Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 26 usuários online :: 0 registrados, 0 invisíveis e 26 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Hao123 e etc.
2 participantes
Página 1 de 1
Hao123 e etc.
Eai galera, eu estava no Yahoo respostas procurando ajuda e vim parar aqui, recentemente baixei o Daemon Tools e junto veio o maldito HAO123... o hao123 nao aparecia no painel de controle pra desinstalar , então, eu fiz alguns procedimentos como mudar o icone do google chrome, e etc. e ele sumiu do meu Google chrome...mas ainda continua no internet explorer.
Enfim, o problema central é que... meu google chrome esta abrindo paginas de diversas coisas, anuncios de jogos de naruto, de jogos de browser, mercados e TUDO MAIS, abriu até um chamado "Ricardo Eletros"(não gostei NADINHA disso) , essa coisa de abrir abas sozinho está me MATANDO, alguém pode me ajudar? eu passei o ADW Cleaner mas não sei se passei corretamente, preciso de ajuda!
Enfim, o problema central é que... meu google chrome esta abrindo paginas de diversas coisas, anuncios de jogos de naruto, de jogos de browser, mercados e TUDO MAIS, abriu até um chamado "Ricardo Eletros"(não gostei NADINHA disso) , essa coisa de abrir abas sozinho está me MATANDO, alguém pode me ajudar? eu passei o ADW Cleaner mas não sei se passei corretamente, preciso de ajuda!
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Olá Roullien
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute o AdwCleaner, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
*Salve qualquer trabalho aberto e feche o seu navegador
*Execute o AdwCleaner, clique [Examinar] e aguarde o término
*Clique [Limpar] e aguarde o término
*Caso seja solicitada a reinicialização do PC, clique [OK] para reiniciar.
*Cole o relatório C:\AdwCleaner\AdwCleaner[S0].txt
Re: Hao123 e etc.
- Spoiler:
- # AdwCleaner v3.010 - Report created 28/10/2013 at 21:03:08
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : liem - LIEM-PC
# Running from : C:\Users\liem\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freesofttoday
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\Plus-HD-1.6
Folder Deleted : C:\Users\liem\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\liem\AppData\Roaming\baidu
File Deleted : C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-chromeinstaller
File Deleted : C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-codedownloader
File Deleted : C:\Windows\Tasks\Plus-HD-1.6-enabler.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-enabler
File Deleted : C:\Windows\Tasks\Plus-HD-1.6-updater.job
File Deleted : C:\Windows\System32\Tasks\Plus-HD-1.6-updater
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0032002.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_baidu-antivirus_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_baidu-antivirus_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110311201102}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\FreeSoftToday
Key Deleted : HKLM\Software\Tutorials
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Google Chrome v30.0.1599.101
[ File : C:\Users\liem\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [5232 octets] - [28/10/2013 21:02:42]
AdwCleaner[S0].txt - [4889 octets] - [28/10/2013 21:03:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4949 octets] ##########
aqui está
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Smeenk)
*Extraia o arquivo Zoek.exe para o Desktop (Área de Trabalho)
*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Copie e cole as linhas em marrom no espaço do Zoek
autoclean;
emptyalltemp;
*Feche o seu navegador e clique [Run Script]
*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!
*Cole ou anexe o relatório C:\zoek-results.txt
*Extraia o arquivo Zoek.exe para o Desktop (Área de Trabalho)
*Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Copie e cole as linhas em marrom no espaço do Zoek
autoclean;
emptyalltemp;
*Feche o seu navegador e clique [Run Script]
*Durante o scan a mensagem abaixo será apresentada. Aguarde o término...pode demorar!
*Caso a reinicialização do PC seja solicitada, clique [OK]
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
*Cole ou anexe o relatório C:\zoek-results.txt
Re: Hao123 e etc.
- Spoiler:
- Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by liem on Mon 10/28/2013 at 21:56:52.10.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\liem\Desktop\zoek.exe [Script inserted]
==== System Restore Info ======================
10/28/2013 10:24:22 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted
C:\ProgramData\FileSplitUpLoad.dll deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
"C:\Users\liem\AppData\Roaming\Ubisoft" deleted
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[10/09/2013 11:59 AM]
Skype for Chromium - liem - Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome In-App Payments service - liem - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=brosoft_hp_hao123_br"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=brosoft_hp_hao123_br"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\liem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\liem\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\liem\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\liem\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Mon 10/28/2013 at 22:36:38.70 ======================
Aqui está os resultados ^^ , o problema continua.
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Clique com o botão direito do mouse no Zoek e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Copie e cole as linhas em marrom no espaço do Zoek
*Clique [Run Script]
*Durante o scan a mensagem abaixo será apresentada.
Informe se foi resolvido
*Copie e cole as linhas em marrom no espaço do Zoek
*Clique [Run Script]
*Durante o scan a mensagem abaixo será apresentada.
*Cole ou anexe o relatório C:\zoek-results.txt
Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
Informe se foi resolvido
Última edição por wings em Seg 28 Out 2013, 23:23, editado 1 vez(es)
Re: Hao123 e etc.
- Spoiler:
Zoek.exe Version 4.0.0.5 Updated 26-October-2013
Tool run by liem on Mon 10/28/2013 at 22:50:32.51.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\liem\Desktop\zoek.exe [Script inserted]
==== Older Logs ======================
C:\zoek-results2013-10-29-003638.log 4032 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br"
==== EOF on Mon 10/28/2013 at 22:51:05.34 ======================
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Baixe o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Oleg N. Scherbakov) e salve-o no Desktop (Área de Trabalho)
*Feche o seu navegador (Firefox, IE, Google Chrome)
*Clique com o botão direito do mouse no JRT e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Tecle [ENTER]
*Durante o scan os ícones do Desktop desaparecerão temporariamente
*Ao surgir a mensagem The scan completed succesfully, feche a janela e cole o relatório JRT.txt localizado no Desktop
Informe se foi resolvido
*Feche o seu navegador (Firefox, IE, Google Chrome)
*Clique com o botão direito do mouse no JRT e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Tecle [ENTER]
*Durante o scan os ícones do Desktop desaparecerão temporariamente
*Ao surgir a mensagem The scan completed succesfully, feche a janela e cole o relatório JRT.txt localizado no Desktop
Informe se foi resolvido
Re: Hao123 e etc.
- Spoiler:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 7 Ultimate x64
Ran by liem on Mon 10/28/2013 at 22:58:34.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322202202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322202202}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\baidu"
~~~ Chrome
Successfully deleted: [Folder] C:\Users\liem\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/28/2013 at 23:03:47.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Esse foi o resultado, enquanto o procedimento estava em ação, DO NADA abriu uma pagina com anuncio, e começou a baixar um arquivo, que cancelei, provavelmente obra dessa coisa que está no meu PC, vou editar esse post se tiver problemas com isso novamente.
Aparentemente resolvido, se passaram mais de 10 minutos e nada de anuncios, se eu tiver algum problema retorno, muito OBRIGADO ^^ !
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Execute o AdwCleaner, clique [Desinstalar] > [Sim]
Delete o Zoek e seu relatório C:\zoek-results.txt
Delete o JRT, seu relatório e a pasta C:\JRT
Um abraço...
Delete o Zoek e seu relatório C:\zoek-results.txt
Delete o JRT, seu relatório e a pasta C:\JRT
Um abraço...
Re: Hao123 e etc.
TÓPICO REABERTO
O tópico foi reaberto conforme solicitação do usuário via MP.
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Nicolas Coolman)
*Serão criados 2 ícones no Desktop
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Pesquisar] e aguarde o término
*Anexe o relatório ZHPDiag.txt criado no Desktop
O tópico foi reaberto conforme solicitação do usuário via MP.
Instale o [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (...de Nicolas Coolman)
*Serão criados 2 ícones no Desktop
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique [Pesquisar] e aguarde o término
*Anexe o relatório ZHPDiag.txt criado no Desktop
Re: Hao123 e etc.
- Spoiler:
- ~ Report of ZHPDiag v2013.10.28.74 - Nicolas Coolman (10/28/2013)
~ Launched by liem (10/29/2013 5:58:37 PM)
~ Web site address : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Free support forums for disinfection : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Translated by
~ Version State :
~ White List : Activate by program
~ Elevation of privilege : OK
~ User Account Control : Activate by user
---\\ Internet browsers
MSIE: Internet Explorer v10.0.9200.16721
GCIE: Google Chrome v30.0.1599.101 (Defaut)
---\\ Windows product information
~ Langage: Anglais
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : Absent (Not found)
Windows ID Activation : Inconnue (Unknown)
Windows Licence : Inconnue (Unknown)
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ System protection software
Windows Defender W7
---\\ System optimization software
CCleaner v4.07 =>Piriform Ltd
---\\ Sharing software PeerToPeer
Pando Media Booster v2.6.0.7
---\\ Surveillance software
Adobe Flash Player 11 ActiveX
---\\ Information on the system
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4078.6 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 352 GB (75%) free of 466 GB
---\\ Connection to the system mode
~ Computer Name: LIEM-PC
~ User Name: liem
~ All Users Names: UpdatusUser, liem, Guest, Administrator,
~ Unselected Option: O45,O61,O62,O65,O66,O80,O82,O89
Logged in as Administrator
---\\ Environment variables
~ System Unit : C:\
~ %AppZHP% : C:\Users\liem\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\liem\AppData\Roaming\
~ %Desktop% : C:\Users\liem\Desktop\
~ %Favorites% : C:\Users\liem\Favorites\
~ %LocalAppData% : C:\Users\liem\AppData\Local\
~ %StartMenu% : C:\Users\liem\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeration of the disk units
C: Hard drive, Flash drive, Thumb drive (Free 352 Go of 466 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Not Inserted)
F: Floppy drive, Flash card reader, USB Key (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: CD-ROM drive (Not Inserted)
---\\ State of the Windows Security Center
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn AMs
---\\ Search Generic System Files
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.2/25/2011 - 3:19:30 AM.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.7/13/2009 - 10:39:52 PM.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.10/17/2013 - 12:03:50 AM.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.11/20/2010 - 10:25:30 AM.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.11/20/2010 - 10:27:26 AM.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.9/13/2013 - 10:10:19 PM.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.7/13/2009 - 10:52:21 PM.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.7/13/2009 - 8:19:47 PM.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.11/20/2010 - 6:19:21 AM.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.11/20/2010 - 6:26:32 AM.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.11/20/2010 - 7:43:43 AM.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.7/13/2009 - 8:19:57 PM.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.7/13/2009 - 9:10:03 PM.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.4/26/2011 - 11:40:40 PM.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.11/20/2010 - 6:23:20 AM.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.4/12/2013 - 11:45:08 AM.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.7/13/2009 - 9:00:41 PM.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.11/20/2010 - 7:52:35 AM.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.11/20/2010 - 8:06:41 AM.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.7/13/2009 - 9:09:09 PM.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.11/20/2010 - 6:21:56 AM.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.11/20/2010 - 10:34:02 AM.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 01mn AMs
---\\ Hidden files state (Hidden/Total)
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 1/13
~ Mon Bureau (My Desktop) : 1/92
~ Menu demarrer (Programs) : 1/34
~ Hidden Files: Scanned in 00mn AMs
---\\ Process running
[MD5.0F4F5BE778FC02CB603B4C9DE6140B0D] - (...) -- C:\Users\liem\AppData\Local\fst_br_5\upfst_br_5.exe [3154416] [PID.3608]
[MD5.A2AE6A21DD3A19338684C2A0428D32FC] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe [2761760] [PID.3716]
[MD5.5897D901DBAD0199257F0BF6EA1CEF17] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384] [PID.3724]
[MD5.828ED0940B00A441855273D16BD6CFFC] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\liem\AppData\Roaming\uTorrent\uTorrent.exe [1141328] [PID.3744] =>P2P.BitTorrent
[MD5.BD9D6F36AFF6F4006860E0607D02113B] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [692072] [PID.3796]
[MD5.C60F349DFFAC62769146209114A3A2ED] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PcfTray.exe [1940160] [PID.3812]
[MD5.4738C575ABFF16382F0EC44B6BCB48F6] - (...) -- C:\Program Files (x86)\fst_br_5\fst_br_5.exe [3993072] [PID.3608]
[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752] [PID.4924]
[MD5.3B605772669BDFD6DC266B9320E87B45] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8143872] [PID.4012]
[MD5.983D32FD0A38AC45E80480B5D4D29008] - (.Electronic Arts - Origin.) -- C:\Program Files (x86)\Origin\Origin.exe [3561816] [PID.4108]
[MD5.A9D26626BEADF5A0641BF6B5095EF309] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [414496] [PID.780]
[MD5.318E8D14C68014479BB4EC99FC9D17EB] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [1830208] [PID.1936]
[MD5.D2EE89D00B495499025A434F1334837F] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [451224] [PID.1980]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.2028]
[MD5.C98F28448B8A2488B499657C396EF3A0] - (.NVIDIA Corporation - NVIDIA Settings Update Manager.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [1914656] [PID.2196]
[MD5.B8922A1663E016BA21AF78E041FCF31A] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PCFasterSvc.exe [647664] [PID.2224]
[MD5.205E1B699FD3F2F9B036EEA2EC30C620] - (...) -- C:\Windows\SysWOW64\PnkBstrA.exe [76888] [PID.2284]
[MD5.9F712B26EE3B0242DE997A42FD302E2C] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136] [PID.2552]
[MD5.ADA29CA7063D21B930B2A3263CD17F1C] - (.BatBrowse - BatBrowse.) -- C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe [65824] [PID.2908]
~ Processes Running: Scanned in 00mn AMs
---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2)
C:\Users\liem\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [dchmpbaclbiioedakpcldenooikekokm] Nova Guia v.9.4.1.1 (Désactivé)
~ Google Browser: 14 Legitimates Filtered in 09mn AMs
---\\ Internet Explorer, Proxy Management (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn AMs
---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn AMs
---\\ Hosts file redirection (O1)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn AMs
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects (O2)
O2 - BHO: BatBrowse [64Bits] - {b67b3dbb-c1c9-49d2-b016-2748b0b5017e} . (.BatBrowse - BatBrowse.) -- C:\Program Files (x86)\BatBrowse\BatBrowsebho.dll
~ BHO: 1 Legitimates Filtered in 00mn AMs
---\\ Other User Links (O4)
O4 - GS\Desktop [Public]: Baidu Antivirus.lnk . (.Baidu, Inc. - Bav.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
O4 - GS\Desktop [Public]: Battlefield 3.lnk . (.EA Digital Illusions CE AB - Battlefield 3™.) -- C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [UpdatusUser]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [liem]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [liem]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [liem]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\QuickLaunch [liem]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\liem\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [liem]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [liem]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [liem]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [liem]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
~ Global Startup: 61 Legitimates Filtered in 03mn AMs
---\\ Auto loading programs from Registry and folders (O4)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [ShadowPlay] . (.NVIDIA Corporation - NVIDIA Capture Server Proxy.) -- C:\Windows\system32\nvspcap64.dll
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\liem\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 3.7.0.0] . (.Baidu Inc. - Baidu PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PCFaster.exe
O4 - HKLM\..\Wow6432Node\Run: [Baidu Antivirus] . (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
O4 - HKLM\..\Wow6432Node\Run: [fst_br_5] . (...) -- C:\Program Files (x86)\fst_br_5\fst_br_5.exe
O4 - HKLM\..\Wow6432Node\RunOnce: [upfst_br_5.exe] . (...) -- C:\Users\liem\AppData\Local\fst_br_5\upfst_br_5.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-158929474-4064236765-1866867562-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\liem\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn AMs
---\\ Extra buttons on main IE button toolbar, or extra items in IE 'Tools' menu (O9)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn AMs
---\\ Site in Trusted Zone (O15)
O15 - Trusted Zone: [HKCU\...\Domains] *.clonewarsadventures.com
O15 - Trusted Zone: [HKCU\...\Domains] *.freerealms.com
O15 - Trusted Zone: [HKCU\...\Domains] *.soe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sony.com
~ IE Zone Confiance: Scanned in 00mn AMs
---\\ Lop.com/Domain Hijackers (O17)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F871E73-662E-4472-BC22-5447ADEB77D1}: DhcpNameServer = 200.204.0.10 192.168.0.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F871E73-662E-4472-BC22-5447ADEB77D1}: DhcpNameServer = 200.204.0.10 192.168.0.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F871E73-662E-4472-BC22-5447ADEB77D1}: DhcpNameServer = 200.204.0.10 192.168.0.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.204.0.10 192.168.0.3
~ Domain: Scanned in 00mn AMs
---\\ Extra protocols (O18)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn AMs
---\\ Non Microsoft non disabled Windows XP/NT/2000 Services (O23)
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PCFasterSvc.exe
O23 - Service: Update BatBrowse (Update BatBrowse) . (.BatBrowse - BatBrowse.) - C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe
~ Services: 12 Legitimates Filtered in 04mn AMs
---\\ Task Planned Automatically (039)
[MD5.6C71B2AD68E09E45A731D6D3C34336A1] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe [2267800]
[MD5.51C3655A9F94C33B2CFC0360AB9436AF] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\Updater.exe [989168]
[MD5.00000000000000000000000000000000] [APT] [{F3AA3B75-E8C1-4BAD-85AD-6F5BD636DF98}] (...) -- H:\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{F5C87D61-F8BE-42E9-B4BA-3C3FDBF0F9CA}] (...) -- C:\Program Files (x86)\Plus-HD-1.6\Uninstall.exe (.not file.) [0] =>Adware.PlusHD
~ Scheduled Task: 12 Legitimates Filtered in 04mn AMs
---\\ Drivers launched at startup (O41)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (BprotectEx) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\BprotectEx.sys
~ Drivers: 78 Legitimates Filtered in 00mn AMs
---\\ Software installed (O42)
O42 - Logiciel: Baidu PC Faster - (.Baidu, Inc..) [HKLM][64Bits] -- Baidu PC Faster 3.7.0.0
O42 - Logiciel: BatBrowse 1.0.0 - (.BatBrowse.) [HKLM][64Bits] -- BatBrowse
O42 - Logiciel: fst_br_5 - (.Freesofttoday.) [HKLM][64Bits] -- fst_br_5_is1 =>Adware.FreeSoftToday
~ Logic: 35 Legitimates Filtered in 00mn AMs
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\BatBrowse]
[HKCU\Software\Behold Studios]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\Pando Networks]
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\BatBrowse]
[HKLM\Software\Wow6432Node\Pando Networks]
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
~ Key Software: 121 Legitimates Filtered in 00mn AMs
---\\ Contents of the Common Files folders (O43)
O43 - CFD: 10/14/2013 - 10:16:21 AM - [248.876] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 10/29/2013 - 1:13:28 PM - [0.995] ----D C:\Program Files (x86)\BatBrowse
O43 - CFD: 10/28/2013 - 9:10:48 AM - [8.182] ----D C:\Program Files (x86)\fst_br_5
O43 - CFD: 10/15/2013 - 1:40:37 PM - [7.182] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 10/29/2013 - 12:25:16 PM - [0.000] ----D C:\ProgramData\Baidu
O43 - CFD: 10/14/2013 - 3:20:01 AM - [575.391] ----D C:\ProgramData\Baidu Security
O43 - CFD: 10/14/2013 - 3:18:34 AM - [0.000] ----D C:\Users\liem\AppData\Roaming\Baidu Security
O43 - CFD: 10/29/2013 - 5:56:10 PM - [6.372] ----D C:\Users\liem\AppData\Local\fst_br_5
O43 - CFD: 10/14/2013 - 3:19:55 AM - [0.004] ----D C:\Users\liem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Baidu PC Faster
~ Program Folder: 109 Legitimates Filtered in 09mn AMs
---\\ Last modified or created files under Windows and System32 (O44)
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 10/15/2013 - 4:24:30 PM ---A- . (...) -- C:\Windows\SysNative\RacRules.xml [105559]
O44 - LFC:[MD5.C236A8735A48B165A2A7724357DBE332] - 10/15/2013 - 4:24:30 PM ---A- . (...) -- C:\Windows\System32\RacRules.xml [105559]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/15/2013 - 4:24:50 PM ---A- . (...) -- C:\Windows\SysNative\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - 10/15/2013 - 4:24:50 PM ---A- . (...) -- C:\Windows\System32\ScavengeSpace.xml [10429]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 10/15/2013 - 4:26:47 PM ---A- . (...) -- C:\Windows\SysNative\systemsf.ebd [347904]
O44 - LFC:[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - 10/15/2013 - 4:26:47 PM ---A- . (...) -- C:\Windows\System32\systemsf.ebd [347904]
O44 - LFC:[MD5.53FDA4AF81E7C4895357A50E848B7CFE] - 10/15/2013 - 4:27:02 PM ---A- . (.No owner - RemoteFX Helper.) -- C:\Windows\SysNative\RDVGHelper.exe [95744]
O44 - LFC:[MD5.53FDA4AF81E7C4895357A50E848B7CFE] - 10/15/2013 - 4:27:02 PM ---A- . (.No owner - RemoteFX Helper.) -- C:\Windows\System32\RDVGHelper.exe [95744]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 10/17/2013 - 12:03:50 AM ---A- . (...) -- C:\Windows\SysNative\ieuinit.inf [25185]
O44 - LFC:[MD5.1FF56AC32B38A94C3C88497BD6E00C96] - 10/17/2013 - 12:03:50 AM ---A- . (...) -- C:\Windows\System32\ieuinit.inf [25185]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 10/23/2013 - 5:20:03 AM ---A- . (...) -- C:\Windows\SysNative\nvcoproc.bin [3426956]
O44 - LFC:[MD5.5CD98806151EE8633505CEF3A5AEF4E1] - 10/23/2013 - 5:20:03 AM ---A- . (...) -- C:\Windows\System32\nvcoproc.bin [3426956]
O44 - LFC:[MD5.8C5B59A8C7880CFA51D8B4D2BD1679C9] - 10/23/2013 - 7:30:23 AM ---A- . (...) -- C:\Windows\SysNative\nvinfo.pb [23287]
O44 - LFC:[MD5.8C5B59A8C7880CFA51D8B4D2BD1679C9] - 10/23/2013 - 7:30:23 AM ---A- . (...) -- C:\Windows\System32\nvinfo.pb [23287]
O44 - LFC:[MD5.5A932986DC0FB3B80E1F6FA66D6AFA90] - 10/26/2013 - 11:12:24 AM --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [28544]
O44 - LFC:[MD5.5A932986DC0FB3B80E1F6FA66D6AFA90] - 10/26/2013 - 11:12:24 AM --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [28544]
O44 - LFC:[MD5.5A932986DC0FB3B80E1F6FA66D6AFA90] - 10/26/2013 - 11:12:24 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [28544]
O44 - LFC:[MD5.5A932986DC0FB3B80E1F6FA66D6AFA90] - 10/26/2013 - 11:12:24 AM --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [28544]
O44 - LFC:[MD5.8DDBD2DCD8F87960ACA649F30841318C] - 10/29/2013 - 4:58:58 PM ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [146282]
O44 - LFC:[MD5.B05784F8D3F353B68859218530E4CA8F] - 10/29/2013 - 4:58:58 PM ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [711500]
O44 - LFC:[MD5.8DDBD2DCD8F87960ACA649F30841318C] - 10/29/2013 - 4:58:58 PM ---A- . (...) -- C:\Windows\System32\prfc0416.dat [146282]
O44 - LFC:[MD5.B05784F8D3F353B68859218530E4CA8F] - 10/29/2013 - 4:58:58 PM ---A- . (...) -- C:\Windows\System32\prfh0416.dat [711500]
~ Files: 1748 Legitimates Filtered in 45mn AMs
---\\ MountPoints2 Shell Key (MPKS) (O51)
O51 - MPSK:{796e77c4-3f21-11e3-b322-c89cdc491d1d}\AutoRun\command. (...) -- H:\Setup.exe (.not file.)
O51 - MPSK:{796e77d1-3f21-11e3-b322-c89cdc491d1d}\AutoRun\command. (...) -- H:\Setup.exe (.not file.)
~ Keys: Scanned in 00mn AMs
---\\ Microsoft Windows Policies System (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn AMs
---\\ Microsoft Windows Policies Explorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn AMs
---\\ System Drivers List (SDL) (O58)
O58 - SDL:[MD5.13A2519AA829149C5092527D8229DDF6] - 8/12/2013 - 4:17:22 PM ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [50496]
~ Drivers: 18 Legitimates Filtered in 00mn AMs
---\\ List all tools cleaner (LATC) (O63)
O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn AMs
---\\ List all legacy services(LALS) (O64)
O64 - Services: CurCS - 8/20/2013 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 8/12/2013 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 8/12/2013 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 8/20/2013 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 9/3/2013 - C:\Windows\system32\drivers\BprotectEx.sys (BprotectEx) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BPROTECTEX
O64 - Services: CurCS - 9/2/2013 - C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
~ Legacy: 71 Legitimates Filtered in 00mn AMs
---\\ File Associations Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 19 Legitimates Filtered in 00mn AMs
---\\ Start Menu Internet (SMI) (O68)
O68 - StartMenuInternet:[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet:[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn AMs
---\\ Search Browser Infection (SBI) (O69)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn AMs
---\\ Search Particular Root Folder (SPRF) (O84)
[MD5.84D280E42F3A337BF993023A9B3C0437] [SPRF][10/29/2013] (.Setup © - Setup.) -- C:\Users\liem\AppData\Local\Temp\16414uninstall.exe [274944]
[MD5.CCB4B65E042419F47A42397D452CC957] [SPRF][10/29/2013] (...) -- C:\Users\liem\AppData\Local\Temp\ICReinstall_adwcleaner-3-0-10-es-en-win-setup.exe [604760]
[MD5.5405413FFF79B8D9C747AA900F60F082] [SPRF][10/29/2013] (...) -- C:\Users\liem\AppData\Local\Temp\Sqlite3.dll [599419]
[MD5.54EFF6AB8E8C0A1672E6DB094611CDCA] [SPRF][10/14/2013] (.Gabest - Media Player Classic.) -- C:\Users\liem\Desktop\mplayerc.exe [5689344]
~ Files: 6 Legitimates Filtered in 00mn AMs
---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped)
SS - | Demand 10/20/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SR - | Auto 9/24/2013 1830208 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
SR - | Auto 9/24/2013 451224 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
SS - | Auto 10/28/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/28/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SR - | Auto 10/17/2013 15122208 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 10/23/2013 922912 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 10/17/2013 1914656 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 9/11/2013 647664 | (PCFasterSvc_{PCFaster_3.7.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\3.7.2.44568\PCFasterSvc.exe
SR - | Auto 7/10/1658 0 | (PnkBstrA) . (...) - C:\Windows\system32\PnkBstrA.exe
SR - | Auto 10/9/2013 3275136 | (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SS - | Auto 9/5/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 10/8/2013 565672 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
SR - | Auto 10/23/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 10/22/2013 65824 | (Update BatBrowse) . (.BatBrowse.) - C:\Program Files (x86)\BatBrowse\updateBatBrowse.exe
SR - | Auto 7/13/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 7/10/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 7/13/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 07mn AMs
---\\ Scan Additionnel (O88)
Database Version : 12960 - (10/28/2013)
Clés trouvées (Keys found) : 6
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 2
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_5_is1] =>Adware.FreeSoftToday^
[HKLM\Software\Microsoft\Internet Explorer\extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] =>Toolbar.Skype
[HKCU\Software\Tutorials] =>Spyware.AgenceExclusive
[HKLM\Software\Wow6432Node\Tutorials] =>Spyware.AgenceExclusive
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220322202202}] =>PUP.CrossRider
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\ProgramData\Baidu =>Adware.BDSearch
C:\Users\liem\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
[HKCU\Software\freesofttoday] =>Adware.FreeSoftToday^
~ Additionnel Scan: 165271 Items scanned in 10mn AMs
---\\ Summary of the detections found on your workstation
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.PlusHD
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.FreeSoftToday
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Spyware.AgenceExclusive
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Skype
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CrossRider
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 7 link(s) detected in 10mn AMs
~ 2582 Legitimates filtered by white list
End of the scan (469 lines in 47mn AMs)(0)
Aqui esta.
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
Baixe o arquivo fix.txt e salve-o no Desktop
*Selecione e copie todo o seu conteúdo
*Execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique Importação
*Clique [Go] > [Oui] > [Oui]
*Caso seja solicitada a reinicialização do PC, clique [OK] e reinicie o PC
*Cole o relatório ZHPFixReport.txt criado no Desktop
Informe se o problema ainda persiste
*Selecione e copie todo o seu conteúdo
*Execute o [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Clique Importação
*Clique [Go] > [Oui] > [Oui]
*Caso seja solicitada a reinicialização do PC, clique [OK] e reinicie o PC
*Cole o relatório ZHPFixReport.txt criado no Desktop
Informe se o problema ainda persiste
Re: Hao123 e etc.
Caro Wings, fui no painel de controle e achei um programa estranho, bat browser, e outro programa, desinstalei os dois, pareciam malware, estou a umas 2 horas no PC e NADA de anuncio, fui tomar banho e NADA de anuncio, creio que tenha sido resolvido.
Roullien- Iniciante
- Mensagens : 7
Reputação : 1
Data de inscrição : 28/10/2013
Re: Hao123 e etc.
CASO RESOLVIDO
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o(a) autor(a) do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Tópicos semelhantes
» remoção de websearches hao123
» como remover Hao123
» hao123 como excluir completamente???
» sweet page, hao123 e baidu... meu PC está lento
» como remover Hao123
» hao123 como excluir completamente???
» sweet page, hao123 e baidu... meu PC está lento
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|