -------- d-----w-
C:\Arquivos de programas\FreeMind
2010-11-17 19:13:33 . 2010-11-17 19:13:33 11776 ----a-w- C:\Arqui
vos de programas\Mozilla Firefox\plugins\nprjplug.dll
2010-11-17 19:13:20 . 2010-11-17 19:13:20 -------- d-----w-
C:\Arquivos de programas\Arquivos comuns\xing shared
2010-11-17 19:13:00 . 2010-11-17 19:13:00 151776 ----a-w- C:\Arqui
vos de programas\Mozilla Firefox\plugins\nppl3260.dll
2010-11-17 19:12:49 . 2010-11-17 19:12:50 100352 ----a-w- C:\Arqui
vos de programas\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-17 19:12:33 . 2010-11-17 19:13:24 -------- d-----w-
C:\Arquivos de programas\Real
2010-11-17 11:08:33 . 2010-12-09 11:15:02 -------- d-----w-
C:\diretrizBRASAL
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-09-30 20:44:26 . 2009-10-19 12:12:54 45976 ----a-w- C:\WINDO
WS\system32\drivers\GbpKm.sys
2010-09-18 15:23:20 . 2004-08-04 10:00:00 974848 ----a-w- C:\WINDO
WS\system32\mfc42u.dll
2010-09-18 06:53:19 . 2004-08-04 10:00:00 974848 ----a-w- C:\WINDO
WS\system32\mfc42.dll
2010-09-18 06:53:19 . 2004-08-04 10:00:00 954368 ----a-w- C:\WINDO
WS\system32\mfc40.dll
2010-09-18 06:53:19 . 2004-08-04 10:00:00 953856 ----a-w- C:\WINDO
WS\system32\mfc40u.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{361B2978-88FF-11D2-8D96-E7ACAC9595
1F}]
2010-12-14 13:05:40 1247232 ---h--w- c:\WINDOWS\jspbbplugin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-01-18 22:12:54 86280 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ServiceTef"="C:\WINDOWS\stfmon.exe" [2010-12-14 13:05:58 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36:20 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:20:54 15360]
C:\Documents and Settings\marcoantonio\Menu Iniciar\Programas\Inicializar\
kgdywyoxgf.lnk - C:\Arquivos de programas\cefd383757d1d\kgdywyoxgf.exe [2010-12-
14 1044480]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Windows Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSear
ch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExec
uteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desk
top Search\MSNLNamespaceMgr.dll" [2009-05-25 01:41:34 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginAbn]
2010-09-30 20:40:04 339736 ----a-w- C:\ARQUIV~1\GbPlugin\gbiehAbn.dl
l
[HKLM\~\startupfolder\C:^Documents and Settings^marcoantonio^Menu Iniciar^Progra
mas^Inicializar^kgdywyoxgf.lnk]
path=C:\Documents and Settings\marcoantonio\Menu Iniciar\Programas\Inicializar\k
gdywyoxgf.lnk
backup=C:\WINDOWS\pss\kgdywyoxgf.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^marcoantonio^Menu Iniciar^Progra
mas^Inicializar^Recorte de tela e Iniciador do OneNote 2007.lnk]
path=C:\Documents and Settings\marcoantonio\Menu Iniciar\Programas\Inicializar\R
ecorte de tela e Iniciador do OneNote 2007.lnk
backup=C:\WINDOWS\pss\Recorte de tela e Iniciador do OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
M]
2010-09-21 02:07:44 932288 ----a-r- C:\Arquivos de programas\Arquivo
s comuns\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Re
ader Speed Launcher]
2010-09-23 07:47:04 35760 ----a-w- C:\Arquivos de programas\Adobe\R
eader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetoot
hAuthenticationAgent]
2008-04-14 02:21:25 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMo
nitor]
2008-10-25 13:44:34 31072 ----a-w- C:\Arquivos de programas\Microso
ft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 18:44:26 3883840 ----a-w- C:\Arquivos de programas\Windows
Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Newspipe
r]
2009-07-10 14:31:07 1252864 ----a-w- C:\Arquivos de programas\Newspip
er\newspiper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaU
pdateSched]
2010-05-14 14:44:46 248552 ----a-w- C:\Arquivos de programas\Arquivo
s comuns\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellEx
e]
2010-11-17 19:12:40 274608 ----a-w- C:\Arquivos de programas\Real\Re
alPlayer\Update\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Expl
orer]
2010-12-14 13:02:57 258048 ----a-w- C:\win1ks\msnmsgrb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Serv
ice Pack]
2010-12-14 13:02:54 405504 ----a-w- C:\win1ks\msnmsgra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"OMSI download service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"GbpSv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Arquivos de programas\\ESTsoft\\ALFTP\\ALFTP.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\cefd383757d1d\\kgdywyoxgf.exe"=
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\GbpKm.sys [19/10/2009 10:12:
54 45976]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [11/2/2010 10:04:52 691696]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [10/7/2009
12:18:52 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [10/7/2009 12:18:5
2 20560]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [19/10/2009 10:12:53 55576]
S2 AdminService9.1D;AdminService for PROGRESS 9.1D;C:\dlc91d\bin\admsrvc.exe [10
/7/2009 16:27:07 20480]
S2 avast! NetAgent;avast! NetAgent;C:\Arquivos de programas\Alwil Software\Avast
4\AvAgent.exe [10/7/2009 12:18:30 52160]
S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Updat
e\GoogleUpdate.exe [8/2/2009 17:39:22 135664]
S2 khzme;khzme;C:\WINDOWS\system32\svchost.exe -k netsvcs [4/8/2004 08:00:00 143
36]
S3 ProService9.1D;ProService for 9.1D;c:\dlc91d\bin\ProSrvc.exe --> c:\dlc91d\bi
n\ProSrvc.exe [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;C:\Arquivos de programas\St
umbleUpon\StumbleUponUpdateService.exe [7/4/2010 18:03:50 120232]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSv
cs
khzme
hfziudykm
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-12-15 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-08 19:39:22 .
2009-02-08 19:39:17]
2010-12-14 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2009-02-08 19:39:22 .
2009-02-08 19:39:17]
2010-12-15 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2739028582-1068247596-1
79909492-1157.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33:50
. 2010-11-05 13:33:50]
2010-12-15 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2739028582-10682475
96-179909492-1157.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-11-05 13:33:50
. 2010-11-05 13:33:50]
2010-12-14 C:\WINDOWS\Tasks\User_Feed_Synchronization-{BA13354F-EB7F-4C9C-8094-E
80C8ABB5FF0}.job
- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 07:31:54 . 2009-03-08 07:31:54
]
2010-12-15 C:\WINDOWS\Tasks\WGASetup.job
- C:\WINDOWS\system32\KB905474\wgasetup.exe [2009-07-17 13:23:50 . 2009-03-11 01
:18:12]
.
.
------- Scan Suplementar -------
.
uStart Page = about:blank
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~3\Office12\EXCEL.EXE/3
000
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: ????3?? - C:\Documents and Settings\marcoantonio\Dados de aplicativos\FlashG
etBHO\GetUrl.htm
IE: ????3?????? - C:\Documents and Settings\marcoantonio\Dados de aplicativos\Fl
ashGetBHO\GetAllUrl.htm
Trusted Zone: bancoreal.com.br\www
Trusted Zone: realsecureweb.com.br\www
Trusted Zone: realsecureweb.com.br\www2
Trusted Zone: realsecureweb.com.br\wwws
Trusted Zone: santander.com.br\www
Trusted Zone: santandernet.com.br\www
Trusted Zone: secureweb.com.br\www
FF - ProfilePath - C:\Documents and Settings\marcoantonio\Dados de aplicativos\M
ozilla\Firefox\Profiles\ssel9dse.default\
FF - prefs.js: browser.startup.homepage - hxxp://crm.diretriznet.com.br/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Arquivos de progr
amas\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Arquivos de
programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Arquivos de
programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Arquivos de
programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Arquivos de
programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - C:\Arquivos de programas\Java\jre6\l
ib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\D
otNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-088257605
34b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: LogMeIn, Inc. Rescue Technician Console: TechnicianConsole@logmeinresc
ue.com - %profile%\extensions\TechnicianConsole@logmeinrescue.com
FF - Ext: TV-Fox: {2f17f610-5e97-4fed-828f-9940b7b577a4} - %profile%\extensions\
{2f17f610-5e97-4fed-828f-9940b7b577a4}
FF - Ext: flashget3 Extension: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} - %profile
%\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
.
- - - - ORFÃOS REMOVIDOS - - - -
MSConfigStartUp-Avira Anti Virus 2010 - C:\win1ks\up.exe
MSConfigStartUp-Sony Ericsson PC Suite - C:\Arquivos de programas\Sony Ericsson\
Sony Ericsson PC Suite\SEPCSuite.exe
AddRemove-PROGRESS 9.1D - C:\WINDOWS\ProgressUninstall9.1D -cc:\dlc91d\uninst.dl
l

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-12-15 09:06:16
Windows 5.1.2600 Service Pack 3 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_USERS\S-1-5-21-2739028582-1068247596-179909492-1157\Software\Microsoft\Int
ernet Explorer\MenuExt\ O(uë_f 3*N} ]
@="C:\\Documents and Settings\\marcoantonio\\Dados de aplicativos\\FlashGetBHO\\
GetUrl.htm"
"contexts"=dword:00000022
[HKEY_USERS\S-1-5-21-2739028582-1068247596-179909492-1157\Software\Microsoft\Int
ernet Explorer\MenuExt\ O(uë_f 3*N} hQè þ ¥c]
@="C:\\Documents and Settings\\marcoantonio\\Dados de aplicativos\\FlashGetBHO\\
GetAllUrl.htm"
"contexts"=dword:000000f3
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX
.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(656)
C:\ARQUIV~1\GbPlugin\gbiehAbn.dll
.
Tempo para conclusão: 2010-12-15 09:10:05
ComboFix-quarantined-files.txt 2010-12-15 11:09:48
Pré-execução: 9.631.670.272 bytes disponíveis
Pós execução: 30 pasta(s) 11.106.484.224 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - C56BFB4781C15399B7444325585066BC