Fórum SecSecurity

Implementando Limpeza e Seguranca em seu computador!

Palavras chave

Últimos assuntos

» Virus Total ( ... de virustotal.com )
Dom Jun 11, 2017 9:21 am por joram

» RogueKiller ( ... by adlice.com )
Dom Jun 04, 2017 8:36 pm por joram

» Sophos Virus Removal Tool ( ... by Sophos.com )
Dom Maio 21, 2017 4:44 pm por joram

» 9-Lab Malware Removal Tool ( ... by 9-lab.com )
Sab Dez 31, 2016 4:24 am por joram

» SFCFix ( ... de niemiro )
Sab Dez 24, 2016 9:29 am por joram

» ResetBrowser ( ... de Nicolas Coolman )
Ter Maio 31, 2016 5:58 am por joram

» herdProtectScan ( ... by herdprotect.com )
Seg Mar 07, 2016 10:58 pm por joram

» Emsisoft Emergency Kit ( ... by Emsisoft.com )
Dom Fev 28, 2016 5:40 am por joram

» Dr.WEB Link Checker ( ... by Doctor Web.Ltd )
Qui Fev 11, 2016 9:51 am por joram

Junho 2017

SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
2627282930  

Calendário Calendário

Parceiros

Fórum grátis

Os membros mais marcados


    Analise de rotina, log para analise.

    Compartilhe
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Analise de rotina, log para analise.

    Mensagem por Edvan em Seg Jul 08, 2013 4:38 pm

    Amigo é o seguinte, aparentemente o pc que trabalho está funcionando perfeitamente, porem resolvi postar um log para ver se tem alguma coisa anormal.

    Link [Você precisa estar registrado e conectado para ver este link.]
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 613
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 8:18 am

    Bom Dia! Edvan

    |- Pelo log,não vi malwares em seu PC.

    -/-

    |- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... by Smeenk )

    |- Ou aqui! < [Você precisa estar registrado e conectado para ver este link.] >

    |- Salve-o no desktop!
    |- Desabilite seu antivírus!
    |- Para Windows 7,execute zoek.exe como administrador.

    silentrunners;
    autoclean; 
    emptyalltemp;
     

    |- Copie e cole estas informações,em vermelho,no campo da ferramenta.
    |- Clique "Run Script". <- Aguarde!

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Aceite e/ou confirme o reboot!

    zoek.hta failed by unknown error.
    Restart computer, and try again.
    |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
    |- Poste o relatório,que estará em C:\zoek-results.txt << 

    -/-

    |- Feche programas/pastas que estejam abertas.
    |- Feche,também,o navegador!
    |- Para Windows Vista,desabilite a [Você precisa estar registrado e conectado para ver este link.].

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
    |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
    #####

    O4 - HKCU\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
    O4 - HKUS\S-1-5-21-1957994488-583907252-839522115-500\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
    O47 - AAKE:Key Export SP - "C:\Arquivos de programas\DMMultiView\MultiView.exe" [Enabled] .(...) -- C:\Arquivos de programas\DMMultiView\MultiView.exe (.not file.)
    O47 - AAKE:Key Export SP - "C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe" [Enabled] .(...) -- C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe (.not file.)
    O69 - SBI: SearchScopes [HKCU] {90B79F7D-E3FD-43DC-B437-E80230D903A8} - (Ask Search) - [Você precisa estar registrado e conectado para ver este link.]

    proxyfix
    firewallraz
    sysrestore

    #####
    |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
    |- Minimize o Bloco de Notas.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Clique no menu,"Paste ClipBoard".
    |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

    [Você precisa estar registrado e conectado para ver este link.]

    |- Clique "GO" -> Oui.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
    |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

    Abs!
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Analise de rotina, log para analise.

    Mensagem por Edvan em Ter Jul 09, 2013 9:37 am

    Zoek.exe Version 4.0.0.3 Updated 05-July-2013
    Tool run by Administrador on 09/07/2013 at 10:17:45,15.
    Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
    Running in: Normal Mode Internet Access Detected

    ==== System Restore Info ======================

    09/07/2013 10:17:56 Zoek.exe System Restore Point Created Succesfully.

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{90B79F7D-E3FD-43DC-B437-E80230D903A8} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default

    user.js not found
    ---- Lines ask.com removed from prefs.js ----

    user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

    ---- Lines ask.com modified from prefs.js ----


    ---- FireFox user.js and prefs.js backups ---- 

    prefs_072013_1020_.backup

    ProfilePath: C:\Documents and Settings\f003300\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default

    user.js not found
    ---- Lines ask.com removed from prefs.js ----


    ---- Lines ask.com modified from prefs.js ----


    ---- FireFox user.js and prefs.js backups ---- 

    prefs_072013_1020_.backup

    ==== Deleting Files \ Folders ======================

    "C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini" deleted
    "C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk" deleted

    ==== Firefox Extensions ======================

    ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
    - avast Online Security - C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF
    - Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    - Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

    ==== Firefox Plugins ======================

    Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
    ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
    D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
    3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
    3A523765D795DB006C010B915C3A840A - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
    42A9B216A7A288512CE2F9A6BCCE96BC - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    9013599B12923A45C029C34E8D2211AC - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
    AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
    CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
    76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
    02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
    F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
    BF2AD333C79072EEBE5AE0D72670E64E - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight


    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com/"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{86122936-B263-4bcf-9F1E-3BA652211805}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
    {86122936-B263-4bcf-9F1E-3BA652211805} Yahoo  Url="http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD"
    {982334AF-6893-4efc-ACB2-00445C87E7EE} Google  Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}"

    ==== Silent Runners ======================

    "Silent Runners.vbs", revision 69.2, [Você precisa estar registrado e conectado para ver este link.]
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
    Google Update = "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [Google Inc.]
    MSMSGS = "C:\Arquivos de programas\Messenger\msmsgs.exe" /background [MS]
    uTorrent = "C:\Arquivos de programas\uTorrent\uTorrent.exe"  /MINIMIZED [file not found]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    IgfxTray = C:\WINDOWS\system32\igfxtray.exe [Intel Corporation]
    HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
    Persistence = C:\WINDOWS\system32\igfxpers.exe [Intel Corporation]
    avast = "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
    EaseUS EPM tray = C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [CHENGDU YIWO Tech Development Co., Ltd]
    BCU = "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe" [DeviceVM, Inc.]
    Adobe ARM = "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
    SunJavaUpdateSched = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Facilitador de Leitor de Link Adobe PDF
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]

    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\ssv.dll [Oracle Corporation]

    {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
      -> {HKLM...CLSID} = avast! WebRep
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    {AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar Notifier BHO
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]

    {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
      -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
                       \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    {88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal
      -> {HKLM...CLSID} = HyperTerminal Icon Ext
                       \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

    {472083B0-C522-11CF-8763-00608CC02F24} = avast
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    {B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll [MS]

    {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
      -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
      -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons
      -> {HKLM...CLSID} = NeroCoverEdLiveIcons Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

    {B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
      -> {HKLM...CLSID} = NeroDigitalIconHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
      -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
      -> {HKLM...CLSID} = Icaros Thumbnail Provider
                       \InProcServer32\(Default) = C:\Arquivos de programas\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology]

    {BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} = Sorcerer Shell Extension
      -> {HKLM...CLSID} = Sorcerer Shell Extension
                       \InProcServer32\(Default) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006SX.DLL [Software 2000 Limited]

    {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> igfxcui\DLLName = igfxdev.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

    <<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
      -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                       \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

    <<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
      -> {HKLM...CLSID} = HxProtocol Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [MS]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
      -> {HKLM...CLSID} = NeroCoverEdContextMenu Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

    00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
      -> {HKLM...CLSID} = MBAMShlExt Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

    7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
      -> {HKLM...CLSID} = 7-Zip Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

    igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
      -> {HKLM...CLSID} = GraphicsShellExt Class
                       \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

    {7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
      -> {HKLM...CLSID} = NeroDigitalColumnHandler Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

    {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
      -> {HKLM...CLSID} = (no title provided)
                       \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
      -> {HKLM...CLSID} = PDF Shell Extension
                       \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

    avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
      -> {HKLM...CLSID} = avast
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

    MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
      -> {HKLM...CLSID} = MBAMShlExt Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

    {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

    NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
      -> {HKLM...CLSID} = NBShellHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

    WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      -> {HKLM...CLSID} = WinRAR
                       \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Policies\Microsoft\Windows\System\

    disablecmd = (REG_DWORD) dword:0x00000000
    {User Configuration|Administrative Templates|System|
    Disable the command prompt}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    Wallpaper = C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    Wallpaper = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    BridgeCS4ImportMediaOnArrival\
    Provider = Adobe Bridge CS4
    InvokeProgID = Adobe.adobebridge
    InvokeVerb = launch
    HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Arquivos de programas\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

    MPCPlayBluRayOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayBlurayMovie
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]

    MPCPlayCDAudioOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayCDAudio
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]

    MPCPlayDVDMovieOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayDVDMovie
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]

    MPCPlayMusicFilesOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayMusicFiles
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

    MPCPlayVideoFilesOnArrival\
    Provider = Media Player Classic
    InvokeProgID = MediaPlayerClassic.Autorun
    InvokeVerb = PlayVideoFiles
    HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

    MSWPDShellNamespaceHandler\
    Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
    CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
    InitCmdLine =  
      -> {HKLM...CLSID} = WPDShextAutoplay
                       \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]


    Enabled Scheduled Tasks: {++}
    ------------------------

    Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
    avast! Emergency Update -> launches: C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
    GoogleUpdateTaskMachineCore -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskMachineUA -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500Core -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /c [Google Inc.]
    GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500UA -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
    User_Feed_Synchronization-{4A43C29C-545F-4A8A-81C5-36482BBCEFE2} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
    User_Feed_Synchronization-{59086E34-7A55-4167-9858-E8C4D4A099AE} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
    000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
    000000000004\LibraryPath = C:\Arquivos de programas\Bonjour\mdnsNSP.dll [Apple Computer, Inc.]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    {2318C2B1-4965-11D4-9B18-009027A5CD4F}
      -> {HKLM...CLSID} = Google Toolbar
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    {8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
      -> {HKLM...CLSID} = avast! WebRep
                       \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

    {2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
      -> {HKLM...CLSID} = Google Toolbar
                       \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

    Explorer Bars

    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Pesquisar
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\
    ButtonText = Research
    BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
      -> {HKLM...CLSID} = &Pesquisar
                       \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

    {E2E2DD38-D088-4134-82B7-F2BA38496583}\
    MenuText = @xpsp3res.dll,-20001
    Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    ButtonText = Messenger
    MenuText = Windows Messenger
    Exec = C:\Arquivos de programas\Messenger\msmsgs.exe [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
    <<H>> {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} = ?iw
      -> {HKLM...CLSID} = SearchHook Class
                       \InProcServer32\(Default) = C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll [DeviceVM, Inc.]


    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" [Apple Computer, Inc.]
    avast! Antivirus, avast! Antivirus, "C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
    Browser Configuration Utility Service, BCUService, C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe [DeviceVM, Inc.]
    Java Quick Starter, JavaQuickStarterService, "C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
    Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]}
    NMIndexingService, NMIndexingService, "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe" [Nero AG]
    Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]}
    TeamViewer 8, TeamViewer8, "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]


    Safe Mode Drivers & Services (subkey name, subkey default value):
    -----------------------------------------------------------------

    HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

    <<!>> PEVSystemStart, Service

    HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

    <<!>> PEVSystemStart, Service


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    CPCA Language Monitor2\Driver = AUCPLMNT.DLL [CANON INC.]
    CPCA Language Monitor3\Driver = CNAS0MMK.DLL [Canon Inc.]
    PDFCreator\Driver = pdfcmnnt.dll [null data]


    <<H>>: Suspicious data at a browser hijack point.


    ==== Empty IE Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\Administrador\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f003300\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\f004044\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
    C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

    ==== Empty FireFox Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default\Cache emptied successfully
    C:\Documents and Settings\f003300\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default\Cache emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\RECYCLER successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found
    "C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found

    ==== EOF on 09/07/2013 at 10:28:48,82 ======================

     

    Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
    Fichier d'export Registre : 
    Run by Administrador at 09/07/2013 10:35:39
    High Elevated Privileges : OK
    Windows XP Professional Service Pack 3 (Build 2600)

    Recycle Files Deleted

    ========== Registry Key ==========
    NOT FOUND SearchScopes :{90B79F7D-E3FD-43DC-B437-E80230D903A8}

    ========== Registry Value ==========
    DELETED RunValue: uTorrent
    NOT FOUND RunValue: uTorrent
    DELETED AAKE KeyValue: C:\Arquivos de programas\DMMultiView\MultiView.exe
    DELETED AAKE KeyValue: C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe
    ProxyFix : Proxy killed successfully
    DELETED ProxyServer Value
    DELETED ProxyEnable Value
    DELETED EnableHttp1_1 Value
    DELETED ProxyHttp1.1 Value
    DELETED ProxyOverride Value
    No Value in Domain Profile Register Key FirewallRaz : 
    No Value in Firewall Exception Register Key (FirewallRaz)

    ========== File ==========
    NOT FOUND File: c:\arquivos de programas\utorrent\utorrent.exe
    NOT FOUND File: c:\arquivos de programas\dmmultiview\multiview.exe
    NOT FOUND File: c:\arquivos de programas\ip camera wizard\ipcamwizard.exe

    ========== Restoration ==========
    Restore System Point created succefully


    ========== Summary ==========
    1 : Registry Key
    12 : Registry Value
    3 : File
    1 : Restoration


    End of clean in 00mn 06s

    ========== Report File ==========
    C:\ZHP\ZHPFix[R1].txt - 09/07/2013 10:35:40 [1390]
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 613
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 10:09 am

    Bom Dia! Edvan

    |- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Estando na página,clique na seta verde para o download
    |- Salve-a em um local conveniente! ( desktop! )
    |- Feche aplicativos que estejam abertos.

    [Você precisa estar registrado e conectado para ver esta imagem.]

    |- Execute-a!
    |- Com a checkbox marcada! ( Remove disinfection tools )
    |- Clique "Run".
    |- Tudo Ok?  afro 

    Abs!
    avatar
    Edvan
    Membro
    Membro

    Mensagens : 428
    Data de inscrição : 14/02/2013
    Idade : 36
    Localização : Natal/RN

    Re: Analise de rotina, log para analise.

    Mensagem por Edvan em Ter Jul 09, 2013 10:41 am

    Tudo ok meu amigo!.Very Happy 

    # DelFix v10.3 - Logfile created 09/07/2013 at 11:37:55
    # Updated 08/06/2013 by Xplode
    # Username : Administrador - FUN0034
    # Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

    ~ Removing disinfection tools ...

    Deleted : C:\ZHP
    Deleted : C:\Arquivos de programas\ZHPDiag
    Deleted : C:\PhysicalDisk0_MBR.bin
    Deleted : C:\zoek-results.log
    Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
    Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPFixReport.txt
    Deleted : C:\Documents and Settings\Administrador\Desktop\zoek.exe
    Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
    Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
    Deleted : HKLM\SOFTWARE\AdwCleaner
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

    ########## - EOF - ##########
    avatar
    joram
    Administrador Fundador
    Administrador Fundador

    Mensagens : 613
    Data de inscrição : 14/08/2012
    Idade : 63
    Localização : Rio de Janeiro

    Re: Analise de rotina, log para analise.

    Mensagem por joram em Ter Jul 09, 2013 11:47 am

    CASO RESOLVIDO!

    Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

    Conteúdo patrocinado

    Re: Analise de rotina, log para analise.

    Mensagem por Conteúdo patrocinado


      Data/hora atual: Seg Jun 26, 2017 11:38 am