ComboFix 15-10-28.01 - Daniel 29/10/2015 21:25:04.1.

2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1033.18.3967.2682 [GMT -2:00]
Executando de: c:\users\Daniel\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - drivers: deleted 212 bytes in 1 streams. [/i]
/wow section - STAGE 5
Access is denied.
Access is denied.
Could Not Find c:\combofix\tempAA
.
/wow section - STAGE 6A
Access is denied.
.
/wow section - STAGE 8
Access is denied.
.
/wow section - STAGE 38
Access is denied.
Access is denied.
Access is denied.
.
.
((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
.
c:\programdata\4246AC7E55.sys
c:\users\Daniel\AppData\Roaming\inst.exe
c:\windows\SysWow64\drivers\hwinterface.sys
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-09-28 to 2015-10-30 )))))
)))))))))))))))))))))))
.
.
2080-01-04 22:15 . 2080-01-04 22:15 -------- d-----w- c:\users
\Daniel\AppData\Roaming\AVAST Software
2080-01-04 21:53 . 2080-01-04 21:53 -------- d-----w- c:\windo
ws\SysWow64\vbox
2080-01-04 21:53 . 2080-01-04 21:53 -------- d-----w- c:\windo
ws\system32\vbox
2080-01-04 21:52 . 2080-01-04 21:52 -------- d-----w- c:\users
\Administrator\AppData\Roaming\AVAST Software
2080-01-04 20:25 . 2080-01-04 20:25 274808 ----a-w- c:\windows\syste
m32\drivers\aswVmm.sys
2080-01-04 20:25 . 2080-01-04 20:25 153744 ----a-w- c:\windows\syste
m32\drivers\aswStm.sys
2080-01-04 20:25 . 2080-01-04 20:25 93528 ----a-w- c:\windows\syste
m32\drivers\aswRdr2.sys
2080-01-04 20:25 . 2080-01-04 20:25 65224 ----a-w- c:\windows\syste
m32\drivers\aswRvrt.sys
2080-01-04 20:25 . 2080-01-04 20:25 28656 ----a-w- c:\windows\syste
m32\drivers\aswHwid.sys
2080-01-04 20:25 . 2080-01-04 19:54 1049880 ----a-w- c:\windows\syste
m32\drivers\aswSnx.sys
2080-01-04 20:25 . 2080-01-04 19:54 132656 ----a-w- c:\windows\syste
m32\drivers\ngvss.sys
2080-01-04 20:25 . 2080-01-04 20:25 378880 ----a-w- c:\windows\syste
m32\aswBoot.exe
2080-01-04 20:25 . 2080-01-04 20:25 43112 ----a-w- c:\windows\avast
SS.scr
2080-01-04 19:37 . 2080-01-04 19:37 -------- d-----w- c:\progr
amdata\AVAST Software
2015-10-30 00:26 . 2015-10-30 00:26 -------- d-----w- c:\users
\postgres\AppData\Local\temp
2015-10-30 00:26 . 2015-10-30 00:26 -------- d-----w- c:\users
\Default\AppData\Local\temp
2015-10-30 00:26 . 2015-10-30 00:26 -------- d-----w- c:\users
\Dani\AppData\Local\temp
2015-10-30 00:26 . 2015-10-30 00:26 -------- d-----w- c:\users
\Administrator\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2080-01-04 20:25 . 2010-10-26 16:27 448968 ----a-w- c:\windows\syste
m32\drivers\aswSP.sys
2080-01-04 20:25 . 2010-10-26 16:26 90968 ----a-w- c:\windows\syste
m32\drivers\aswMonFlt.sys
2015-10-28 23:50 . 2012-04-26 12:07 780488 ----a-w- c:\windows\SysWo
w64\FlashPlayerApp.exe
2015-10-28 23:50 . 2011-07-07 18:27 142536 ----a-w- c:\windows\SysWo
w64\FlashPlayerCPLApp.cpl
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385]
.. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.1
6385_none_292d5de8870d85d9\user32.dll
[-] 2010-05-31 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7600.16385]
.. c:\windows\system32\user32.dll
.
[-] 2010-05-31 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7600.16385]
.. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385]
.. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16
385_none_3382083abb6e47d4\user32.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legtimas por padro no so apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Commo
n Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-20 969104]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-
11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2007-02
-21 1183744]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.
exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Re
ader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
12-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
ed.exe" [2012-01-18 254696]
"AvastUI.exe"="c:\program files\Alwil Software\Avast5\AvastUI.exe" [2080-01-04 6
134544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginAbn]
2012-02-15 11:40 607472 ----a-w- c:\progra~2\GbPlugin\gbiehAbn.dl
l
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginCef]
2012-10-04 17:05 650088 ----a-w- c:\program files (x86)\GbPlugin\
gbiehcef.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\win
dows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Re
ader_sl.exe"
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATI
VE\drivers\gbpkm.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\dri
vers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BthAudioHF;BthAudioHF Service;c:\windows\system32\DRIVERS\BthAudioHF.sys;c:\w
indows\SYSNATIVE\DRIVERS\BthAudioHF.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys;c:\
windows\SYSNATIVE\DRIVERS\BthAvrcp.sys [x]
R3 csr_a2dp;Bluetooth AV Profile;c:\windows\system32\drivers\bthav.sys;c:\window
s\SYSNATIVE\drivers\bthav.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\wi
ndows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATI
VE\DRIVERS\rdpdispm.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\
VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\w
indows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\w
indows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Window
s Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 ngvss;ngvss; [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\System
Root\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\dri
vers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\driver
s\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\
SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSN
ATIVE\drivers\aswMonFlt.sys [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\progra
m files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Fireb
ird\Firebird_2_1\bin\fbguard.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.e
xe [x]
S2 HFGService;Handsfree Headset Service;c:\windows\system32\svchost.exe;c:\windo
ws\SYSNATIVE\svchost.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpser
vice.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x6
4\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\Alwil Software\Avast5\ng\v
box\VBoxAswDrv.sys;c:\program files\Alwil Software\Avast5\ng\vbox\VBoxAswDrv.sys
[x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\dr
ivers\vmci.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\A
TSwpWDF.sys;c:\windows\SYSNATIVE\Drivers\ATSwpWDF.sys [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\Alwil Software\Avast5\ng\
vbox\AvastVBoxSVC.exe;c:\program files\Alwil Software\Avast5\ng\vbox\AvastVBoxSV
C.exe [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program fi
les (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird
\Firebird_2_1\bin\fbserver.exe [x]
.
.
Contedo da pasta 'Tarefas Agendadas'
.
2015-10-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 23
:50]
.
2014-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2095091478-1863540489
-4033760350-1000Core.job
- c:\users\Daniel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-29 2
0:57]
.
2080-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf9fa21e49e399.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:03]
.
2080-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore21908138a4fba22.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:03]
.
2015-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-20 19:03]
.
2080-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095091478-1863540489-4
033760350-1000Core1cf9fa2207a2c37.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 19:33
]
.
2080-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095091478-1863540489-4
033760350-1000Core219081817fe1b40.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 19:33
]
.
2015-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2095091478-1863540489-4
033760350-1000UA.job
- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-14 19:33
]
.
1980-01-04 c:\windows\Tasks\Windows 7 Manager - Logon Background Changer.job
- c:\program files\Yamicsoft\Windows 7 Manager\LogonBackgroundChanger.exe [2009-
11-05 15:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
overlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2080-01-04 20:25 780616 ----a-w- c:\program files\Alwil Software\
Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1234216]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-1
6 57928]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=109220&tt=4612_5&babsrc=HP_ss&mnt
rId=a8ed824f000000000000001a73569017
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3
000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: picnik.com
TCP: DhcpNameServer = 93.158.212.35 8.8.8.8
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\37qk
ocw0.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=10922
0&tt=4612_5&babsrc=HP_ss&mntrId=a8ed824f000000000000001a73569017
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/
?babsrc=TB_def&mntrId=a8ed824f000000000000001a73569017&q=
FF - user.js: extensions.BabylonToolbar.id - a8ed824f000000000000001a73569017
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92D
D98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15657
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:54
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109220&tt=4612_5
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
.
- - - - ORFOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-Meebo Notifier - c:\users\Daniel\AppData\Local\Meebo\Meebo
Notifier\MeeboNotifier.exe
Wow6432Node-HKCU-Run-Metro7 - c:\program files (x86)\Metro7\Metro7.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_2
26_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F
}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F
}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A1082370
13BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A1082370
13BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A1082370
13BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_2
26_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_226_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-
D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_226.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-
444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8
F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8
F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8
F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para concluso: 2015-10-29 23:00:45
ComboFix-quarantined-files.txt 2015-10-30 01:00
.
Pr-execuo: 161.961.922.560 bytes free
Ps execuo: 163.595.624.448 bytes free
.
- - End Of File - - 5BD3747A75F473713C6EC956414F1D13
A36C5E4F47E84449FF07ED3517B43A31