Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
4 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 4 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Outro ADS em meu PC... Highlightly

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 11:38

Bom dia pessoal, preciso de mais um ajuda... Apareceu esse novo ads em minha maquina e toda vez que acesso qualquer pagina da internet, o Avast acusa como pagina de ameaça... Ate mesmo sites ligitimos...

Log do HiJackThis

Log HJT:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\zoek.exe
C:\WINDOWS\system32\cmd.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\mshta.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5385 bytes
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 11:41

  Olá Lucas.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 11:48

Aqui esta o log Power Max !

Log:
# AdwCleaner v3.023 - Relatório criado 09/04/2014 às 11:44:31
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - LUCAS-DDDC2C8B7
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : hlnfd
[#] Serviço Deletada : hlsvc
[#] Serviço Deletada : IePluginService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService
Pasta Deletada : C:\Arquivos de programas\Highlightly
Pasta Deletada : C:\WINDOWS\system32\AI_RecycleBin
Pasta Deletada : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Iminent
Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\lollipop
Arquivo Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Internet Explorer.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [916 octets] - [08/04/2014 01:44:46]
AdwCleaner[R1].txt - [7351 octets] - [09/04/2014 11:43:51]
AdwCleaner[S0].txt - [971 octets] - [08/04/2014 01:45:35]
AdwCleaner[S1].txt - [5119 octets] - [09/04/2014 11:44:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5179 octets] ##########
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 11:52

 Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 09 Abr 2014, 12:20, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 12:11

log zoek:

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrador on qua 09/04/2014 at 11:55:05,39.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/4/2014 11:55:28 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-776561741-1614895754-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-776561741-1614895754-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Arquivos de programas\Garena Plus deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Arquivos de programas\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/04/2014 01:20]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://br.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\BlackShot Launcher.lnk - C:\Arquivos de programas\Garena Plus\Apps\BlackShot\BlackShot\launcher.exe
C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Desktop\Warface.lnk - C:\Level Up Games\Warface\Launcher\Launcher.exe
C:\Documents and Settings\All Users\Desktop\WORLDRAG.lnk - C:\WORLDRAG\WORLDRAG.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Assistência remota.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Assistente de compatibilidade de programa.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Bloco de notas.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Ativar o Windows.lnk - C:\WINDOWS\system32\oobe\msoobe.exe /A
C:\Documents and Settings\All Users\Menu Iniciar\Catálogo do Windows.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Definir acesso e padrões do programa.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Windows Update.lnk - C:\WINDOWS\system32\wupdmgr.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Windows Movie Maker.lnk - C:\Arquivos de programas\Movie Maker\moviemk.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Calculadora.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Conexão de Área de Trabalho Remota.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Paint.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\WordPad.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade\Assistente de acessibilidade.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente de configuração de rede.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para Configuração de Rede sem Fio.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para novas conexões.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Conexões de rede.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\HyperTerminal.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Controle de volume.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Gravador de som.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Assistente para transferência de arquivos e configurações.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Ativar o Windows.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Backup.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Central de Segurança.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Desfragmentador de disco.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Informações sobre o sistema.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Limpeza de disco.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Mapa de caracteres.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Restauração do sistema.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Tarefas agendadas.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avast\avast Free Antivirus.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Desempenho.lnk - C:\WINDOWS\system32\perfmon.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Diretiva de segurança local.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Fontes de dados (ODBC).lnk - C:\WINDOWS\system32\odbcad32.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Gerenciamento do computador.lnk - C:\WINDOWS\system32\compmgmt.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Serviços de componente.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Serviços.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Visualizar eventos.lnk - C:\WINDOWS\system32\eventvwr.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\Garena Plus.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\BlackShot\Start BlackShot.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe -toggleplugin 32773
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\BlackShot\Uninstall.lnk - C:\Arquivos de programas\Garena Plus\Apps\BlackShot\uninst.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\Garena Plus\Garena Plus.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Campo minado.lnk - C:\WINDOWS\system32\winmine.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Copas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Copas.lnk - C:\WINDOWS\system32\mshearts.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Damas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\chkrzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Espadas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\shvlzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Freecell.lnk - C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Gamão para Internet.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Paciência Spider.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Paciência.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Pinball.lnk - C:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Reversi para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\Rvsezm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Level Up Games\Warface\Warface.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LevelUp GrandChase\Grand Chase.lnk - C:\Level Up Games\Grand Chase\GrandChase.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LeveUp Games\RagnarokOnline\RagnarokOnline.exe.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LeveUp Games\RagnarokOnline\Setup.exe.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\NVIDIA Corporation\NVIDIA PhysX Properties.lnk - C:\WINDOWS\system32\PhysX.cpl
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\Uninstall.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\Console RAR manual.lnk - C:\Arquivos de programas\WinRAR\Rar.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\What is new in the latest version.lnk - C:\Arquivos de programas\WinRAR\WhatsNew.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\WinRAR help.lnk - C:\Arquivos de programas\WinRAR\WinRAR.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\WinRAR.lnk - C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\Configuração.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\Desinstalar WORLDRAG.lnk - C:\WORLDRAG\unins000.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\WORLDRAG.lnk - C:\WORLDRAG\WORLDRAG.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9526 folders=335 3806195281 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on qua 09/04/2014 at 12:08:54,81 ======================
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 12:17

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 12:27

Log JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrador on qua 09/04/2014 at 12:20:39,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on qua 09/04/2014 at 12:25:38,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 12:32

 Faça o download do < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
 
|- Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!

[Você precisa estar registrado e conectado para ver esta imagem.]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 14:30

Log do ZHP

ZHP LOG:
~ Relatório do ZHPDiag v2014.4.9.15 - Nicolas Coolman (9/4/2014)
~ Iniciado por Administrador (9/4/2014 14:27:50)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 202 GB (86%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUCAS-DDDC2C8B7
~ User Name: Administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 202 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.D1A5DFE3B1F5FD6268238C224E3A491B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.5/11/2010 - 21:21:10.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.4D43E74F2A1239D53929B82600F1971C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/1/2011 - 10:33:37.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.D09B9F0B9960DD41E73127B7814C115F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/1/2011 - 10:35:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457216]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/1/2011 - 10:40:31.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 17:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/1573
~ Mon Bureau (My Desktop) : 0/7
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 02s



---\\ Processos lançados
[MD5.896B929603FE45993853DF9A3E5E19B1] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.4.) -- C:\WINDOWS\system32\nvsvc32.exe [168004] [PID.1020]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1480]
[MD5.B52BCA0ABD463590BE48663962608D46] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16859648] [PID.608]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3854640] [PID.684]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2452]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [859976] [PID.508]
[MD5.509E0687DA8749E65D002011E57BF20A] - (.No owner - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1302080] [PID.4076]
[MD5.19B08BB980EFA4AE63F8A505BAB8B94C] - (.No owner - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe [5329400] [PID.2268]
[MD5.5B93A9C1BB894EFA4D6429EEADA5007C] - (...) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe [74752] [PID.536]
[MD5.909FF075A7415E346642B4F4B074265C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8208896] [PID.1048]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@t.garena.com/garenatalk] - (...) -- C:\Arquivos de programas\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: BlackShot Launcher.lnk . (...) -- C:\Arquivos de programas\Garena Plus\Apps\BlackShot\BlackShot\launcher.exe (.not file.)
O4 - GS\Desktop [AllUsers]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [AllUsers]: Warface.lnk . (.Level Up! Interactive S.A. - Launcher Warface.) -- C:\Level Up! Games\Warface\Launcher\Launcher.exe
O4 - GS\Desktop [AllUsers]: WORLDRAG.lnk . (...) -- C:\WORLDRAG\WORLDRAG.exe
O4 - GS\Desktop [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Administrador]: Grand Chase.lnk . (...) -- C:\Level Up! Games\Grand Chase\GrandChase.exe
~ Global Startup: 9 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PriceMeterW] C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe (.not file.) =>PUP.PriceMeter
O4 - HKCU\..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [PriceMeterW] C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe (.not file.) =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [454]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Highlightly - (.Highlightly.) [HKLM] -- Highlightly
O42 - Logiciel: WORLDRAG versão 9100 - (.WORLDRAG.) [HKLM] -- {DE77311D-C335-495A-9619-67E4210E75AB}_is1
O42 - Logiciel: Warface - (.Level Up! Games.) [HKLM] -- {094FAADD-5A39-4C64-911A-B4C9AD818484}_is1
~ Logic: 20 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Pando Networks]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\LeveUp! Games]
[HKLM\Software\Pando Networks]
~ Key Software: 133 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/4/2014 - 01:25:48 - [1880,252] ----D C:\Arquivos de programas\LeveUp! Games
O43 - CFD: 8/4/2014 - 02:35:58 - [7,182] ----D C:\Arquivos de programas\Pando Networks
O43 - CFD: 8/4/2014 - 00:48:27 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 8/4/2014 - 00:47:50 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 8/4/2014 - 15:54:03 - [0,014] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 8/4/2014 - 16:07:33 - [0,102] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 8/4/2014 - 00:57:30 - [0,014] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 8/4/2014 - 17:53:16 - [0] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 71 Legitimates Filtered in 00mn 03s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.756E3FFE7E4A96DB54F977AE98D7BF9F] - 7/4/2014 - 21:39:42 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2969]
O44 - LFC:[MD5.5312FE00B4EBE013C57A7A3089E2275C] - 7/4/2014 - 21:39:42 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [515]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 7/4/2014 - 21:39:48 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 7/4/2014 - 21:40:05 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.EC38AAE99521B15F395A156049FFACE9] - 7/4/2014 - 21:40:14 ---A- . (...) -- C:\WINDOWS\regopt.log [1282]
O44 - LFC:[MD5.62C5567DD50CED58631E534A0968EFAD] - 7/4/2014 - 21:40:24 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 7/4/2014 - 21:43:36 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.4895888641C65F1F336C603B93BD3B0C] - 7/4/2014 - 21:43:36 ---A- . (...) -- C:\WINDOWS\wiadebug.log [511]
O44 - LFC:[MD5.22F3DB5B7B3706763F0EADF11768B6CA] - 7/4/2014 - 21:43:38 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 7/4/2014 - 21:44:13 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.CF2FCA722DF9359CF30A6AD54D761C7B] - 8/4/2014 - 00:44:39 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.10D344BCEC483F21ED47095CDB019E9C] - 8/4/2014 - 00:45:21 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 8/4/2014 - 00:45:28 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.485FA3E9779BB443B21D783D3A3F4A6F] - 8/4/2014 - 00:45:28 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3828]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.33FA18A1E3941B727CC6A3A40818F890] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [26931]
O44 - LFC:[MD5.B6857A23806A85E16E9B9EFAFA2DA1AC] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1221]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Bolhas de sabão.bmp [65978]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Cafezinho.bmp [17062]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Renda azul 16.bmp [1272]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Seda.bmp [16730]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Areia.bmp [26582]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Bruma.bmp [65954]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Deserto.bmp [65832]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Leques.bmp [26680]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Pescaria.bmp [17336]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Rododentro.bmp [17362]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Tapete.bmp [9522]
O44 - LFC:[MD5.A0EB5CD77FEF85D5D792844A85CAED5C] - 8/4/2014 - 00:46:07 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [135]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 8/4/2014 - 00:46:12 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 8/4/2014 - 00:46:12 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.2317E9A1E26E90B0FA2154E317C6A658] - 8/4/2014 - 00:46:22 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21844]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 8/4/2014 - 00:46:41 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 8/4/2014 - 00:48:00 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 8/4/2014 - 00:48:00 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 8/4/2014 - 00:48:00 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 8/4/2014 - 00:48:00 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 8/4/2014 - 00:48:36 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 8/4/2014 - 00:48:36 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 8/4/2014 - 00:49:13 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 8/4/2014 - 00:49:20 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 8/4/2014 - 00:49:21 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 8/4/2014 - 00:49:21 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.4B18938B988AF7A805C80B26C1B4499D] - 8/4/2014 - 00:50:38 ---A- . (...) -- C:\WINDOWS\ie8.log [52953]
O44 - LFC:[MD5.1BC5FC61994C8F60C0D41F621C0CF8A2] - 8/4/2014 - 00:50:38 ---A- . (...) -- C:\WINDOWS\system32\spupdsvc.inf [889]
O44 - LFC:[MD5.DE2F584B639B553EDCD2919349AFC79C] - 8/4/2014 - 00:50:43 ---A- . (...) -- C:\WINDOWS\ie8_main.log [30047]
O44 - LFC:[MD5.0B5B446BAA2BA46501E3E0DC3BFCA504] - 8/4/2014 - 00:51:21 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [552]
O44 - LFC:[MD5.3084439588D378EFF1FD5A6759D61EA0] - 8/4/2014 - 00:52:13 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [4346]
O44 - LFC:[MD5.10F88CAB39DF365B0D46C43BB15E3831] - 8/4/2014 - 00:54:05 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [718]
O44 - LFC:[MD5.C5892673F80E7426B2D9627056EEB380] - 8/4/2014 - 00:55:02 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.C84A1E2BC85FD52F0EB4FF13556B1CF0] - 8/4/2014 - 00:57:21 ---A- . (...) -- C:\WINDOWS\updspapi.log [18189]
O44 - LFC:[MD5.DF1E1C59699A8E5888BBFC329C578826] - 8/4/2014 - 00:57:24 ---A- . (...) -- C:\WINDOWS\wmsetup.log [2262]
O44 - LFC:[MD5.E3C5A70D671A9E4A2ED6E107BBB73F60] - 8/4/2014 - 00:57:25 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [841]
O44 - LFC:[MD5.A0FD71A7ED2308274512251A5B3979F6] - 8/4/2014 - 01:03:54 R--A- . (...) -- C:\WINDOWS\system32\e1e5132.din [2889]
O44 - LFC:[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - 8/4/2014 - 01:03:57 ----- . (...) -- C:\WINDOWS\system32\SetupBD.din [1904]
O44 - LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] - 8/4/2014 - 01:05:14 R---- . (...) -- C:\WINDOWS\system32\ChCfg.exe [49152]
O44 - LFC:[MD5.3ABB1AE724741726874F5E524E24DBCE] - 8/4/2014 - 01:05:18 ---A- . (...) -- C:\RHDSetup.log [530]
O44 - LFC:[MD5.FFD4E36A86A7F672FD67E0725D0122E4] - 8/4/2014 - 01:05:18 ---A- . (...) -- C:\realtek.log [206]
O44 - LFC:[MD5.6A714E92C31CC703F292299C6E5BF1EB] - 8/4/2014 - 01:05:18 R---- . (...) -- C:\WINDOWS\USetup.iss [553]
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 8/4/2014 - 01:08:18 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650]
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 8/4/2014 - 01:08:18 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794]
O44 - LFC:[MD5.D1F6490997AC971E3EC93D2A4A726D9C] - 8/4/2014 - 01:10:37 ---A- . (...) -- C:\WINDOWS\system32\nvdisp.nvu [19495]
O44 - LFC:[MD5.41AA17FF3E00A321C573E1D55E5631D5] - 8/4/2014 - 01:37:14 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 8/4/2014 - 11:20:21 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.2A44570770236D602FF1C0B51B61FBA1] - 8/4/2014 - 11:20:21 ---A- . (...) -- C:\WINDOWS\win.ini [507]
O44 - LFC:[MD5.5AEB61AB1C3864C71A107016C3E9925D] - 8/4/2014 - 15:17:29 ---A- . (...) -- C:\WINDOWS\system32\nppt9x.vxd [5588]
O44 - LFC:[MD5.14D0530971E13C910FE2E76DFDD2E6A4] - 8/4/2014 - 15:56:19 ---A- . (...) -- C:\WINDOWS\msmqinst.log [27448]
O44 - LFC:[MD5.9D3310B540411AA0D8F692AD720F6D13] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [67825]
O44 - LFC:[MD5.1F8F6377422795BB50B7AEEC0FDED051] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [5606]
O44 - LFC:[MD5.358A27FC80A8E1CCFA810A3D11B37690] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\comsetup.log [30832]
O44 - LFC:[MD5.E324B07FDE0C69A21FC248F94EC97CDF] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\iis6.log [105572]
O44 - LFC:[MD5.6EB5D80C52FE623579B45ECF8D288D93] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\imsins.log [1891]
O44 - LFC:[MD5.8BEF98F64B3B7F5F7B055473C4FDE427] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\msgsocm.log [3822]
O44 - LFC:[MD5.9ECB273DD061F417AA9E6B225594D5E6] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\netfxocm.log [13046]
O44 - LFC:[MD5.9C3D44A33149BA66C44D03FCA3B1EB23] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [17196]
O44 - LFC:[MD5.AEADAF7C88D7AFE1B26D8F1C6D85A484] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ocgen.log [46761]
O44 - LFC:[MD5.AB7649D578951E060CA3B09D3EE3A224] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ocmsn.log [3670]
O44 - LFC:[MD5.58316E5FD6EADCBE46FCCF0C190D511E] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\tabletoc.log [4575]
O44 - LFC:[MD5.D913EBDDAAB42466CC4F8AC45B4A84A9] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\tsoc.log [38043]
O44 - LFC:[MD5.4D00422800C456472583AE2E7B705A5E] - 8/4/2014 - 19:03:26 ---A- . (...) -- C:\WINDOWS\setuplog.txt [827109]
O44 - LFC:[MD5.E515BD195C52CBE49D45F9FDEB139374] - 9/4/2014 - 00:11:57 ---A- . (...) -- C:\WINDOWS\DirectX.log [41797]
O44 - LFC:[MD5.9C68826F6B49DB4BCA8A9D583D3ABEF5] - 9/4/2014 - 01:56:36 --HA- . (...) -- C:\WINDOWS\system32\mlfcache.dat [12384]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 9/4/2014 - 11:54:50 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.91AF031BC836720BD28CCF3BE7766424] - 9/4/2014 - 12:08:54 ---A- . (...) -- C:\zoek-results.log [17016]
O44 - LFC:[MD5.2A3B970794FC7206189344CC71ACEC93] - 9/4/2014 - 12:08:58 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [248739]
~ Files: 465 Legitimates Filtered in 00mn 09s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
~ Keys Export: 9 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 8/4/2014 - 01:20:21 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 8/4/2014 - 01:20:21 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 14/1/2011 - 10:39:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.350D32CE64901445DE81CDF6CB681F27] - 4/12/2013 - 16:46:36 ---A- . (.Highlightly - Highlightly Driver x86.) -- C:\WINDOWS\system32\Drivers\hlnfd.sys [52752]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/1/2011 - 10:39:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.04B47DEEB298AE90A0C42DEAED71F8BA] [SPRF][9/4/2014] (...) -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe [1426178]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "C04AC77760206FE40ACF16B80FB68F0D" . (..) -- C:\WINDOWS\Installer\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}\ARPPRODUCTICON.exe
~ Update Products: 14 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 8/4/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/4/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2013 5132656 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des

SR - | Auto 8/4/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 6/8/2009 168004 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe

~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13044 - (9/4/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 3

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\Administrador\Dados de aplicativos\PriceMeterUpdater =>PUP.PriceMeter^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 103837 Items scanned in 00mn 10s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.PriceMeter
[Você precisa estar registrado e conectado para ver este link.] =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Datamngr
~ MSI: 3 link(s) detected in 00mn 00s



~ 1072 Legitimates filtered by white list
End of the scan (548 lines in 00mn 40s)(0)
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 15:46

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Qui 17 Abr 2014, 10:02, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qua 09 Abr 2014, 16:24

Log ZHPFIX:
Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by Administrador at 9/4/2014 16:22:32
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\arquivos de programas\highlightly\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly]
ELIMINÉ: Mozilla Plugin: @t.garena.com/garenatalk
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: CLSID Extra Buttons: {FB5F1910-F110-11d2-BB9E-00C04F795683}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: PriceMeterW
ELIMINÉ RunValue: MSMSGS
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\documents and settings\all users\desktop\blackshot launcher.lnk
ELIMINÉ: c:\windows\tasks\060184c3-9766-46a0-b258-f4518a0b2633.job
ELIMINÉ: c:\windows\system32\drivers\hlnfd.sys
ELIMINÉ Temporários windows (138) (2.360.337 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
11 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 9/4/2014 16:22:34 [2135]
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Power Max em Qua 09 Abr 2014, 19:13

 Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]
 
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]
 
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por lucasscruz em Qui 24 Abr 2014, 22:43

Boa noite Power Max!

Gostaria de agradece-lo por toda assistência prestada.

Sim, consegui finalizar 100% graças a sua ajuda.

Muito obrigado e até a próxima.
avatar
lucasscruz
Iniciante
Iniciante

Mensagens : 12
Reputação : 1
Data de inscrição : 08/04/2014

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Danii em Qui 24 Abr 2014, 23:03

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.
avatar
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 77
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Re: Outro ADS em meu PC... Highlightly

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum