Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

» Computador com erros no navegador
Sab Ago 29, 2015 8:04 pm por joram

» Justiça determina que PSafe retire alertas desleais
Qua Ago 19, 2015 6:58 am por joram

» Google vai fazer buscas offline internas no desktop do seu PC
Ter Ago 18, 2015 8:19 am por joram

» Baidu lança buscador no Brasil!
Seg Ago 17, 2015 12:25 pm por joram

» Kaspersky é acusada de inventar vírus!
Sex Ago 14, 2015 3:32 pm por joram

Dezembro 2016

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Analise de rotina, log para analise.

    Compartilhe

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Analise de rotina, log para analise.

    Mensagem por Edvan em Seg Jul 08, 2013 4:38 pm

    Amigo é o seguinte, aparentemente o pc que trabalho está funcionando perfeitamente, porem resolvi postar um log para ver se tem alguma coisa anormal.

    Link [Você precisa estar registrado e conectado para ver este link.]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 8:18 am

    Bom Dia! Edvan

    |- Pelo log,não vi malwares em seu PC.

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    silentrunners;
    autoclean; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". <- Aguarde!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
    #####

    O4 - HKCU\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
    O4 - HKUS\S-1-5-21-1957994488-583907252-839522115-500\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
    O47 - AAKE:Key Export SP - "C:\Arquivos de programas\DMMultiView\MultiView.exe" [Enabled] .(...) -- C:\Arquivos de programas\DMMultiView\MultiView.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe" [Enabled] .(...) -- C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe (.not file.)
    O69 - SBI: SearchScopes [HKCU] {90B79F7D-E3FD-43DC-B437-E80230D903A8} - (Ask Search) - [Você precisa estar registrado e conectado para ver este link.]

    proxyfix
    firewallraz
    sysrestore

    #####
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Analise de rotina, log para analise.

    Mensagem por Edvan em Ter Jul 09, 2013 9:37 am

    Zoek.exe Version 4.0.0.3 Updated 05-July-2013
    Tool run by Administrador on 09/07/2013 at 10:17:45,15.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected

    ==== System Restore Info ======================

    09/07/2013 10:17:56 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{90B79F7D-E3FD-43DC-B437-E80230D903A8} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default

    user.js not found
    ---- Lines ask.com removed from prefs.js ----

    user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

    ---- Lines ask.com modified from prefs.js ----


    ---- FireFox user.js and prefs.js backups ---- 

    prefs_072013_1020_.backup

    ProfilePath: C:\Documents and Settings\f003300\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default

    user.js not found
    ---- Lines ask.com removed from prefs.js ----


    ---- Lines ask.com modified from prefs.js ----


    ---- FireFox user.js and prefs.js backups ---- 

    prefs_072013_1020_.backup

    ==== Deleting Files \ Folders ======================

    "C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini" deleted
    "C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk" deleted

    ==== Firefox Extensions ======================

    ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
    - avast Online Security - C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF
    - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    - Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

    ==== Firefox Plugins ======================

    Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
    ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
    D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
    3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
    3A523765D795DB006C010B915C3A840A - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
    42A9B216A7A288512CE2F9A6BCCE96BC - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    9013599B12923A45C029C34E8D2211AC - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
    AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
    CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
    76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
    02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
    F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
    BF2AD333C79072EEBE5AE0D72670E64E - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight


    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{86122936-B263-4bcf-9F1E-3BA652211805}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
    {86122936-B263-4bcf-9F1E-3BA652211805} Yahoo  Url="http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD"
    {982334AF-6893-4efc-ACB2-00445C87E7EE} Google  Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}"

    ==== Silent Runners ======================

    "Silent Runners.vbs", revision 69.2, [Você precisa estar registrado e conectado para ver este link.]
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
    Google Update = "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [Google Inc.]
    MSMSGS = "C:\Arquivos de programas\Messenger\msmsgs.exe" /background [MS]
    uTorrent = "C:\Arquivos de programas\uTorrent\uTorrent.exe"  /MINIMIZED [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    IgfxTray = C:\WINDOWS\system32\igfxtray.exe [Intel Corporation]
    HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
    Persistence = C:\WINDOWS\system32\igfxpers.exe [Intel Corporation]
    avast = "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
    EaseUS EPM tray = C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [CHENGDU YIWO Tech Development Co., Ltd]
    BCU = "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe" [DeviceVM, Inc.]
    Adobe ARM = "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
    SunJavaUpdateSched = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Facilitador de Leitor de Link Adobe PDF
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\ssv.dll [Oracle Corporation]

    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
      -> {HKLM...CLSID} = avast! WebRep
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar Notifier BHO
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal
      -> {HKLM...CLSID} = HyperTerminal Icon Ext
                       \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

    {472083B0-C522-11CF-8763-00608CC02F24} = avast
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
      -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
      -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons
      -> {HKLM...CLSID} = NeroCoverEdLiveIcons Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

    {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
      -> {HKLM...CLSID} = NeroDigitalIconHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
      -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
      -> {HKLM...CLSID} = Icaros Thumbnail Provider
                       \InProcServer32\(Default) = C:\Arquivos de programas\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology]

    {BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} = Sorcerer Shell Extension
      -> {HKLM...CLSID} = Sorcerer Shell Extension
                       \InProcServer32\(Default) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006SX.DLL [Software 2000 Limited]

    {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> igfxcui\DLLName = igfxdev.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
      -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
      -> {HKLM...CLSID} = HxProtocol Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
      -> {HKLM...CLSID} = NeroCoverEdContextMenu Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
      -> {HKLM...CLSID} = MBAMShlExt Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
      -> {HKLM...CLSID} = GraphicsShellExt Class
                       \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
      -> {HKLM...CLSID} = NeroDigitalColumnHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
      -> {HKLM...CLSID} = PDF Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
      -> {HKLM...CLSID} = MBAMShlExt Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Policies\Microsoft\Windows\System\

    disablecmd = (REG_DWORD) dword:0x00000000
    {User Configuration|Administrative Templates|System|
    Disable the command prompt}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    Wallpaper = C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    BridgeCS4ImportMediaOnArrival\
    Provider = Adobe Bridge CS4
    InvokeProgID = Adobe.adobebridge
    InvokeVerb = launch
    HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Arquivos de programas\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

    MPCPlayBluRayOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayBlurayMovie
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]

    MPCPlayCDAudioOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayCDAudio
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]

    MPCPlayDVDMovieOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayDVDMovie
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]

    MPCPlayMusicFilesOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayMusicFiles
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

    MPCPlayVideoFilesOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayVideoFiles
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

    MSWPDShellNamespaceHandler\
    Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine =  
      -> {HKLM...CLSID} = WPDShextAutoplay
                       \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]


    Enabled Scheduled Tasks: {++}
    ------------------------

    Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
    avast! Emergency Update -> launches: C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
    GoogleUpdateTaskMachineCore -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskMachineUA -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500Core -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500UA -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    User_Feed_Synchronization-{4A43C29C-545F-4A8A-81C5-36482BBCEFE2} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
    User_Feed_Synchronization-{59086E34-7A55-4167-9858-E8C4D4A099AE} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000004\LibraryPath = C:\Arquivos de programas\Bonjour\mdnsNSP.dll [Apple Computer, Inc.]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      -> {HKLM...CLSID} = Google Toolbar
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
      -> {HKLM...CLSID} = avast! WebRep
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    Explorer Bars

    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Pesquisar
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    ButtonText = Research
    BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      -> {HKLM...CLSID} = &Pesquisar
                       \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    MenuText = @xpsp3res.dll,-20001
    Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    ButtonText = Messenger
    MenuText = Windows Messenger
    Exec = C:\Arquivos de programas\Messenger\msmsgs.exe [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} = ?iw
      -> {HKLM...CLSID} = SearchHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll [DeviceVM, Inc.]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" [Apple Computer, Inc.]
    avast! Antivirus, avast! Antivirus, "C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
    Browser Configuration Utility Service, BCUService, C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe [DeviceVM, Inc.]
    Java Quick Starter, JavaQuickStarterService, "C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
    Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]}
    NMIndexingService, NMIndexingService, "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe" [Nero AG]
    Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]}
    TeamViewer 8, TeamViewer8, "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <<!>> PEVSystemStart, Service

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> PEVSystemStart, Service


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    CPCA Language Monitor2\Driver = AUCPLMNT.DLL [CANON INC.]
    CPCA Language Monitor3\Driver = CNAS0MMK.DLL [Canon Inc.]
    PDFCreator\Driver = pdfcmnnt.dll [null data]


    <<H>>: Suspicious data at a browser hijack point.


    ==== Empty IE Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\Administrador\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f003300\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f004044\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default\Cache emptied successfully
    C:\Documents and Settings\f003300\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found
    "C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found

    ==== EOF on 09/07/2013 at 10:28:48,82 ======================

     

    Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
    Fichier d'export Registre : 
    Run by Administrador at 09/07/2013 10:35:39
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    NOT FOUND SearchScopes :{90B79F7D-E3FD-43DC-B437-E80230D903A8}

    ========== Registry Value ==========
    DELETED RunValue: uTorrent
    NOT FOUND RunValue: uTorrent
    DELETED AAKE KeyValue: C:\Arquivos de programas\DMMultiView\MultiView.exe
    DELETED AAKE KeyValue: C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    No Value in Domain Profile Register Key FirewallRaz : 
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== File ==========
    NOT FOUND File: c:\arquivos de programas\utorrent\utorrent.exe
    NOT FOUND File: c:\arquivos de programas\dmmultiview\multiview.exe
    NOT FOUND File: c:\arquivos de programas\ip camera wizard\ipcamwizard.exe

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    1 : Registry Key
    12 : Registry Value
    3 : File
    1 : Restoration


    End of clean in 00mn 06s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 09/07/2013 10:35:40 [1390]

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 10:09 am

    Bom Dia! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Execute-a!
    |- Com a checkbox marcada! ( Remove disinfection tools )
    |- Clique "Run".
    |- Tudo Ok?  afro 

    Abs!

    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Analise de rotina, log para analise.

    Mensagem por Edvan em Ter Jul 09, 2013 10:41 am

    Tudo ok meu amigo!.Very Happy 

    # DelFix v10.3 - Logfile created 09/07/2013 at 11:37:55
    # Updated 08/06/2013 by Xplode
    # Username : Administrador - FUN0034
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\Administrador\Desktop\zoek.exe
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ########## - EOF - ##########

    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 608
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 11:47 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Analise de rotina, log para analise.

    Mensagem por Conteúdo patrocinado Hoje à(s) 12:59 pm


      Data/hora atual: Sex Dez 02, 2016 12:59 pm