Analise de rotina, log para analise.

Amigo é o seguinte, aparentemente o pc que trabalho está funcionando perfeitamente, porem resolvi postar um log para ver se tem alguma coisa anormal.

Link [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Bom Dia! Edvan

|- Pelo log,não vi malwares em seu PC.

-/-

|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

|- Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

silentrunners;
autoclean; 
emptyalltemp; 

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script". <- Aguarde!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt << 

-/-

|- Feche programas/pastas que estejam abertas.
|- Feche,também,o navegador!
|- Para Windows Vista,desabilite a [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador.
|- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas".
#####

O4 - HKCU\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
O4 - HKUS\S-1-5-21-1957994488-583907252-839522115-500\..\Run: [uTorrent] C:\Arquivos de programas\uTorrent\uTorrent.exe (.not file.)    => Ludvig Strigeus%uTorrent
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\DMMultiView\MultiView.exe" [Enabled] .(...) -- C:\Arquivos de programas\DMMultiView\MultiView.exe (.not file.)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe" [Enabled] .(...) -- C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {90B79F7D-E3FD-43DC-B437-E80230D903A8} - (Ask Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

proxyfix
firewallraz
sysrestore

#####
|- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C"
|- Minimize o Bloco de Notas.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique no menu,"Paste ClipBoard".
|- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go".

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

|- Clique "GO" -> Oui.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Ps: Temos,àcima,sequência de imagens para maior exclarecimento.
|- Poste o relatório: C:\ZHP\ZHPFix[R1].txt

Abs!

Zoek.exe Version 4.0.0.3 Updated 05-July-2013
Tool run by Administrador on 09/07/2013 at 10:17:45,15.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

09/07/2013 10:17:56 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1957994488-583907252-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{90B79F7D-E3FD-43DC-B437-E80230D903A8} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default

user.js not found
---- Lines ask.com removed from prefs.js ----

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
user_pref("extensions.wrc.SearchRules.ask.com.url", "^http(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

---- Lines ask.com modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs_072013_1020_.backup

ProfilePath: C:\Documents and Settings\f003300\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default

user.js not found
---- Lines ask.com removed from prefs.js ----


---- Lines ask.com modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

prefs_072013_1020_.backup

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\Administrador\Dados de aplicativos\desktop.ini" deleted
"C:\Documents and Settings\All Users\Desktop\MP3 Downloader.lnk" deleted

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
- avast Online Security - C:\Arquivos de programas\AVAST Software\Avast\WebRep\FF
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Modulo de Seguranca - Banco do Brasil - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default
ABCB4A6EAB701C629378255ABCB308E5 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U25
D7324EB1EDCB8990F8522DE0311359E9 - C:\WINDOWS\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
3D76B5C0E02ECC19C1F5756E8FD97F72 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll - Shockwave Flash
3A523765D795DB006C010B915C3A840A - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
42A9B216A7A288512CE2F9A6BCCE96BC - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
9013599B12923A45C029C34E8D2211AC - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
F9174E52953C2EDB35E4E634F6228F66 - C:\WINDOWS\system32\npptools.dll - Sistema operacional Microsoft® Windows®
BF2AD333C79072EEBE5AE0D72670E64E - C:\Arquivos de programas\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{86122936-B263-4bcf-9F1E-3BA652211805}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{86122936-B263-4bcf-9F1E-3BA652211805} Yahoo  Url="http://br.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD"
{982334AF-6893-4efc-ACB2-00445C87E7EE} Google  Url="http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=pt-BR&q={searchTerms}"

==== Silent Runners ======================

"Silent Runners.vbs", revision 69.2, [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe [MS]
Google Update = "C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe" /c [Google Inc.]
MSMSGS = "C:\Arquivos de programas\Messenger\msmsgs.exe" /background [MS]
uTorrent = "C:\Arquivos de programas\uTorrent\uTorrent.exe"  /MINIMIZED [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
IgfxTray = C:\WINDOWS\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe [Intel Corporation]
Persistence = C:\WINDOWS\system32\igfxpers.exe [Intel Corporation]
avast = "C:\Arquivos de programas\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
EaseUS EPM tray = C:\Arquivos de programas\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe [CHENGDU YIWO Tech Development Co., Ltd]
BCU = "C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCU.exe" [DeviceVM, Inc.]
Adobe ARM = "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
SunJavaUpdateSched = "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Facilitador de Leitor de Link Adobe PDF
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe Systems Incorporated]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
                   \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\ssv.dll [Oracle Corporation]

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
  -> {HKLM...CLSID} = avast! WebRep
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Helper
                   \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar Notifier BHO
                   \InProcServer32\(Default) = C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll [Google Inc.]

{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
                   \InProcServer32\(Default) = C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{88895560-9AA2-1069-930E-00AA0030EBC8} = Extensão de ícone do HyperTerminal
  -> {HKLM...CLSID} = HyperTerminal Icon Ext
                   \InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{472083B0-C522-11CF-8763-00608CC02F24} = avast
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

{B41DB860-8EE4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = C:\Arquivos de programas\Microsoft Office\Office12\msohevi.dll [MS]

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
  -> {HKLM...CLSID} = Microsoft Office Metadata Handler
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
  -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\msoshext.dll [MS]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice.org Column Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice.org Infotip Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

{63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice.org Property Sheet Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

{3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice.org Thumbnail Viewer
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} = NeroCoverEd Live Icons
  -> {HKLM...CLSID} = NeroCoverEdLiveIcons Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

{B327765E-D724-4347-8B16-78AE18552FC3} = NeroDigitalIconHandler
  -> {HKLM...CLSID} = NeroDigitalIconHandler Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

{7F1CF152-04F8-453A-B34C-E609530A9DC8} = NeroDigitalPropSheetHandler
  -> {HKLM...CLSID} = NeroDigitalPropSheetHandler Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

{c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  -> {HKLM...CLSID} = Icaros Thumbnail Provider
                   \InProcServer32\(Default) = C:\Arquivos de programas\K-Lite Codec Pack\Icaros\IcarosThumbnailProvider.dll [Tabibito Technology]

{BAF55D20-7BC0-4bcc-A91F-A5223FFFDC9D} = Sorcerer Shell Extension
  -> {HKLM...CLSID} = Sorcerer Shell Extension
                   \InProcServer32\(Default) = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006SX.DLL [Software 2000 Limited]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
  -> {HKLM...CLSID} = 7-Zip Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = igfxdev.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

<<!>> text/xml\CLSID = {807563E5-5146-11D5-A672-00B0D022E945}
  -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
                   \InProcServer32\(Default) = C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL [MS]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
  -> {HKLM...CLSID} = HxProtocol Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = 7-Zip Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

Cover Designer\(Default) = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
  -> {HKLM...CLSID} = NeroCoverEdContextMenu Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [Nero AG]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
  -> {HKLM...CLSID} = NBShellHook Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
  -> {HKLM...CLSID} = NBShellHook Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = 7-Zip Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
  -> {HKLM...CLSID} = 7-Zip Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\7-Zip\7-zip.dll [Igor Pavlov]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
  -> {HKLM...CLSID} = GraphicsShellExt Class
                   \InProcServer32\(Default) = C:\WINDOWS\system32\igfxpph.dll [Intel Corporation]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = NeroDigitalExt.NeroDigitalColumnHandler
  -> {HKLM...CLSID} = NeroDigitalColumnHandler Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroDigitalExt.dll [Nero AG]

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice.org Column Handler
  -> {HKLM...CLSID} = (no title provided)
                   \InProcServer32\(Default) = "C:\Arquivos de programas\BrOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll" [OpenOffice.org]

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
  -> {HKLM...CLSID} = PDF Shell Extension
                   \InProcServer32\(Default) = C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
  -> {HKLM...CLSID} = avast
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\ashShell.dll [AVAST Software]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
  -> {HKLM...CLSID} = MBAMShlExt Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]

{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}\(Default) = (no title provided)
  -> {HKLM...CLSID} = NBShellHook Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

NBShellHook\(Default) = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
  -> {HKLM...CLSID} = NBShellHook Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBShell.dll [Nero AG]

WinRAR\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  -> {HKLM...CLSID} = WinRAR
                   \InProcServer32\(Default) = C:\Arquivos de programas\WinRAR\rarext.dll [null data]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Policies\Microsoft\Windows\System\

disablecmd = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Disable the command prompt}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
Wallpaper = C:\WINDOWS\system32\config\systemprofile\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp


Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

BridgeCS4ImportMediaOnArrival\
Provider = Adobe Bridge CS4
InvokeProgID = Adobe.adobebridge
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridge\shell\launch\command\(Default) = C:\Arquivos de programas\Adobe\Adobe Bridge CS4\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]

MPCPlayBluRayOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayBlurayMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]

MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]

MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]

MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Arquivos de programas\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]

MSWPDShellNamespaceHandler\
Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine =  
  -> {HKLM...CLSID} = WPDShextAutoplay
                   \LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]


Enabled Scheduled Tasks: {++}
------------------------

Adobe Flash Player Updater -> launches: C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
avast! Emergency Update -> launches: C:\Arquivos de programas\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
GoogleUpdateTaskMachineCore -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Arquivos de programas\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500Core -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1957994488-583907252-839522115-500UA -> launches: C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
User_Feed_Synchronization-{4A43C29C-545F-4A8A-81C5-36482BBCEFE2} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]
User_Feed_Synchronization-{59086E34-7A55-4167-9858-E8C4D4A099AE} -> launches: C:\WINDOWS\system32\msfeedssync.exe sync [MS]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000004\LibraryPath = C:\Arquivos de programas\Bonjour\mdnsNSP.dll [Apple Computer, Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

{2318C2B1-4965-11D4-9B18-009027A5CD4F}
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
  -> {HKLM...CLSID} = avast! WebRep
                   \InProcServer32\(Default) = C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]

{2318C2B1-4965-11D4-9B18-009027A5CD4F} = (no title provided)
  -> {HKLM...CLSID} = Google Toolbar
                   \InProcServer32\(Default) = C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll [Google Inc.]

Explorer Bars

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = &Pesquisar
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
ButtonText = Research
BandCLSID = {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
  -> {HKLM...CLSID} = &Pesquisar
                   \InProcServer32\(Default) = C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL [MS]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
MenuText = @xpsp3res.dll,-20001
Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
ButtonText = Messenger
MenuText = Windows Messenger
Exec = C:\Arquivos de programas\Messenger\msmsgs.exe [MS]


Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} = ?iw
  -> {HKLM...CLSID} = SearchHook Class
                   \InProcServer32\(Default) = C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll [DeviceVM, Inc.]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##, Bonjour Service, "C:\Arquivos de programas\Bonjour\mDNSResponder.exe" [Apple Computer, Inc.]
avast! Antivirus, avast! Antivirus, "C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
Browser Configuration Utility Service, BCUService, C:\Arquivos de programas\DeviceVM\Browser Configuration Utility\BCUService.exe [DeviceVM, Inc.]
Java Quick Starter, JavaQuickStarterService, "C:\Arquivos de programas\Java\jre7\bin\jqs.exe" -service -config "C:\Arquivos de programas\Java\jre7\lib\deploy\jqs\jqs.conf" [Oracle Corporation]
Net Driver HPZ12, Net Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZinw12.dll [Hewlett-Packard]}
NMIndexingService, NMIndexingService, "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe" [Nero AG]
Pml Driver HPZ12, Pml Driver HPZ12, C:\WINDOWS\System32\svchost.exe -k HPZ12 {C:\WINDOWS\system32\HPZipm12.dll [Hewlett-Packard]}
TeamViewer 8, TeamViewer8, "C:\Arquivos de programas\TeamViewer\Version8\TeamViewer_Service.exe" [TeamViewer GmbH]


Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> PEVSystemStart, Service

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> PEVSystemStart, Service


Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
CPCA Language Monitor2\Driver = AUCPLMNT.DLL [CANON INC.]
CPCA Language Monitor3\Driver = CNAS0MMK.DLL [Canon Inc.]
PDFCreator\Driver = pdfcmnnt.dll [null data]


<<H>>: Suspicious data at a browser hijack point.


==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrador\Configurações locais\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f003300\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\f004044\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\o48o609a.default\Cache emptied successfully
C:\Documents and Settings\f003300\Configurações locais\Dados de aplicativos\Mozilla\Firefox\Profiles\hx7kz89w.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 09/07/2013 at 10:28:48,82 ======================

 

Rapport de ZHPFix 2013.6.12.3 par Nicolas Coolman, Update du 12/06/2013
Fichier d'export Registre : 
Run by Administrador at 09/07/2013 10:35:39
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Recycle Files Deleted

========== Registry Key ==========
NOT FOUND SearchScopes :{90B79F7D-E3FD-43DC-B437-E80230D903A8}

========== Registry Value ==========
DELETED RunValue: uTorrent
NOT FOUND RunValue: uTorrent
DELETED AAKE KeyValue: C:\Arquivos de programas\DMMultiView\MultiView.exe
DELETED AAKE KeyValue: C:\Arquivos de programas\IP Camera Wizard\IPCamWizard.exe
ProxyFix : Proxy killed successfully
DELETED ProxyServer Value
DELETED ProxyEnable Value
DELETED EnableHttp1_1 Value
DELETED ProxyHttp1.1 Value
DELETED ProxyOverride Value
No Value in Domain Profile Register Key FirewallRaz : 
No Value in Firewall Exception Register Key (FirewallRaz)

========== File ==========
NOT FOUND File: c:\arquivos de programas\utorrent\utorrent.exe
NOT FOUND File: c:\arquivos de programas\dmmultiview\multiview.exe
NOT FOUND File: c:\arquivos de programas\ip camera wizard\ipcamwizard.exe

========== Restoration ==========
Restore System Point created succefully


========== Summary ==========
1 : Registry Key
12 : Registry Value
3 : File
1 : Restoration


End of clean in 00mn 06s

========== Report File ==========
C:\ZHP\ZHPFix[R1].txt - 09/07/2013 10:35:40 [1390]

Bom Dia! Edvan

|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Estando na página,clique na seta verde para o download. 
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Execute-a!
|- Com a checkbox marcada! ( Remove disinfection tools )
|- Clique "Run".
|- Tudo Ok?   

Abs!

Tudo ok meu amigo!. 

# DelFix v10.3 - Logfile created 09/07/2013 at 11:37:55
# Updated 08/06/2013 by Xplode
# Username : Administrador - FUN0034
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\ZHP
Deleted : C:\Arquivos de programas\ZHPDiag
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\zoek-results.log
Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPDiag2.exe
Deleted : C:\Documents and Settings\Administrador\Desktop\ZHPFixReport.txt
Deleted : C:\Documents and Settings\Administrador\Desktop\zoek.exe
Deleted : C:\Documents and Settings\All Users\Desktop\MBRCheck.lnk
Deleted : C:\Documents and Settings\All Users\Desktop\ZHPDiag.lnk
Deleted : C:\Documents and Settings\All Users\Desktop\ZHPFix.lnk
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

########## - EOF - ##########

CASO RESOLVIDO!

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.