Sign in to follow this  
Followers 0
Maloid

Provavel Virus

10 posts in this topic

Olá.

O problema começou ontem. Estava acessando páginas normalmente e começou de repente quando tenntei acessar o YouTube e ocorreu um erro dizendo que precisava de uma atualização do Java Security Defencer e uma janela de download do arquivo jxpiinstall.exe, o qual baixei, mas não executei, passei antivirus e o Ad-Ware o identificou como malicioso e o excluiu. Depois fiz escaneamento no PC com o Avast, Ad-ware, Bankerfix e Malwarebytes e nada foi encontrado. Hoje tentei acessar o Youtube novamente e o erro continua, porém, agora o arquivo que aparece é outro avast_internet_security_setup.exe.

Peço ajuda.

Segue log do Hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 20:12:31, on 13/09/2012

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v9.00 (9.00.8112.16448)

Running processes:

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Users\Marcelo\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.254:3128

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O11 - Options group: [iNTERNATIONAL] International

O13 - Gopher Prefix:

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Share this post


Link to post
Share on other sites

Olá,

Você configurou esse proxy no Internet Explorer?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.16.10.254:3128

Faça o download do BankerFix:

http://www.linhadefensiva.org/dl/bankerfix

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em UAC_icon.png Executar como administrador

Importante: A ferramenta irá finalizar o Internet Explorer. Salve qualquer link que você precisa acessar depois antes de executá-la.

Dê dois cliques no bankerfix.exe para executá-lo.

Clique em OK na primeira e [CANCELAR] na segunda tela para impedir a execução do BankerFix.

Feito isso, vá em C:\LinhaDefensiva\ e execute o arquivo Iniciar-Bankerfix.vbs. Confirme que deseja atualizar o software e em [OK] para executar o software.

Quando ele executar, aparecerá uma tela preta pedindo para que aperte qualquer tecla. Tecle Enter e espere ele terminar. Pode levar algum tempo.

Ao terminar, leia a mensagem na tela e aperte Enter novamente. Quando ele terminar, poste o arquivo relatorio.txt localizado em: C:\LinhaDefensiva\relatorio.txt

Share this post


Link to post
Share on other sites

Olá.

Não configurei nenhum proxi.

Não sei como, mas o Youtube voltou a funcionar hoje.

O relatório do bankerfix mostrou apenas isso:

BankerFix 3.5 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2012-09-14 - 18:48

-------------------------------------------------------

Lista de Definição: 2012-08-22-1 | CORE: 2012-08-22-6

=======================================================

----- Fim -------------------------

Att.

Share this post


Link to post
Share on other sites

Faça o download do Malwarebytes Anti-Malware

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

  • Faça a instalação dando um duplo clique em mbam-setup.exe.
  • Marque Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em Concluir.
    OBS: Se você tiver problemas ao atualizar o MalwareBytes' Anti-Malware. Baixe a atualização manualmente aqui e de um duplo clique em mbam-rules.exe para instalar.
  • Marque Verificação Completa e depois clique em Verificar.
  • Quando o scan terminar, clique em Ok e em Mostrar Resultados para ver o log.
  • Se algo for detectado, veja se tudo está marcado e clique em Remover.
  • O log é automaticamente gravado e pode ser consultado clicando em Logs do menu principal do programa.
  • Copie e cole o conteúdo desse log na sua próxima resposta.

Em seguida:

Baixe OTL by OldTimer, e salve na sua área de trabalho.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar%20como%20administrador.png

Feche todas as janelas e execute a ferramenta.

Onde diz Saída, marque Padrão

Marque também estas opções:

  • Usar WhiteList para Nomes de Companhias.
  • Verificar Lop
  • Verificar Purity

Selecione estas linhas em vermelho, clique com o direito sobre a seleção, e escolha a opção copiar

drives

netsvcs

%SYSTEMDRIVE%\*.*

%systemdrive%\drivers\*.exe

%systemroot%\system32\drivers\*.* /90

%PROGRAMFILES%(x86)\*.*

%LOCALAPPDATA%\*.exe

%LOCALAPPDATA%\*.txt

%LOCALAPPDATA%\*.ini

%LOCALAPPDATA%\*.dll

%LOCALAPPDATA%\*.dat

%USERPROFILE%\*.exe

%USERPROFILE%\*.txt

%USERPROFILE%\*.ini

%USERPROFILE%\*.dll

%USERPROFILE%\*.dat /30

C:\windows\system32\Tasks\*.* /s /64

%windir%\tasks\*.*

CREATERESTOREPOINT

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments

%systemdrive%\$Recycle.Bin|@;true;true;true

Volte ao programa, clique com o direito em qualquer parte branca da sessão Exames Personalizados/Correções e escolha colar

Clique no botão Verificar

Não modifique nenhuma outra configuração, a menos que tenha sido orientado (a) a fazer isso.

O exame demora um pouco, tenha paciência.

Quando terminar, dois blocos de notas serão exibidos: OTL.txt e Extras.txt

Ambos ficarão salvos dentro do mesmo diretório onde está o OTL.exe, ou seja, na sua área de trabalho.

Copie todo o conteúdo do Extras.txt e cole na sua resposta.

Anexe o arquivo OTL.txt

OBS: Caso os logs fiquem muito grandes e exceda o limite do forum, envie-os para um arquivo .zip ou .rar e anexe-os à sua resposta.

:legal:

Share this post


Link to post
Share on other sites

Olá.

Feito.

  • Segue o log do Anti-Malware:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Versão da Base de Dados: v2012.09.10.04

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Marcelo :: MARCELO-PC [administrador]

15/09/2012 15:33:39

mbam-log-2012-09-15 (15-33-39).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|)

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 413956

Tempo decorrido: 49 minuto(s), 16 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

  • Segue log Extras.txt

OTL Extras logfile created on: 15/09/2012 16:43:11 - Run 1

OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Marcelo\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy

3,97 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 50,51% Memory free

7,93 Gb Paging File | 6,01 Gb Available in Paging File | 75,75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 34,08 Gb Total Space | 0,61 Gb Free Space | 1,79% Space Free | Partition Type: NTFS

Drive D: | 239,26 Gb Total Space | 159,72 Gb Free Space | 66,76% Space Free | Partition Type: NTFS

Computer Name: MARCELO-PC | User Name: Marcelo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15385136-083A-444B-ABBD-44C2E3D07E10}" = lport=445 | protocol=6 | dir=in | app=system |

"{17FCA197-7EAB-4D05-89B3-124457F92E98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{21746ADD-5A31-4510-8377-6575B191D5C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2C72ED2D-7D64-4831-BD7F-5C669CF681DC}" = rport=139 | protocol=6 | dir=out | app=system |

"{2D005AB0-1CF0-45BA-967A-72E9FAF857D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2FD9B15B-08E7-43E6-A1D9-4813A4F68E91}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{34408E38-5538-4D99-A481-1C360CF324B7}" = lport=137 | protocol=17 | dir=in | app=system |

"{3D952DA3-7D62-477F-8570-B2341F38E595}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{3DCEE59F-C9D2-40DE-9B7F-140F7BBD68AE}" = lport=138 | protocol=17 | dir=in | app=system |

"{5AB99898-8B20-4114-A292-8EAFBA7E1BFB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5E4538C5-ACAF-4C0A-AD13-8B70135AD175}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{6E172356-AFFD-419D-AA7A-64935E47B685}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7D1D63CE-00C8-4882-B802-3DC8D7B77E92}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{7E0AA2A3-2939-4612-992D-E85C402DC087}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8AA830D6-A2F1-4E1C-83DD-9E4A8BA66BD0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{91B89AC9-0D85-4D2E-8D42-0C06E31487F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9461C7B7-1229-4A6B-89B6-C82190D357C2}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |

"{B2936F1C-3B0E-4F31-9267-6A651815D0F3}" = lport=139 | protocol=6 | dir=in | app=system |

"{B3F1832D-FAC9-42ED-A57B-44AE87CFCAEE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B4FD6159-1594-4E54-8071-909038B3789D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B8A6B4A5-29CE-47B8-8C35-6F1057329705}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BCCBE9D6-126E-4635-9E92-AA9FAF307E0F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{BD1E0858-B0E9-413F-B5DB-9EC1489FAC01}" = rport=10243 | protocol=6 | dir=out | app=system |

"{BF5A12A1-D75C-416C-A485-F291FC004A7E}" = rport=138 | protocol=17 | dir=out | app=system |

"{C0371D72-6D38-4586-8FA0-6521CEE9B41C}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C37D94BA-A1B8-487B-9850-B85BB9DA6E0C}" = rport=445 | protocol=6 | dir=out | app=system |

"{D88A5E88-0AD2-4960-AAFD-FF0A888D55A2}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |

"{E2C33794-1AF5-4D38-920C-21F35519A07F}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{004E3738-CDC0-4B15-AC4B-B6776DB69AA0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |

"{07560F03-301B-4C4B-A1B1-44E0D60F441B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{07DC13AA-347C-404E-A890-540EF6A400CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{0A853B35-D830-4C87-9B07-A8AA461ECFE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{0B664FDE-B60E-42D6-B67C-75B877072A3D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"{108D38D9-7A4C-41C8-803E-5E9A288290BC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{12CC5CA9-0572-4963-A972-A2C29297EF32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{12EE0CF0-519D-487D-9159-CC347EA08260}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{179738E1-A8F9-4D42-AB19-D56DAE76D394}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{2327F8E9-7E0B-4808-9314-5AF8C247E3AB}" = protocol=6 | dir=out | app=system |

"{2A811522-8EFB-434A-926B-20A7D20FF821}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2AE71CFA-2592-47FD-B0A5-CD780C1C8957}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{2C130403-5A88-4DD1-AA24-62082805B147}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{330C25AA-1DE3-4280-8D8D-9C31B7EA8640}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{33FCE934-57C7-48D1-AD6F-92A6AA629086}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{34860F51-38C0-4C72-9DA7-3B662B6F7FE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{39DCAE41-EB5C-4774-895E-515B2C55E2E1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{3F4E7B45-C751-4090-949F-A4791BC1465B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |

"{41A85892-5AC5-4DC0-934E-0BFE65BAB57B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |

"{426179E7-44D1-4DB3-86A2-992DD0427CC9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{493123C4-0BD3-4911-A555-C202087A512C}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\nova pasta\src\system\conviction_game.exe |

"{536A0024-2C72-4CB5-9F40-3C8DC87C34CC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{5BFB9EAB-A140-4E41-AE2B-4AEA67353F87}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{5F7C5F5E-90EA-4541-AF92-9F6C7364E87B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{62C9B411-8591-45D0-AB84-BA87559634CC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{62CB59B8-7D58-4EB7-92B7-FE5A63140293}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{64291EA8-D30F-44D7-A06F-81FC408C02CA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"{66817132-F83C-4F7E-A72C-E96D2FE22543}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"{6FE07353-DD56-4650-A99C-8EE0D80C6439}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{70B579A8-9679-4B03-93F3-B814DAA7347B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{72253ABB-C681-41BB-A639-48F199EE43C6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{730F37B6-D118-405E-B1A7-AFBE7C37625C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{78467AF9-1BBC-4F29-868E-1B8B571E18D8}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\diablo-iii-8370-enus-installer\diablo iii\diablo iii.exe |

"{7C04A92D-2BC4-4461-B528-E154ED968160}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{83744D09-B2D5-494C-AF5E-7FCA2A98335E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{8AB40E52-0B4B-4ED6-B2B4-0A5A964F35CC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |

"{8D625142-660D-462F-8342-3F7D6207CCD7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{90D3403F-3A8A-44EA-9E9D-3B3D5FEF4118}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{911228B1-FF8D-43D7-886E-9C6D7FDDA525}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{970604F1-3E99-429D-BDBD-43E456757FD9}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\diablo beta\diablo iii beta\diablo iii.exe |

"{998A3380-F316-45A7-A97A-3A7D10944B60}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9B81F710-68A8-45BC-821B-5947AE1136B5}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\diablo beta\diablo iii beta\diablo iii.exe |

"{9DE8E7D9-EF4C-49E6-B3A8-8B042670E0B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |

"{9E448822-1F92-494A-AC07-AA4CEED5A98A}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\league of legends\game\league of legends.exe |

"{A38374C3-3012-47D8-8979-E24EF0761C79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A45071D7-1CA2-427C-95B8-61ABA7BA95A8}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\league of legends\game\league of legends.exe |

"{A5C495F4-23E1-478B-81B5-132E13A639FE}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe |

"{ACB59C73-7643-468B-B584-3D3C26044FF6}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\nova pasta\src\system\conviction_game.exe |

"{B416FA50-3E3F-4799-90BB-43E156461B5A}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\nova pasta\src\system\gu.exe |

"{B6BC76AA-AB5F-431F-9A06-E19C273312DC}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{BB82073C-B920-4904-892A-DAFAAD969E07}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\diablo-iii-8370-enus-installer\diablo iii\diablo iii.exe |

"{BEB14167-12BD-4996-B7BE-02B7D3AEEBFD}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\league of legends\air\lolclient.exe |

"{C2A331BA-38C8-4090-B87F-C5EC8FD067D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{C6AABBFA-79F1-4EF9-8946-505F86F96C2A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CCE1C8D2-EC38-4DC6-9424-3F476AA7D8A7}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\league of legends\air\lolclient.exe |

"{D0BABD9E-A0AC-4612-ADEB-8FF9B6B5AA11}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{D338F469-EF71-4666-BC05-626215F930C0}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe |

"{D3BF4EEE-B2CD-498B-A217-6E8EEEB0730B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{DF907405-0941-40C1-A4C2-3E40571C9D92}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E137860E-FDE3-49A3-B3A2-79A3F64EA5E2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E56F2AA1-20E3-4C33-8D58-301F41093BB1}" = protocol=17 | dir=in | app=d:\mgarrett\jogos\diablo 3 beta\diablo iii beta\diablo iii.exe |

"{E7C2520D-FBEB-4FC3-B112-3BFD1E581BFB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"{EA1907D4-33AF-41C6-96F0-67ECBEF6DD98}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\diablo 3 beta\diablo iii beta\diablo iii.exe |

"{EC6C143F-52A2-415C-93C5-D66318418445}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe |

"{F720CC36-CF26-4DFF-8E5C-D8BF615F1492}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{F82AF56E-49A9-4235-AC03-C44810FFC1E5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{F993C8B8-738E-4659-8E09-B568CF3E6538}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FAE0FC5A-00A0-4F8D-9D8C-47E531606D87}" = protocol=6 | dir=in | app=d:\mgarrett\jogos\nova pasta\src\system\gu.exe |

"TCP Query User{060768D2-CBF0-4CA3-8F04-0D8BECF2D07A}D:\mgarrett\jogos\diablo-iii-8370-enus-installer-downloader.exe" = protocol=6 | dir=in | app=d:\mgarrett\jogos\diablo-iii-8370-enus-installer-downloader.exe |

"TCP Query User{0B9CBBB6-BDBB-45CD-8D7D-0DCB1F2CD4A5}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{0CF60F7B-C2AE-4937-8CA6-845F0DB9B0A2}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"TCP Query User{100C8C69-413B-43EB-BC9E-4E3E4002FC44}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"TCP Query User{2C830CDC-D614-4A59-A3D5-FE63BEEE23A6}D:\mgarrett\jogos\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=d:\mgarrett\jogos\league of legends\lol.launcher.exe |

"TCP Query User{2D08C10F-18B0-4170-8E80-8FAB6B6EFE34}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{2F978174-C051-4553-A520-14363A1F4FC9}D:\mgarrett\jogos\lineage2\system\l2.bin" = protocol=6 | dir=in | app=d:\mgarrett\jogos\lineage2\system\l2.bin |

"TCP Query User{40921313-F0A1-416A-B93F-67CAEBD836C1}D:\mgarrett\jogos\modern warfare 2\iw4mp.exe" = protocol=6 | dir=in | app=d:\mgarrett\jogos\modern warfare 2\iw4mp.exe |

"TCP Query User{64E66D73-F4AB-436C-8E08-4496CD1DE65F}C:\users\marcelo\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\marcelo\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{77E15D08-C33A-4A6E-A92D-65EB05082A6F}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"TCP Query User{784E8E24-7C9E-49B3-A680-816EB670F203}D:\mgarrett\jogos\cs\hl.exe" = protocol=6 | dir=in | app=d:\mgarrett\jogos\cs\hl.exe |

"TCP Query User{AC258BA3-43A4-4E18-B722-85A922B69888}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"TCP Query User{C7EDF148-64E5-4F74-AAEE-3D5AEB2539B4}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"TCP Query User{F2076596-7292-4477-9E51-5C04CE13969A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"TCP Query User{F63A7CA7-A1C9-44AE-99E9-38E3166C1E6F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{04DB6AB3-6718-41ED-B586-0F7836EFD9EF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |

"UDP Query User{188031BB-7D50-4048-8BA9-3FE5CC974629}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{1B4BCC10-A819-4521-A93F-19553F60FE84}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |

"UDP Query User{39342DF8-BED2-47B8-8D7C-C7B73DE84E93}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{5082E0CE-8872-4802-ACCF-9BFF511BCB4F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

"UDP Query User{7151F61D-6F36-4A23-AF4A-209B219A62D3}D:\mgarrett\jogos\modern warfare 2\iw4mp.exe" = protocol=17 | dir=in | app=d:\mgarrett\jogos\modern warfare 2\iw4mp.exe |

"UDP Query User{71535260-B318-47A5-A08B-7D78917E7A4C}D:\mgarrett\jogos\lineage2\system\l2.bin" = protocol=17 | dir=in | app=d:\mgarrett\jogos\lineage2\system\l2.bin |

"UDP Query User{7E5B10C5-9705-4C3E-8426-EB0DDDC6C2A8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{9EC639F8-39EF-4718-8861-CF113632A1B9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |

"UDP Query User{B85EB727-A2C6-460D-A484-27A492EB83EA}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |

"UDP Query User{B8FF0281-5A36-4E6A-BCDD-2E318851FD67}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |

"UDP Query User{C12096E1-D008-470C-A162-FE578D95BD9E}D:\mgarrett\jogos\cs\hl.exe" = protocol=17 | dir=in | app=d:\mgarrett\jogos\cs\hl.exe |

"UDP Query User{CB8CAE3A-9BC5-4E8C-9C1B-11CA0C61847F}D:\mgarrett\jogos\diablo-iii-8370-enus-installer-downloader.exe" = protocol=17 | dir=in | app=d:\mgarrett\jogos\diablo-iii-8370-enus-installer-downloader.exe |

"UDP Query User{E9DA462E-ADDA-4EAC-92ED-75FCA8A81536}D:\mgarrett\jogos\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=d:\mgarrett\jogos\league of legends\lol.launcher.exe |

"UDP Query User{F08601BD-1FC8-4F92-8A9F-3A622E708B39}C:\users\marcelo\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\marcelo\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{42CC891B-454A-AB88-3E31-5703A4CAA5C5}" = ATI Catalyst Install Manager

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0416-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{B7693CDE-074B-301C-9584-FC4343696C8B}" = Microsoft .NET Framework 4 Client Profile PTB Language Pack

"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support

"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center

"{DD6A6B0A-7F7D-7748-43B4-BF42CC779F0B}" = ccc-utility64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.8.0

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile PTB Language Pack" = Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER

"WinRAR archiver" = Arquivo do WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 26

"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech

"{3A9D04F7-80CA-4755-97EC-6025B515A6B8}" = League of Legends

"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New

"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German

"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish

"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian

"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista

"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth

"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional

"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher

"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese

"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish

"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish

"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian

"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English

"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2007

"{90120000-0015-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

"{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

"{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

"{90120000-0019-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

"{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2007

"{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007

"{90120000-001F-0416-0000-0000000FF1CE}_ENTERPRISE_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0416-1000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

"{90120000-0044-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

"{90120000-006E-0416-0000-0000000FF1CE}_ENTERPRISE_{51530CD1-8244-4E0F-B536-BCCC05325C7F}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

"{90120000-00A1-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

"{90120000-00BA-0416-0000-0000000FF1CE}_ENTERPRISE_{AD3E8EF1-E885-4068-BC73-16C0649FEBF0}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek

"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends

"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware

"{9582DC6C-2038-00B3-CC1A-41500CEEE8F5}" = Desafio Sebrae 2012

"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean

"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish

"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding

"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All

"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AC76BA86-7AD7-1046-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Português

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese

"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian

"{C7E636D6-835D-4EBA-87B5-412F857D7470}" = Creative Docs .NET

"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian

"{C9E1343D-E21E-4508-A1BE-04A089EC137D}" = Windows Live Messenger

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation

"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French

"8461-7759-5462-8226" = Vuze

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"avast" = avast! Free Antivirus

"CCleaner" = CCleaner (remove only)

"Diablo III" = Diablo III

"Ds" = Desafio Sebrae 2012

"ENTERPRISE" = Microsoft Office Enterprise 2007

"GT-6FxFloorboard" = GT-6FxFloorboard 20120215

"Guitar Pro 5_is1" = Guitar Pro 5.2

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.3.0

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versão 1.65.0.1400

"Mozilla Firefox 15.0.1 (x86 pt-BR)" = Mozilla Firefox 15.0.1 (x86 pt-BR)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"USB_AUDIO_DEusb-audio.deBehringer2902" = BEHRINGER USB AUDIO DRIVER

"Winamp" = Winamp (remove only)

"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Counter-Strike" = Counter-Strike

"Google Chrome" = Google Chrome

"NCsoft-Lineage2" = Lineage II

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 10/09/2012 16:38:19 | Computer Name = Marcelo-PC | Source = Lavasoft Ad-Aware Service | ID = 0

Description =

Error - 11/09/2012 01:16:37 | Computer Name = Marcelo-PC | Source = EventSystem | ID = 4621

Description =

Error - 11/09/2012 20:40:08 | Computer Name = Marcelo-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

Error - 12/09/2012 17:54:19 | Computer Name = Marcelo-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

Error - 12/09/2012 19:53:07 | Computer Name = Marcelo-PC | Source = Application Hang | ID = 1002

Description = O programa LolClient.exe versão 2.0.2.12610 parou de interagir com

o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema,

verifique o histórico de problemas no painel de controle da Central de Ações. ID

de Processo: dc0 Hora de Início: 01cd9138c5eb2500 Hora de Término: 20 Caminho do Aplicativo:

D:\MGarrett\Jogos\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.198\deploy\LolClient.exe

Id

do Relatório: fda73d7c-fd34-11e1-9380-00214fbf826d

Error - 13/09/2012 00:25:03 | Computer Name = Marcelo-PC | Source = EventSystem | ID = 4621

Description =

Error - 13/09/2012 04:30:10 | Computer Name = Marcelo-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

Error - 13/09/2012 06:40:04 | Computer Name = Marcelo-PC | Source = Application Error | ID = 1000

Description = Nome de aplicativo com falha: ThreatWork.exe, versão: 9.0.0.0, carimbo

de hora: 0x4ea67fc0 Nome do módulo de falhas: MSVCR90.dll, versão: 9.0.30729.6161,

carimbo de hora: 0x4dace5b9 Código de exceção: 0x40000015 Deslocamento com falha:

0x0005beae Identificação do processo com falha: 0x8e4 Hora de início do aplicativo

com falha: 0x01cd9186d38ce92b Caminho do aplicativo com falha: C:\Program Files

(x86)\Lavasoft\Ad-Aware\ThreatWork.exe FCaminho do módulo de falhas: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

Identificação

do Relatório: 6060decc-fd8f-11e1-9ec4-00214fbf826d

Error - 13/09/2012 23:49:08 | Computer Name = Marcelo-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

Error - 14/09/2012 23:32:02 | Computer Name = Marcelo-PC | Source = SideBySide | ID = 16842815

Description = Falha na geração de contexto de ativação para "c:\program files (x86)\spybot

- search & destroy\DelZip179.dll". Erro no arquivo de manifesto ou de diretiva

c:\program files (x86)\spybot - search & destroy\DelZip179.dll", na linha 8. O valor

"*" do atributo language no elemento assemblyIdentity é inválido.

[ System Events ]

Error - 13/09/2012 00:26:12 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: DMICall

Error - 13/09/2012 18:28:19 | Computer Name = Marcelo-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\DRIVERS\DMICall.sys foi impedido de carregar

devido a uma incompatibilidade com este sistema. Contate o fornecedor do software

para obter uma versão compatível do driver.

Error - 13/09/2012 18:28:32 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço eamonm devido ao seguinte erro:

%%2

Error - 13/09/2012 18:28:45 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: DMICall

Error - 13/09/2012 18:29:36 | Computer Name = Marcelo-PC | Source = DCOM | ID = 10010

Description =

Error - 14/09/2012 17:43:13 | Computer Name = Marcelo-PC | Source = Application Popup | ID = 1060

Description = \SystemRoot\SysWow64\DRIVERS\DMICall.sys foi impedido de carregar

devido a uma incompatibilidade com este sistema. Contate o fornecedor do software

para obter uma versão compatível do driver.

Error - 14/09/2012 17:43:24 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço eamonm devido ao seguinte erro:

%%2

Error - 14/09/2012 17:44:04 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7009

Description = Tempo limite esgotado (30000 milissegundos) ao aguardar a conexão

do serviço Apple Mobile Device.

Error - 14/09/2012 17:44:04 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7000

Description = Não foi possível iniciar o serviço Apple Mobile Device devido ao seguinte

erro: %%1053

Error - 14/09/2012 17:44:16 | Computer Name = Marcelo-PC | Source = Service Control Manager | ID = 7026

Description = Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema

ou de inicialização: DMICall

< End of report >

  • E em anexo segue o log OTL.txt

Obrigado.

OTL.Txt

Share this post


Link to post
Share on other sites

Como está o seu computador?

Faça o download do Security Check by screen317 clicando aqui ou aqui.

  • Salve no seu Desktop.
  • De um duplo clique no arquivo Securitycheck.exe e siga as instruções da tela.
  • Um bloco de notas será aberto automaticamente com o nome de checkup.txt; Poste o resultado deste documento.

Share this post


Link to post
Share on other sites

Meu computador tem funcionado normalmente.

Tenho evitado usá-lo mas os sites que estavam com aquele problema relatado no início voltaram a funcionar normalmente, inexplicavelmente.

segue o log:

Results of screen317's Security Check version 0.99.50

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Lavasoft Ad-Watch Live! Anti-Virus

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Ad-Aware

Spybot - Search & Destroy

Malwarebytes Anti-Malware versão 1.65.0.1400

CCleaner (remove only)

Java 6 Update 26

Java version out of Date!

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader X 10.1.0 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Ad-Aware AAWService.exe

Ad-Aware AAWTray.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: =

````````````````````End of Log``````````````````````

Att.

Share this post


Link to post
Share on other sites

  • Abra o OTL e clique no botão UQC5f.png
    Feche o OTL.
  • Faça o Download do Ccleaner Slim
    Se desejar, leia o tutorial do programa:
    http://linhadefensiv...showtopic=12395
    • Instale o programa
    • Clique em Registro > procurar erros > corrigir erros selecionados.
    • Depois, clique em Limpador > analisar > executar limpeza.

    [*]AdobeReader.png Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Remova a versão mais antiga do Adobe Reader e clique aqui para instalar a mais nova versão.

    [*]java2.png Versões antigas do Java, têm vulnerabilidades que alguns malwares podem usar para infectar seu sistema. Verifique se o seu sistema tem a última versão instalada:

    • Acesse o site Java.com/Download. Clique na opção Tenho o java?
    • Aguarde o site analisar qual é a sua versão do Java.
    • Se a versão for antiga, será oferecido o download da mais nova versão.
    • Clique em Faça o download do Java agora e instale a nova versão do Java.

    [*]Atualize o Flash Player:

    http://get.adobe.com/br/flashplayer/

    [*]Execute o Windows update para atualizar o seu sistema operacional:

    http://www.update.mi...r&&thankspage=5

    [*]Leia o artigo Proteja seu PC para maiores informações sobre como evitar infecções;

    [*]Se não há mais nenhum problema relacionado a malwares, clique no botão xQn5I.png e diga que o seu caso foi resolvido

Share this post


Link to post
Share on other sites

Olá.

O PC não apresenta mais aqueles sintomas do início, apenas percebo que o browser está mais lento que o de costume.

Executei todas as ações.

Agradeço pela atenção dispendida.

Um abraço!

Share this post


Link to post
Share on other sites

PROBLEMA RESOLVIDO


Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.