ComboFix 10-12-04.06 - Claudio 06/12/2010 16:59:04.1.

1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.894.549 [GMT -2:00
]
Executando de: D:\Download\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-
B128-1A293FD8233D}
.
[i] ADS - system32: deleted 4 bytes in 2 streams. [/i]
[i] ADS - drivers: deleted 216 bytes in 2 streams. [/i]
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))
))))))))))))))))))))))))))))
.
C:\Arquivos de programas\Dealio Toolbar
C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\config.ini
C:\Arquivos de programas\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
C:\Arquivos de programas\Dealio Toolbar\Res\amazon.gif
C:\Arquivos de programas\Dealio Toolbar\Res\apple.gif
C:\Arquivos de programas\Dealio Toolbar\Res\barnes.gif
C:\Arquivos de programas\Dealio Toolbar\Res\bestbuy.gif
C:\Arquivos de programas\Dealio Toolbar\Res\dealio_logo.gif
C:\Arquivos de programas\Dealio Toolbar\Res\dealio_logo_hover.gif
C:\Arquivos de programas\Dealio Toolbar\Res\ebay.gif
C:\Arquivos de programas\Dealio Toolbar\Res\icon_settings.gif
C:\Arquivos de programas\Dealio Toolbar\Res\macys.gif
C:\Arquivos de programas\Dealio Toolbar\Res\newegg.gif
C:\Arquivos de programas\Dealio Toolbar\Res\overstock.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search-button-hover.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search-button.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search-chevron-hover.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search-chevron.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search_amazon.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search_dealio.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search_ebay.gif
C:\Arquivos de programas\Dealio Toolbar\Res\search_yahoo.gif
C:\Arquivos de programas\Dealio Toolbar\Res\target.gif
C:\Arquivos de programas\Dealio Toolbar\Res\walmart.gif
C:\Arquivos de programas\Dealio Toolbar\Res\widgets.xml
C:\Arquivos de programas\Dealio Toolbar\WidgiHelper.exe
C:\Arquivos de programas\Search Settings
C:\Arquivos de programas\Search Settings\SeARchsettings.dll
C:\Arquivos de programas\Search Settings\SearchSettings.exe
C:\Arquivos de programas\Search Settings\SearchSettingsRes409.dll
C:\Documents and Settings\Claudio\Dados de aplicativos\.#
C:\Documents and Settings\Claudio\Dados de aplicativos\Dealio
C:\Documents and Settings\Claudio\Dados de aplicativos\Dealio\res\widgets.xml
C:\Documents and Settings\Claudio\Dados de aplicativos\Dealio\temp\http___www_de
alio_com_rss_coupons-deals_dotd_.xml
C:\Documents and Settings\Claudio\Dados de aplicativos\inst.exe
C:\Documents and Settings\Monica\Dados de aplicativos\Dealio
C:\Documents and Settings\Monica\Dados de aplicativos\Dealio\res\widgets.xml
C:\Documents and Settings\Monica\Dados de aplicativos\Dealio\temp\http___www_dea
lio_com_rss_coupons-deals_dotd_.xml
C:\Documents and Settings\Monica\Dados de aplicativos\Dealio\temp\WTIE-14847.log
C:\nIKalod
C:\nIKalod\Kanop\Desktop.ini
C:\restore
C:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini
C:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
C:\WINDOWS\gendel32.exe
C:\WINDOWS\system32\reg_0001.txt
C:\WINDOWS\winload.inf
C:\WINDOWS\wjviewdl.exe
.
(((((((((((((((( Arquivos/Ficheiros criados de 2010-11-06 to 2010-12-06 )))))
)))))))))))))))))))))))
.
2010-12-06 10:49:30 . 2010-12-06 10:49:30 -------- d-----w-
C:\Arquivos de programas\RealVNC
2010-12-03 10:13:55 . 2010-12-03 10:14:01 -------- d---a-w-
C:\CLIPPER5
2010-12-03 10:13:26 . 2010-12-03 10:13:53 -------- d-----w-
C:\nfe
2010-11-18 19:56:16 . 2010-11-18 19:56:17 -------- d-----w-
C:\Arquivos de programas\Ask Search Assistant
2010-11-08 19:59:21 . 2010-11-08 20:00:10 -------- d-----w-
C:\Documents and Settings\NetworkService\Configurações locais\Dados de aplicativos\T
emp
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))
)))))))))))))))))))))))))))))
.
2010-11-17 13:19:38 . 2009-12-05 08:22:07 47008 ----a-w- C:\WINDO
WS\system32\drivers\gbpkm.sys
.
------- Sigcheck -------
[-] 2008-03-12 21:35:30 . 85A395DF50E692503A47F4D9CB1DC356 . 1548288 . . [5.1.26
00.2180 (xpsp_sp2_rtm.040803-2158)] . . C:\WINDOWS\system32\sfcfiles.dll
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
)))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por defeito não são mostradas.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe" [2009-07
-26 18:44:26 3883840]
"uTorrent"="C:\Arquivos de programas\uTorrent\uTorrent.exe" [2010-09-04 18:16:02
487800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Arquivos de programas\Java\jre6\bin\jusched.exe" [2009-
01-17 13:48:37 136600]
"Acrobat Assistant 7.0"="C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acr
otray.exe" [2008-04-23 05:08:13 483328]
"HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.e
xe" [2004-02-12 16:38:56 49152]
"HP Component Manager"="C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe" [20
04-05-12 18:18:56 241664]
"LogMeIn Hamachi Ui"="C:\Arquivos de programas\LogMeIn Hamachi\hamachi-2-ui.exe"
[2010-03-30 14:16:16 1820040]
"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.e
xe" [2010-07-22 17:42:10 202256]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-03-12 20:48:27 110592]
"avast5"="C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 15:12:02 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-03-12 20:48:31 15360]
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760
-000000000002}\SC_Acrobat.exe [2008-7-9 25214]
Ralink Wireless Utility.lnk - C:\Arquivos de programas\Ralink\Common\RaUI.exe [2
010-8-14 2297856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
\ GbPluginBb]
2010-11-17 13:17:12 349472 ----a-w- C:\Arquivos de programas\GbPlugi
n\gbieh.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas
^Inicializar^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP D
igital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas
^Inicializar^Inicialização rápida do HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inic
ialização rápida do HP Image Zone.lnk
backup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Claudio^Menu Iniciar^Programas^I
nicializar^BrOffice.org 3.1.lnk]
path=C:\Documents and Settings\Claudio\Menu Iniciar\Programas\Inicializar\BrOffi
ce.org 3.1.lnk
backup=C:\WINDOWS\pss\BrOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetoot
hAuthenticationAgent]
2008-03-12 20:48:27 110592 ----a-w- C:\WINDOWS\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.E
XE]
2008-03-12 20:48:31 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamer
a]
2007-01-30 20:50:56 20480 ----a-w- C:\WINDOWS\FixCamera.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Con
nection Agent]
2006-11-13 17:57:40 1289000 ----a-w- C:\Arquivos de programas\Microso
ft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilt
erCheck]
2001-07-09 14:50:42 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.ex
e
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM
.EXE]
2009-11-09 03:17:50 180224 ----a-w- C:\Arquivos de programas\PowerIS
O\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-02-02 15:07:32 675840 ----a-w- C:\WINDOWS\vsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std
]
2007-02-02 13:23:40 258048 ----a-w- C:\WINDOWS\tsnp2std.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
]
2010-09-04 18:16:02 487800 ----a-w- C:\Arquivos de programas\uTorren
t\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Arquivos de programas\\Puxa Rápido\\PuxaRapido.exe"=
"C:\\Arquivos de programas\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Arquivos de programas\Microsoft ActiveSync\rapimgr.exe"= C:\Arquivos de prog
ramas\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveS
ync RAPI Manager
"C:\Arquivos de programas\Microsoft ActiveSync\wcescomm.exe"= C:\Arquivos de pro
gramas\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:Activ
eSync Connection Manager
"C:\Arquivos de programas\Microsoft ActiveSync\WCESMgr.exe"= C:\Arquivos de prog
ramas\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveS
ync Application
"C:\\Valve\\hl.exe"=
"C:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=
"C:\\Arquivos de programas\\Java\\jre6\\bin\\java.exe"=
"C:\\Arquivos de programas\\D-Link\\AP Manager for DWL-2100AP\\APMGR7XXX.exe"=
"C:\\Documents and Settings\\Claudio\\Desktop\\winbox.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Arquivos de programas\\uTorrent\\uTorrent.exe"=
"C:\\Arquivos de programas\\gta2gh\\gta2gh.exe"=
"C:\\Documents and Settings\\Claudio\\Desktop\\GTA2\\gta2.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Arquivos de programas\\RealVNC\\VNC4\\vncviewer.exe"=
"C:\\Documents and Settings\\Claudio\\Dados de aplicativos\\PowerChallenge\\Powe
rSoccer\\PowerSoccer.exe"=
"C:\\Arquivos de programas\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Globally
OpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [5/12/2009 06:22:0
7 47008]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\WINDOWS
\system32\drivers\sfsync03.sys [6/12/2005 13:11:18 35328]
R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6/11/2009 22:53:09 642560]
R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [9/7/2008 00:00:27 165584]
R2 Application Updater;Application Updater;C:\Arquivos de programas\Application
Updater\ApplicationUpdater.exe [8/1/2010 01:51:02 380928]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [9/7/2008 00:00:27
17744]
R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [5/12/2009 06:22:06 52824]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Arquivos de programas\Log
MeIn Hamachi\hamachi-2.exe [30/3/2010 12:16:12 1107336]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\drivers\HSFHWATI.sys [8/7/2008 22:25:20
211200]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\WINDOWS\system32\drivers\vcsv
ad.sys [26/8/2010 21:12:17 17792]
S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Updat
e\GoogleUpdate.exe [30/10/2010 13:54:21 136176]
S3 ViaUsbEtsDriver;Nokia 1508 USB Device Driver;C:\WINDOWS\system32\drivers\ViaU
sbEts.sys --> C:\WINDOWS\system32\drivers\ViaUsbEts.sys [?]
S3 ViaUsbModemDriver;Nokia 1508 Modem Driver;C:\WINDOWS\system32\drivers\ViaUsbM
odem.sys --> C:\WINDOWS\system32\drivers\ViaUsbModem.sys [?]
--- =Outros Serviços/Drivers Na Memória ---
*NewlyCreated* - WINVNC4
.
Conteúdo da pasta 'Tarefas Agendadas'
2010-12-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-30 15:54:21 .
2010-10-30 15:53:51]
2010-12-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-10-30 15:54:21 .
2010-10-30 15:53:51]
2010-12-06 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1757981266-6
82003330-1003.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02:42
. 2010-06-03 06:02:42]
2010-12-06 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1757981266-6
82003330-1004.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02:42
. 2010-06-03 06:02:42]
2010-12-06 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-17579812
66-682003330-1003.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02:42
. 2010-06-03 06:02:42]
2010-11-18 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-17579812
66-682003330-1004.job
- C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-06-03 06:02:42
. 2010-06-03 06:02:42]
.
.
------- Scan Suplementar -------
.
uStart Page = hxxp://www.google.com.br/
uInternet Settings,ProxyServer = 10.1.13.1:3128
IE: Convert link target to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.
0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Arquivos de programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat
7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Arquivos de programas\Adobe\Acro
bat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\
Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7
.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat\Ac
roIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - C:\Arquivos de programas\Adobe\Acrobat 7.0\Acrobat
\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3
000
IE: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Componen
t\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: {2A574D9B-A02A-4E6F-BB90-E20056021669} = 200.165.132.147,200.165.132.148
TCP: {2B135558-B340-48D1-930A-9C799E812C10} = 200.179.179.4,200.179.179.5,10.1.1
3.1
TCP: {2F787F03-5055-4E53-BC78-D2412BECCAB0} = 192.168.254.254
TCP: {69DDA374-7F5D-4EA6-8314-F431A32B1B1D} = 10.10.148.87,200.165.132.148
TCP: {EAFC7C9B-A307-47F1-B69F-98350EFEFF22} = 200.165.132.147,200.165.132.148
DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://www14.bancobrasil.com.br/p
lugin/GbpDist.cab
.
- - - - ORFÃOS REMOVIDOS - - - -
BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio Too
lbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Arquivos de programas\Dealio
Toolbar\IE\4.0.2\dealioToolbarIE.dll
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file)
HKLM-Run-SearchSettings - C:\Arquivos de programas\Search Settings\SearchSetting
s.exe
MSConfigStartUp-NokiaPCSuiteTray - C:\Arquivos de programas\Nokia\Nokia PC Suite
\LaunchApplication.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-12-06 17:05:46
Windows 5.1.2600 Service Pack 2 NTFS
Procurando processos ocultos ...
Procurando entradas auto inicializáveis ocultas ...
Procurando ficheiros/arquivos ocultos ...
Varredura completada com sucesso
arquivos/ficheiros ocultos: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer
.net
Windows 5.1.2600 Disk: TOSHIBA_MK6026GAX rev.PA200U -> Harddisk0\DR0 -> \Device\
Ide\IdeDeviceP0T0L0-3
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe catchme.sys >>UNKNOWN [0x8538B0E8]<<
C:\DOCUME~1\Claudio\CONFIG~1\Temp\catchme.sys
_asm { MOV EAX, 0x8538b008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x853d9eb4; RET ; AD
D [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EA
X], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x85366AB8]
\Driver\Disk[0x85367EF8] -> IRP_MJ_CREATE -> 0x8538B0E8
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; P
OP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP
MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;
}
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8538b0e8
user & kernel MBR OK
Warning: possible MBR rootkit infection !
**************************************************************************
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX
.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E
}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6A
F30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Carregadas Sob os Processos em Execução -----------------
----
- - - - - - - > 'winlogon.exe'(832)
C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll
C:\WINDOWS\system32\Ati2evxx.dll
.
Tempo para conclusão: 2010-12-06 17:09:08
ComboFix-quarantined-files.txt 2010-12-06 19:09:06
Pré-execução: 543.895.552 bytes disponíveis
Pós execução: 1.678.221.312 bytes disponíveis
WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
/noexecute=optin /fastdetect
- - End Of File - - BDAF1268082F6C59929DB8D57CE17CE9