Outro ADS em meu PC... Highlightly

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe
C:\Arquivos de programas\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\zoek.exe
C:\WINDOWS\system32\cmd.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\mshta.exe
C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrador\Meus documentos\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5385 bytes

# AdwCleaner v3.023 - Relatório criado 09/04/2014 às 11:44:31
# Atualizado 01/04/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : Administrador - LUCAS-DDDC2C8B7
# Executando de : C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : hlnfd
[#] Serviço Deletada : hlsvc
[#] Serviço Deletada : IePluginService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\IePluginService
Pasta Deletada : C:\Arquivos de programas\Highlightly
Pasta Deletada : C:\WINDOWS\system32\AI_RecycleBin
Pasta Deletada : C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\Iminent
Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\lollipop
Arquivo Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Internet Explorer.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios\Ferramentas do Sistema\Internet Explorer (Sem Complementos).lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Documents and Settings\Administrador\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o Navegador Internet Explorer.lnk

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\chrome.exe\shell\open\command
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\webssearchesSoftware
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IM
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.6001.18702

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Google Chrome v33.0.1750.154

[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [916 octets] - [08/04/2014 01:44:46]
AdwCleaner[R1].txt - [7351 octets] - [09/04/2014 11:43:51]
AdwCleaner[S0].txt - [971 octets] - [08/04/2014 01:45:35]
AdwCleaner[S1].txt - [5119 octets] - [09/04/2014 11:44:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [5179 octets] ##########

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrador on qua 09/04/2014 at 11:55:05,39.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9/4/2014 11:55:28 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-776561741-1614895754-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-776561741-1614895754-1417001333-500\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Arquivos de programas\Garena Plus deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Arquivos de programas\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08/04/2014 01:20]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}"
"Default_Page_URL"="http://www.google.com"
"Search Bar"="http://br.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
"CustomizeSearch"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\BlackShot Launcher.lnk - C:\Arquivos de programas\Garena Plus\Apps\BlackShot\BlackShot\launcher.exe
C:\Documents and Settings\All Users\Desktop\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Desktop\Warface.lnk - C:\Level Up Games\Warface\Launcher\Launcher.exe
C:\Documents and Settings\All Users\Desktop\WORLDRAG.lnk - C:\WORLDRAG\WORLDRAG.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\Default User\Menu Iniciar\Programas\Assistência remota.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Assistente de compatibilidade de programa.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Bloco de notas.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Prompt de comando.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Sincronizar.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Tour do Windows XP.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Windows Explorer.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Gerenciador de utilitários.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Lente de aumento.lnk -
C:\Documents and Settings\Default User\Menu Iniciar\Programas\Acessórios\Acessibilidade\Teclado virtual.lnk -

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Ativar o Windows.lnk - C:\WINDOWS\system32\oobe\msoobe.exe /A
C:\Documents and Settings\All Users\Menu Iniciar\Catálogo do Windows.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Definir acesso e padrões do programa.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Windows Update.lnk - C:\WINDOWS\system32\wupdmgr.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Windows Movie Maker.lnk - C:\Arquivos de programas\Movie Maker\moviemk.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Calculadora.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Conexão de Área de Trabalho Remota.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Paint.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\WordPad.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Acessibilidade\Assistente de acessibilidade.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente de configuração de rede.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para Configuração de Rede sem Fio.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Assistente para novas conexões.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\Conexões de rede.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Comunicações\HyperTerminal.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Controle de volume.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Entretenimento\Gravador de som.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Assistente para transferência de arquivos e configurações.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Ativar o Windows.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Backup.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Central de Segurança.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Desfragmentador de disco.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Informações sobre o sistema.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Limpeza de disco.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Mapa de caracteres.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Restauração do sistema.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Acessórios\Ferramentas do sistema\Tarefas agendadas.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avast\avast Free Antivirus.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Desempenho.lnk - C:\WINDOWS\system32\perfmon.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Diretiva de segurança local.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Fontes de dados (ODBC).lnk - C:\WINDOWS\system32\odbcad32.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Gerenciamento do computador.lnk - C:\WINDOWS\system32\compmgmt.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Serviços de componente.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Serviços.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Visualizar eventos.lnk - C:\WINDOWS\system32\eventvwr.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\Garena Plus.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\BlackShot\Start BlackShot.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe -toggleplugin 32773
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\BlackShot\Uninstall.lnk - C:\Arquivos de programas\Garena Plus\Apps\BlackShot\uninst.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Garena\Garena Plus\Garena Plus.lnk - C:\Arquivos de programas\Garena Plus\GarenaMessenger.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Campo minado.lnk - C:\WINDOWS\system32\winmine.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Copas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\hrtzzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Copas.lnk - C:\WINDOWS\system32\mshearts.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Damas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\chkrzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Espadas para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\shvlzm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Freecell.lnk - C:\WINDOWS\system32\freecell.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Gamão para Internet.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Paciência Spider.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Paciência.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Pinball.lnk - C:\Arquivos de programas\Windows NT\Pinball\PINBALL.EXE
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Jogos\Reversi para Internet.lnk - C:\Arquivos de programas\MSN Gaming Zone\Windows\Rvsezm.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Level Up Games\Warface\Warface.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LevelUp GrandChase\Grand Chase.lnk - C:\Level Up Games\Grand Chase\GrandChase.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LeveUp Games\RagnarokOnline\RagnarokOnline.exe.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\LeveUp Games\RagnarokOnline\Setup.exe.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\NVIDIA Corporation\NVIDIA PhysX Properties.lnk - C:\WINDOWS\system32\PhysX.cpl
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\TeamSpeak 3 Client.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\TeamSpeak 3 Client\Uninstall.lnk - C:\Arquivos de programas\TeamSpeak 3 Client\Uninstall.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\Console RAR manual.lnk - C:\Arquivos de programas\WinRAR\Rar.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\What is new in the latest version.lnk - C:\Arquivos de programas\WinRAR\WhatsNew.txt
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\WinRAR help.lnk - C:\Arquivos de programas\WinRAR\WinRAR.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WinRAR\WinRAR.lnk - C:\Arquivos de programas\WinRAR\WinRAR.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\Configuração.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\Desinstalar WORLDRAG.lnk - C:\WORLDRAG\unins000.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\WORLDRAG\WORLDRAG.lnk - C:\WORLDRAG\WORLDRAG.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9526 folders=335 3806195281 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on qua 09/04/2014 at 12:08:54,81 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Administrador on qua 09/04/2014 at 12:20:39,23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on qua 09/04/2014 at 12:25:38,89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~ Relatório do ZHPDiag v2014.4.9.15 - Nicolas Coolman (9/4/2014)
~ Iniciado por Administrador (9/4/2014 14:27:50)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
GCIE: Google Chrome v33.0.1750.154 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2016

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 6, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3069 MB (74% free)
System Restore: Activé (Enable)
System drive C: has 202 GB (86%) free of 233 GB

---\\ Modo de conexão ao sistema
~ Computer Name: LUCAS-DDDC2C8B7
~ User Name: Administrador
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\Administrador\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\Administrador\Desktop\
~ %Favorites% : C:\Documents and Settings\Administrador\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\Administrador\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 202 Go of 233 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.D1A5DFE3B1F5FD6268238C224E3A491B] - (.Microsoft Corporation - Internet Extensions for Win32.) (.5/11/2010 - 21:21:10.) -- C:\WINDOWS\system32\wininet.dll [916480]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.4D43E74F2A1239D53929B82600F1971C] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.14/1/2011 - 10:33:37.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 13:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.D09B9F0B9960DD41E73127B7814C115F] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.14/1/2011 - 10:35:18.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [457216]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/1/2011 - 10:40:31.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 13:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 17:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Videos (My Videos) : 0/0
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/1573
~ Mon Bureau (My Desktop) : 0/7
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 02s



---\\ Processos lançados
[MD5.896B929603FE45993853DF9A3E5E19B1] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 190.4.) -- C:\WINDOWS\system32\nvsvc32.exe [168004] [PID.1020]
[MD5.BEA8D0FA8805CC2E6BB49728166699C7] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1480]
[MD5.B52BCA0ABD463590BE48663962608D46] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16859648] [PID.608]
[MD5.4BFA1849DC7AA3CB99C160D9EB96C67B] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe [3854640] [PID.684]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.2452]
[MD5.3A924B200D86590D2C83214CEBFA9742] - (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [859976] [PID.508]
[MD5.509E0687DA8749E65D002011E57BF20A] - (.No owner - PVP.net Patcher Kernel.) -- C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe [1302080] [PID.4076]
[MD5.19B08BB980EFA4AE63F8A505BAB8B94C] - (.No owner - PVP.net Patcher.) -- C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe [5329400] [PID.2268]
[MD5.5B93A9C1BB894EFA4D6429EEADA5007C] - (...) -- C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.80\deploy\LolClient.exe [74752] [PID.536]
[MD5.909FF075A7415E346642B4F4B074265C] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8208896] [PID.1048]
~ Processes Running: Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@t.garena.com/garenatalk] - (...) -- C:\Arquivos de programas\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll (.not file.)
~ Firefox Browser: 5 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Pando Networks - Pando Web Plugin.) (No version) -- (.not file.)
~ IE Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: BlackShot Launcher.lnk . (...) -- C:\Arquivos de programas\Garena Plus\Apps\BlackShot\BlackShot\launcher.exe (.not file.)
O4 - GS\Desktop [AllUsers]: TeamSpeak 3 Client.lnk . (.TeamSpeak Systems GmbH - TeamSpeak 3 Client.) -- C:\Arquivos de programas\TeamSpeak 3 Client\ts3client_win32.exe
O4 - GS\Desktop [AllUsers]: Warface.lnk . (.Level Up! Interactive S.A. - Launcher Warface.) -- C:\Level Up! Games\Warface\Launcher\Launcher.exe
O4 - GS\Desktop [AllUsers]: WORLDRAG.lnk . (...) -- C:\WORLDRAG\WORLDRAG.exe
O4 - GS\Desktop [Administrador]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Administrador]: Grand Chase.lnk . (...) -- C:\Level Up! Games\Grand Chase\GrandChase.exe
~ Global Startup: 9 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [Alcmtr] . (.Realtek Semiconductor Corp. - Realtek Azalia Audio - Event Monitor.) -- C:\WINDOWS\ALCMTR.exe
O4 - HKLM\..\Run: [nwiz] . (...) -- C:\Arquivos de programas\NVIDIA Corporation\nView\nwiz.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\WINDOWS\system32\NvMcTray.dll
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PriceMeterW] C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe (.not file.) =>PUP.PriceMeter
O4 - HKCU\..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [PriceMeterW] C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\PriceMeter\pricemeterw.exe (.not file.) =>PUP.PriceMeter
O4 - HKUS\S-1-5-21-776561741-1614895754-1417001333-500\..\Run: [MSMSGS] C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -- C:\Arquivos de programas\Messenger\msmsgs.exe (.not file.)
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{82E987F3-BAA4-452A-94D8-165BB8495E3B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} . (.Microsoft Corporation - DLL comum do Shell do Windows.) -- C:\WINDOWS\system32\SHELL32.dll
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job [454]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Highlightly - (.Highlightly.) [HKLM] -- Highlightly
O42 - Logiciel: WORLDRAG versão 9100 - (.WORLDRAG.) [HKLM] -- {DE77311D-C335-495A-9619-67E4210E75AB}_is1
O42 - Logiciel: Warface - (.Level Up! Games.) [HKLM] -- {094FAADD-5A39-4C64-911A-B4C9AD818484}_is1
~ Logic: 20 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKCU\Software\Pando Networks]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\LeveUp! Games]
[HKLM\Software\Pando Networks]
~ Key Software: 133 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 8/4/2014 - 01:25:48 - [1880,252] ----D C:\Arquivos de programas\LeveUp! Games
O43 - CFD: 8/4/2014 - 02:35:58 - [7,182] ----D C:\Arquivos de programas\Pando Networks
O43 - CFD: 8/4/2014 - 00:48:27 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 8/4/2014 - 00:47:50 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 8/4/2014 - 15:54:03 - [0,014] ----D C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch
O43 - CFD: 8/4/2014 - 16:07:33 - [0,102] ----D C:\Documents and Settings\Administrador\Dados de aplicativos\PriceMeterUpdater =>PUP.PriceMeter
O43 - CFD: 8/4/2014 - 00:57:30 - [0,014] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Acessórios
O43 - CFD: 8/4/2014 - 17:53:16 - [0] R---D C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Inicializar
~ Program Folder: 71 Legitimates Filtered in 00mn 03s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.756E3FFE7E4A96DB54F977AE98D7BF9F] - 7/4/2014 - 21:39:42 ----- . (...) -- C:\WINDOWS\system32\CONFIG.TMP [2969]
O44 - LFC:[MD5.5312FE00B4EBE013C57A7A3089E2275C] - 7/4/2014 - 21:39:42 ---A- . (...) -- C:\WINDOWS\system32\AUTOEXEC.NT [515]
O44 - LFC:[MD5.6CB26848BCDAA361B6EE21264FB362C3] - 7/4/2014 - 21:39:48 ---A- . (...) -- C:\WINDOWS\system32\c_20127.nls [66082]
O44 - LFC:[MD5.6F8A509550FE8C92D07EE0143BF29BA1] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10010.nls [66082]
O44 - LFC:[MD5.D2CA471D36A69D17F82D5C1B64FAEE39] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10029.nls [66082]
O44 - LFC:[MD5.9CA501D2A8E6909C5B2E8C9274682BF1] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_10082.nls [66082]
O44 - LFC:[MD5.21E928C8E6ED8EEAB0D1AAEE82ACDD76] - 7/4/2014 - 21:39:52 ---A- . (...) -- C:\WINDOWS\system32\c_852.nls [66594]
O44 - LFC:[MD5.5D038EEABA8EA438F6B5ABD5E91BC851] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\C_28594.NLS [66082]
O44 - LFC:[MD5.3E969213F35127D83DAB48FF1283E8E4] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\c_855.nls [66594]
O44 - LFC:[MD5.5CD475CA7B87844DE1E0483B536F9AAE] - 7/4/2014 - 21:39:55 ---A- . (...) -- C:\WINDOWS\system32\c_866.nls [66594]
O44 - LFC:[MD5.B537ACFAB9E70F0EF48DB696A08ADC81] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\C_28597.NLS [66082]
O44 - LFC:[MD5.0A206B5CACD3CA70D2044DA691304765] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_10006.nls [66082]
O44 - LFC:[MD5.BAC7072B365F9648CA318154BA7E03EC] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_737.nls [66594]
O44 - LFC:[MD5.780C444EB16B65E6DE96F794A732DA12] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_869.nls [66594]
O44 - LFC:[MD5.8BE0D77A873730B4EB1DAB7C6622CD46] - 7/4/2014 - 21:39:57 ---A- . (...) -- C:\WINDOWS\system32\c_875.nls [66082]
O44 - LFC:[MD5.E22D1B9AC7854C0A654E4C4232074E49] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\C_28595.NLS [66082]
O44 - LFC:[MD5.AF4A866226BD04ACF06135088D75BB63] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\c_10007.nls [66082]
O44 - LFC:[MD5.314E85390BEBDAE5D1E11DB2D8CBC6E9] - 7/4/2014 - 21:39:59 ---A- . (...) -- C:\WINDOWS\system32\c_10017.nls [66082]
O44 - LFC:[MD5.EFFDFF60A38CF648811BBCDD722ECF5E] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_10081.nls [66082]
O44 - LFC:[MD5.C37A21EE1ADFDC13FC707D97073148ED] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_28599.nls [66082]
O44 - LFC:[MD5.A8764750B22B528D85A691A52CB21856] - 7/4/2014 - 21:40:02 ---A- . (...) -- C:\WINDOWS\system32\c_857.nls [66594]
O44 - LFC:[MD5.35448F3A71EBBECF8E997FAD3A99327D] - 7/4/2014 - 21:40:05 ---A- . (...) -- C:\WINDOWS\system32\c_28603.nls [66082]
O44 - LFC:[MD5.EC38AAE99521B15F395A156049FFACE9] - 7/4/2014 - 21:40:14 ---A- . (...) -- C:\WINDOWS\regopt.log [1282]
O44 - LFC:[MD5.62C5567DD50CED58631E534A0968EFAD] - 7/4/2014 - 21:40:24 ---A- . (...) -- C:\WINDOWS\system32\pid.PNF [4444]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 7/4/2014 - 21:43:36 ---A- . (...) -- C:\WINDOWS\Sti_Trace.log [0]
O44 - LFC:[MD5.4895888641C65F1F336C603B93BD3B0C] - 7/4/2014 - 21:43:36 ---A- . (...) -- C:\WINDOWS\wiadebug.log [511]
O44 - LFC:[MD5.22F3DB5B7B3706763F0EADF11768B6CA] - 7/4/2014 - 21:43:38 ---A- . (...) -- C:\WINDOWS\wiaservc.log [48]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 7/4/2014 - 21:44:13 ---A- . (...) -- C:\WINDOWS\system32\h323log.txt [0]
O44 - LFC:[MD5.CF2FCA722DF9359CF30A6AD54D761C7B] - 8/4/2014 - 00:44:39 ---A- . (...) -- C:\WINDOWS\cmsetacl.log [200]
O44 - LFC:[MD5.10D344BCEC483F21ED47095CDB019E9C] - 8/4/2014 - 00:45:21 ---A- . (...) -- C:\WINDOWS\system32\wmimgmt.msc [63488]
O44 - LFC:[MD5.CDD932EDCB756FB5F7CE5E2F090BA838] - 8/4/2014 - 00:45:28 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.h [768]
O44 - LFC:[MD5.485FA3E9779BB443B21D783D3A3F4A6F] - 8/4/2014 - 00:45:28 ---A- . (...) -- C:\WINDOWS\system32\msdtcprf.ini [3828]
O44 - LFC:[MD5.4A547D74B435E78418BE06406250C1D3] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.h [3286]
O44 - LFC:[MD5.33FA18A1E3941B727CC6A3A40818F890] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\tslabels.ini [26931]
O44 - LFC:[MD5.B6857A23806A85E16E9B9EFAFA2DA1AC] - 8/4/2014 - 00:45:30 ---A- . (...) -- C:\WINDOWS\system32\usrlogon.cmd [1221]
O44 - LFC:[MD5.405E1EF8E3C88E9BCD2853382BB12430] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\bopomofo.uce [22984]
O44 - LFC:[MD5.4FDED87068052EEB9B72A97FDBC141DB] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\gb2312.uce [24006]
O44 - LFC:[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\ideograf.uce [60458]
O44 - LFC:[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\kanji_1.uce [6948]
O44 - LFC:[MD5.529BBD63519BBD654EF328454019693F] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\kanji_2.uce [8484]
O44 - LFC:[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - 8/4/2014 - 00:45:32 ---A- . (...) -- C:\WINDOWS\system32\korean.uce [12876]
O44 - LFC:[MD5.39F43DBCE366B2561DF073B4C0839299] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Bolhas de sabão.bmp [65978]
O44 - LFC:[MD5.73D70ED3EC3BBFD8FD35DF431C38F374] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Cafezinho.bmp [17062]
O44 - LFC:[MD5.DAC71A10A6A71CB6E3F427AE3283734B] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Renda azul 16.bmp [1272]
O44 - LFC:[MD5.3A8B85AB7B415BF3F8AFE285DFE0CE29] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\Seda.bmp [16730]
O44 - LFC:[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\system32\shiftjis.uce [16740]
O44 - LFC:[MD5.30F5568679A54042F99CA9EC1102EBCD] - 8/4/2014 - 00:45:33 ---A- . (...) -- C:\WINDOWS\system32\subrange.uce [93702]
O44 - LFC:[MD5.1AC5E83598D4F2143B59A2D893C3279A] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Areia.bmp [26582]
O44 - LFC:[MD5.280920B6773C74C3649A934257112BE1] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Bruma.bmp [65954]
O44 - LFC:[MD5.EB3BFC14E41FBAA41B4FD4489AA82D39] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Deserto.bmp [65832]
O44 - LFC:[MD5.5B4AC407E566076BB726BA91E067D313] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Leques.bmp [26680]
O44 - LFC:[MD5.203EF178BF8B0A8EC34E27E4DEDB6349] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Pescaria.bmp [17336]
O44 - LFC:[MD5.927A66BD587E31CB12D3AB25381658DC] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Rododentro.bmp [17362]
O44 - LFC:[MD5.5290EA6951F4724259F423B12C8E1393] - 8/4/2014 - 00:45:34 ---A- . (...) -- C:\WINDOWS\Tapete.bmp [9522]
O44 - LFC:[MD5.A0EB5CD77FEF85D5D792844A85CAED5C] - 8/4/2014 - 00:46:07 ---A- . (...) -- C:\WINDOWS\DtcInstall.log [135]
O44 - LFC:[MD5.487403459F0B2F1A3ADEEF02496BD80E] - 8/4/2014 - 00:46:12 ---A- . (...) -- C:\WINDOWS\vb.ini [36]
O44 - LFC:[MD5.6C2F0BA210C2B53EF07653ABAC6C2490] - 8/4/2014 - 00:46:12 ---A- . (...) -- C:\WINDOWS\vbaddin.ini [37]
O44 - LFC:[MD5.2317E9A1E26E90B0FA2154E317C6A658] - 8/4/2014 - 00:46:22 ---A- . (...) -- C:\WINDOWS\system32\emptyregdb.dat [21844]
O44 - LFC:[MD5.DADB3267CF9AA47E7EF8BBF043FBC4B8] - 8/4/2014 - 00:46:41 ---A- . (...) -- C:\WINDOWS\sessmgr.setup.log [1022]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 8/4/2014 - 00:48:00 ---A- . (...) -- C:\WINDOWS\desktop.ini [2]
O44 - LFC:[MD5.81051BCC2CF1BEDF378224B0A93E2877] - 8/4/2014 - 00:48:00 ---A- . (...) -- C:\WINDOWS\system32\desktop.ini [2]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 8/4/2014 - 00:48:00 -SH-- . (...) -- C:\WINDOWS\winnt.bmp [48680]
O44 - LFC:[MD5.2F3CDC1D898FD25B2547F5BFEB01FD0D] - 8/4/2014 - 00:48:00 -SH-- . (...) -- C:\WINDOWS\winnt256.bmp [48680]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\WindowsShell.Manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\cdplayer.exe.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\ncpa.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\nwc.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\sapi.cpl.manifest [749]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 8/4/2014 - 00:48:33 R-HA- . (...) -- C:\WINDOWS\system32\wuaucpl.cpl.manifest [749]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 8/4/2014 - 00:48:36 R-HA- . (...) -- C:\WINDOWS\system32\WindowsLogon.manifest [488]
O44 - LFC:[MD5.5D76C3FB736514E1D7C88791E7322784] - 8/4/2014 - 00:48:36 R-HA- . (...) -- C:\WINDOWS\system32\logonui.exe.manifest [488]
O44 - LFC:[MD5.2B9C717D21A1331BA3731886E3EE87BB] - 8/4/2014 - 00:49:13 ---A- . (...) -- C:\WINDOWS\ODBCINST.INI [4205]
O44 - LFC:[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - 8/4/2014 - 00:49:20 ---A- . (...) -- C:\WINDOWS\WMSysPr9.prx [316640]
O44 - LFC:[MD5.6D6F4B1886E91EB37ABCCAD19C561EE0] - 8/4/2014 - 00:49:21 ---A- . (...) -- C:\WINDOWS\system32\amcompat.tlb [16832]
O44 - LFC:[MD5.A32B14BE5EDAE794FCE1A9E970827509] - 8/4/2014 - 00:49:21 ---A- . (...) -- C:\WINDOWS\system32\nscompat.tlb [23392]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\AUTOEXEC.BAT [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\CONFIG.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 ---A- . (...) -- C:\WINDOWS\control.ini [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 RSHA- . (...) -- C:\IO.SYS [0]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 8/4/2014 - 00:49:24 RSHA- . (...) -- C:\MSDOS.SYS [0]
O44 - LFC:[MD5.4B18938B988AF7A805C80B26C1B4499D] - 8/4/2014 - 00:50:38 ---A- . (...) -- C:\WINDOWS\ie8.log [52953]
O44 - LFC:[MD5.1BC5FC61994C8F60C0D41F621C0CF8A2] - 8/4/2014 - 00:50:38 ---A- . (...) -- C:\WINDOWS\system32\spupdsvc.inf [889]
O44 - LFC:[MD5.DE2F584B639B553EDCD2919349AFC79C] - 8/4/2014 - 00:50:43 ---A- . (...) -- C:\WINDOWS\ie8_main.log [30047]
O44 - LFC:[MD5.0B5B446BAA2BA46501E3E0DC3BFCA504] - 8/4/2014 - 00:51:21 ---A- . (...) -- C:\WINDOWS\spupdsvc.log [552]
O44 - LFC:[MD5.3084439588D378EFF1FD5A6759D61EA0] - 8/4/2014 - 00:52:13 ---A- . (...) -- C:\WINDOWS\system32\TZLog.log [4346]
O44 - LFC:[MD5.10F88CAB39DF365B0D46C43BB15E3831] - 8/4/2014 - 00:54:05 ---A- . (...) -- C:\WINDOWS\system32\$winnt$.inf [718]
O44 - LFC:[MD5.C5892673F80E7426B2D9627056EEB380] - 8/4/2014 - 00:55:02 ---A- . (...) -- C:\WINDOWS\REGLOCS.OLD [8192]
O44 - LFC:[MD5.C84A1E2BC85FD52F0EB4FF13556B1CF0] - 8/4/2014 - 00:57:21 ---A- . (...) -- C:\WINDOWS\updspapi.log [18189]
O44 - LFC:[MD5.DF1E1C59699A8E5888BBFC329C578826] - 8/4/2014 - 00:57:24 ---A- . (...) -- C:\WINDOWS\wmsetup.log [2262]
O44 - LFC:[MD5.E3C5A70D671A9E4A2ED6E107BBB73F60] - 8/4/2014 - 00:57:25 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [841]
O44 - LFC:[MD5.A0FD71A7ED2308274512251A5B3979F6] - 8/4/2014 - 01:03:54 R--A- . (...) -- C:\WINDOWS\system32\e1e5132.din [2889]
O44 - LFC:[MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - 8/4/2014 - 01:03:57 ----- . (...) -- C:\WINDOWS\system32\SetupBD.din [1904]
O44 - LFC:[MD5.43C3571EADA5BC1EDEAD7CA22AD66F30] - 8/4/2014 - 01:05:14 R---- . (...) -- C:\WINDOWS\system32\ChCfg.exe [49152]
O44 - LFC:[MD5.3ABB1AE724741726874F5E524E24DBCE] - 8/4/2014 - 01:05:18 ---A- . (...) -- C:\RHDSetup.log [530]
O44 - LFC:[MD5.FFD4E36A86A7F672FD67E0725D0122E4] - 8/4/2014 - 01:05:18 ---A- . (...) -- C:\realtek.log [206]
O44 - LFC:[MD5.6A714E92C31CC703F292299C6E5BF1EB] - 8/4/2014 - 01:05:18 R---- . (...) -- C:\WINDOWS\USetup.iss [553]
O44 - LFC:[MD5.6D0634CEBBFF7F428DD816706F5AA1FB] - 8/4/2014 - 01:08:18 ---A- . (...) -- C:\WINDOWS\system32\BuzzingBee.wav [146650]
O44 - LFC:[MD5.E2FA75ADE398C9A44815B11CC141105C] - 8/4/2014 - 01:08:18 ---A- . (...) -- C:\WINDOWS\system32\LoopyMusic.wav [940794]
O44 - LFC:[MD5.D1F6490997AC971E3EC93D2A4A726D9C] - 8/4/2014 - 01:10:37 ---A- . (...) -- C:\WINDOWS\system32\nvdisp.nvu [19495]
O44 - LFC:[MD5.41AA17FF3E00A321C573E1D55E5631D5] - 8/4/2014 - 01:37:14 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1355]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 8/4/2014 - 11:20:21 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.2A44570770236D602FF1C0B51B61FBA1] - 8/4/2014 - 11:20:21 ---A- . (...) -- C:\WINDOWS\win.ini [507]
O44 - LFC:[MD5.5AEB61AB1C3864C71A107016C3E9925D] - 8/4/2014 - 15:17:29 ---A- . (...) -- C:\WINDOWS\system32\nppt9x.vxd [5588]
O44 - LFC:[MD5.14D0530971E13C910FE2E76DFDD2E6A4] - 8/4/2014 - 15:56:19 ---A- . (...) -- C:\WINDOWS\msmqinst.log [27448]
O44 - LFC:[MD5.9D3310B540411AA0D8F692AD720F6D13] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [67825]
O44 - LFC:[MD5.1F8F6377422795BB50B7AEEC0FDED051] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [5606]
O44 - LFC:[MD5.358A27FC80A8E1CCFA810A3D11B37690] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\comsetup.log [30832]
O44 - LFC:[MD5.E324B07FDE0C69A21FC248F94EC97CDF] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\iis6.log [105572]
O44 - LFC:[MD5.6EB5D80C52FE623579B45ECF8D288D93] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\imsins.log [1891]
O44 - LFC:[MD5.8BEF98F64B3B7F5F7B055473C4FDE427] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\msgsocm.log [3822]
O44 - LFC:[MD5.9ECB273DD061F417AA9E6B225594D5E6] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\netfxocm.log [13046]
O44 - LFC:[MD5.9C3D44A33149BA66C44D03FCA3B1EB23] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [17196]
O44 - LFC:[MD5.AEADAF7C88D7AFE1B26D8F1C6D85A484] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ocgen.log [46761]
O44 - LFC:[MD5.AB7649D578951E060CA3B09D3EE3A224] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\ocmsn.log [3670]
O44 - LFC:[MD5.58316E5FD6EADCBE46FCCF0C190D511E] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\tabletoc.log [4575]
O44 - LFC:[MD5.D913EBDDAAB42466CC4F8AC45B4A84A9] - 8/4/2014 - 15:56:25 ---A- . (...) -- C:\WINDOWS\tsoc.log [38043]
O44 - LFC:[MD5.4D00422800C456472583AE2E7B705A5E] - 8/4/2014 - 19:03:26 ---A- . (...) -- C:\WINDOWS\setuplog.txt [827109]
O44 - LFC:[MD5.E515BD195C52CBE49D45F9FDEB139374] - 9/4/2014 - 00:11:57 ---A- . (...) -- C:\WINDOWS\DirectX.log [41797]
O44 - LFC:[MD5.9C68826F6B49DB4BCA8A9D583D3ABEF5] - 9/4/2014 - 01:56:36 --HA- . (...) -- C:\WINDOWS\system32\mlfcache.dat [12384]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 9/4/2014 - 11:54:50 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.91AF031BC836720BD28CCF3BE7766424] - 9/4/2014 - 12:08:54 ---A- . (...) -- C:\zoek-results.log [17016]
O44 - LFC:[MD5.2A3B970794FC7206189344CC71ACEC93] - 9/4/2014 - 12:08:58 ---A- . (...) -- C:\WINDOWS\system32\NvApps.xml [248739]
~ Files: 465 Legitimates Filtered in 00mn 09s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
O47 - AAKE:Key Export DP - "C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe" [Enabled] .(..) -- C:\Arquivos de programas\Pando Networks\Media Booster\PMB.exe
~ Keys Export: 9 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe =>PUP.Datamngr
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.84B4C00AE8CDFC52CF68F322D821F34C] - 8/4/2014 - 01:20:21 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944]
O58 - SDL:[MD5.680448905E27BBC6587ADB28597640D6] - 8/4/2014 - 01:20:21 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys [180760]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 14/1/2011 - 10:39:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.350D32CE64901445DE81CDF6CB681F27] - 4/12/2013 - 16:46:36 ---A- . (.Highlightly - Highlightly Driver x86.) -- C:\WINDOWS\system32\Drivers\hlnfd.sys [52752]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/1/2011 - 10:39:46 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 7 Legitimates Filtered in 00mn 01s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.04B47DEEB298AE90A0C42DEAED71F8BA] [SPRF][9/4/2014] (...) -- C:\Documents and Settings\Administrador\Desktop\AdwCleaner.exe [1426178]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "C04AC77760206FE40ACF16B80FB68F0D" . (..) -- C:\WINDOWS\Installer\{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}\ARPPRODUCTICON.exe
~ Update Products: 14 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 8/4/2014 116648 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 8/4/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/11/2013 5132656 | (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des

SR - | Auto 8/4/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 6/8/2009 168004 | (nvsvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe

~ Services: Scanned in 00mn 03s



---\\ Scâner Aditional (088)
Database Version : 13044 - (9/4/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 3

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:PriceMeterW =>PUP.PriceMeter^
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security =>Adware.BDSearch^
C:\Documents and Settings\Administrador\Dados de aplicativos\PriceMeterUpdater =>PUP.PriceMeter^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 103837 Items scanned in 00mn 10s



---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.PriceMeter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Datamngr
~ MSI: 3 link(s) detected in 00mn 00s



~ 1072 Legitimates filtered by white list
End of the scan (548 lines in 00mn 40s)(0)

Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by Administrador at 9/4/2014 16:22:32
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\arquivos de programas\highlightly\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Highlightly]
ELIMINÉ: Mozilla Plugin: @t.garena.com/garenatalk
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}]
ELIMINÉ: CLSID Extra Buttons: {FB5F1910-F110-11d2-BB9E-00C04F795683}
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\PriceMeterUpdater
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: O50 - IFEO:Image File Execution Options - DatamngrCoordinator.exe - tasklist.exe

========== Valores do Registo ==========
ELIMINÉ: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
ELIMINÉ RunValue: PriceMeterW
ELIMINÉ RunValue: MSMSGS
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\documents and settings\all users\desktop\blackshot launcher.lnk
ELIMINÉ: c:\windows\tasks\060184c3-9766-46a0-b258-f4518a0b2633.job
ELIMINÉ: c:\windows\system32\drivers\hlnfd.sys
ELIMINÉ Temporários windows (138) (2.360.337 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
11 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\Administrador\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 9/4/2014 16:22:34 [2135]