Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 19 usuários online :: 0 registrados, 0 invisíveis e 19 visitantes :: 1 motor de buscaNenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Baidu Remoção
2 participantes
Página 1 de 1
Baidu Remoção
por Aline Angélica Ter 11 Mar 2014, 17:57
Olá, boa tarde.
Já vi vários tópicos aqui sobre o Baidu, mas admito que sozinha não estou conseguindo removê-lo.
Eu instalei o ADWCleaner e o executei, ele removeu vários arquivinhos chatos e o único que continuou foi o Baidu. Enfim, agora baixei o Zoek, mas não sei bem como usá-lo.
Desculpe incomodá-los novamente com isso, tenho certeza que já estão cansados de responder sobre esse problema. Mas, Vocês poderiam me ajudar?
Obrigada.
Já vi vários tópicos aqui sobre o Baidu, mas admito que sozinha não estou conseguindo removê-lo.
Eu instalei o ADWCleaner e o executei, ele removeu vários arquivinhos chatos e o único que continuou foi o Baidu. Enfim, agora baixei o Zoek, mas não sei bem como usá-lo.
Desculpe incomodá-los novamente com isso, tenho certeza que já estão cansados de responder sobre esse problema. Mas, Vocês poderiam me ajudar?
Obrigada.
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Ter 11 Mar 2014, 18:13
Oi Aline. Seja bem vinda ao Fórum PC Brasil. Poste aqui no seu tópico o relatório do AdwCleaner.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Baidu Remoção
por Aline Angélica Ter 11 Mar 2014, 18:15
Oi, então. Acho que me apressei um pouco e acabei passando o Zoek. Rs.
Vou enviar então o Log do Zoek ok? Não sei se fiz certo, mas enfim:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Luna Bugatti on 11/03/2014 at 17:35:14,93.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
11/03/2014 17:37:59 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\McAfee deleted successfully
C:\Users\Luna Bugatti\AppData\Roaming\Google deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Luna Bugatti\daemonprocess.txt deleted
C:\Users\Luna Bugatti\.android deleted
C:\Users\Luna Bugatti\AppData\Roaming\freegames111 deleted
C:\Users\Luna Bugatti\AppData\Roaming\speedtest4354 deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Baidu deleted
C:\Users\Luna Bugatti\AppData\Local\cache deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\windows\SysNative\tasks\bench-S-1-5-21-496720758-2715497450-824948769-1001 deleted
C:\Windows\tasks\bench-S-1-5-21-496720758-2715497450-824948769-1001.job deleted
C:\Windows\tasks\bench-Updater removing.job deleted
C:\Users\Public\Documents\AlawarWrapper deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-03-11 18:09:03 48A77273E8C545DCB70EEE3866CD2123 135 ----a-w- C:\Windows\AutoKMS.ini
2014-03-11 18:09:03 0ED398A4D031B9CFB10E3FEDF97AD836 614400 ----a-w- C:\Windows\AutoKMS.exe
====== C:\Users\LUNABU~1\AppData\Local\Temp ====
2014-03-11 17:02:05 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6361\s6361.exe
2014-03-11 16:41:00 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2230\s2230.exe
2014-03-07 20:45:41 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2932\s2932.exe
2014-03-07 20:36:55 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n1211\s1214.exe
2014-03-06 22:10:33 E6633716EE2AC06BCB4A58FF993015F3 155976 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\instup.exe
2014-03-06 22:10:32 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\pingeaqc.sys
2014-03-06 22:10:32 DC730F5EA07F8CE98E49BBBD110EAA14 3167112 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\HTMLayout.dll
2014-03-06 22:10:31 D11625C81FB88DC8A607BB9D76920A3D 2966792 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\aswOfferTool.exe
2014-03-06 22:10:31 BCDEA07CD91EF85BBCC869DF4906C8C1 7201640 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\Instup.dll
2014-03-06 22:10:29 B8FA402B238DB49C35CAF711D5BC9843 1093216 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\avBugReport.exe
2014-03-06 21:41:06 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6556\ins6556.exe
2014-03-06 21:05:05 6D1DAD6437B0AD404D7D6168D52188A5 18605480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
2014-03-06 21:04:24 7BA42AA291589414F3526DD4768081BD 1569312 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\n8924\PCFaster_1402-90ab5d89.exe
2014-03-03 18:33:38 488AB9E11C6D560EC43141366AADFC4C 6296752 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\SPSetup.exe
2014-03-02 20:39:04 0B8986DA46793D5412C94681E05A13AE 918016 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-16 20:58:24 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-02-16 20:43:09 961A45CC15514178E511BBF1384CE0B8 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys
====== C:\Windows\Tasks ======
2014-03-11 18:09:04 EE81BF5EA48B7C424EBCF0C04FA6202E 2450 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS
2014-03-11 18:09:03 5B19ECAAB32DA34F3512C963EA50B558 238 ----a-w- C:\Windows\Tasks\AutoKMS.job
2014-03-11 17:27:31 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
2014-03-06 21:04:30 13213117F92DF0726D22BC5DF3C52A41 3100 ----a-w- C:\Windows\Sysnative\Tasks\View Password Update
2014-03-06 21:04:29 C041B61AC67E25E5C4F60EA3690969F9 446 ----a-w- C:\Windows\Tasks\View Password Update.job
2014-03-06 21:04:25 935441F7C0C9CA2D65D79DFFE7C348FE 3044 ----a-w- C:\Windows\Sysnative\Tasks\View Password_wd
2014-03-06 21:04:24 EC5D9338E949935EF00113740A1F5196 450 ----a-w- C:\Windows\Tasks\View Password_wd.job
2014-03-05 11:17:02 CC36084DE9D623CC5B41E20C9E6926AE 3544 ----a-w- C:\Windows\Sysnative\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-11 17:25:17 -------- d-----w- C:\Program Files\Microsoft Office
2014-03-07 17:41:18 -------- d-----w- C:\Program Files\office.tmp
======= C:\PROGRA~2 =====
2014-03-11 17:31:36 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-03-11 17:24:39 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services
2014-03-11 17:22:27 -------- d-----w- C:\PROGRA~2\Microsoft Office
2014-03-11 17:03:05 -------- d-----w- C:\PROGRA~2\VS Revo Group
2014-03-07 17:20:38 -------- d-----w- C:\PROGRA~2\Microsoft SkyDrive
2014-03-07 16:46:54 -------- d-----w- C:\PROGRA~2\WinRAR
2014-03-06 21:04:22 -------- d-----w- C:\PROGRA~2\View-Password-soft
======= C: =====
2014-02-28 14:13:23 1E4A1B03D1B6CD8A174A826F76E009F4 16 ----a-w- C:\InjectIntoProcess crash
====== C:\Users\Luna Bugatti\AppData\Roaming ======
2014-03-11 17:23:02 -------- d-----w- C:\Users\Luna Bugatti\AppData\Local\Microsoft Help
2014-03-11 17:03:05 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2014-03-07 18:28:26 -------- d-----w- C:\Users\Luna Bugatti\AppData\Local\Akamai
2014-03-07 16:47:36 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\WinRAR
2014-03-07 16:47:04 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-16 03:04:59 -------- d-----w- C:\Users\Luna Bugatti\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
====== C:\Users\Luna Bugatti ======
2014-03-11 20:03:20 0E46611DBBD6E6B94E1AF709F6A6CEFC 1949184 ----a-w- C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
2014-03-11 18:25:50 -------- d-----w- C:\Users\Luna Bugatti\SyncFolder
2014-03-11 17:33:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-03-11 17:22:23 -------- d-----w- C:\Users\TODOSO~1\Microsoft Help
2014-03-11 17:22:23 -------- d-----w- C:\ProgramData\Microsoft Help
2014-03-07 17:20:05 -------- d-----w- C:\Users\TODOSO~1\Microsoft SkyDrive
2014-03-07 17:20:05 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2014-03-07 16:47:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-06 22:17:18 -------- d-----w- C:\Users\TODOSO~1\Google
2014-03-06 22:17:18 -------- d-----w- C:\ProgramData\Google
2014-03-06 21:42:05 99EC56CB45237A16F36AB97D40F4C73E 87640360 ----a-w- C:\Users\Luna Bugatti\Desktop\avast_free_antivirus_setup.exe
2014-02-16 03:00:03 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2014-02-16 03:00:03 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\ProgramData\ntuser.pol
====== C: exe-files ==
2014-03-11 20:03:20 0E46611DBBD6E6B94E1AF709F6A6CEFC 1949184 ----a-w- C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
2014-03-11 19:24:38 A8B3E64FBDB2E23D6DD21C69D13FD9A6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$ITSWIJ9.exe
2014-03-11 19:24:38 A6F66E7E82C403E061AE26C2410E4FB1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IBRD4RW.exe
2014-03-11 19:23:23 A888D01894D938477911B94E307639D5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I6PSHIH.exe
2014-03-11 19:23:23 2C6B56693A675F7986DAF583F0B87A9F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IRAR79M.exe
2014-03-11 18:35:37 3B940CEE0459674DBE1A297E1086EF4B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IKKVQZV.exe
2014-03-11 18:15:29 6F16484998F783115F4E1318EA7F707E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IS8REJ3.exe
2014-03-11 18:10:56 0308A228BFABCEF3CD1C8BEE8BAA9E09 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IUYD9KT.exe
2014-03-11 18:10:45 9C05B494B787A0A5B4CCDC00FF290FDB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IDEG0EC.exe
2014-03-11 18:10:45 34C9FCAA5061CB8AF728F57ADE3962C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVXGQPP.exe
2014-03-11 18:10:25 F5F1BED22D21CD7724E89784A8FFF9E5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IXRDWJF.exe
2014-03-11 18:10:25 925F60F70324FA315CF28F24388E6D95 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVJRL5K.exe
2014-03-11 18:10:25 56C8B959CF9872E6A4F112F0C167DF59 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I2V6BGH.exe
2014-03-11 17:10:31 3FC89C942B905CCE58D3A46A5B8E83A1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IUW2WPI.exe
2014-03-11 17:03:08 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2014-03-11 17:02:54 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RS8REJ3.exe
2014-03-11 17:02:05 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6361\s6361.exe
2014-03-11 17:01:55 D317A5705CAAE3994BC90105E14450A2 300776 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVJRL5K.exe
2014-03-11 16:45:48 CF973E3CC9F47B5B2E3305F8B17071EB 15823872 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R4NYTCY.br\Office 2010 Toolkit.exe
2014-03-11 16:45:00 F3340C3B335BFAC8893DD2FECB653EF0 135632 ----a-w- C:\Program Files (x86)\WinRAR\Uninstall.exe
2014-03-11 16:45:00 ECE8AF6A140F74CE0CCF17AF8C20735B 305616 ----a-w- C:\Program Files (x86)\WinRAR\UnRAR.exe
2014-03-11 16:45:00 94443859A79BA90AB966A56152FFE367 488912 ----a-w- C:\Program Files (x86)\WinRAR\Rar.exe
2014-03-11 16:45:00 09D45BC9221A9EE375D4AADE51AF726D 1238480 ----a-w- C:\Program Files (x86)\WinRAR\WinRAR.exe
2014-03-11 16:44:37 E86BA4122DA9E466C80ED38ADBAE0F5C 1764632 ----a-w- C:\Users\Luna Bugatti\Downloads\Programas Download\wrar501.exe
2014-03-11 16:42:01 510990E49318F60F1284EDFCCEDC8245 31016848 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RUW2WPI.exe
2014-03-11 16:41:00 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2230\s2230.exe
2014-03-11 16:40:42 B648F68E1AA843457FAC792EABAF9E57 300776 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R2V6BGH.exe
2014-03-11 16:38:45 2FBCFD6502B8DABD6D83F12BB0026333 167528 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RUYD9KT.exe
2014-03-11 16:26:48 67B68615388946ED1940E9BB100EFC14 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I02BC4U.exe
2014-03-07 20:45:41 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2932\s2932.exe
2014-03-07 20:45:24 1993699DDFA684BBDB8579155F0B2D10 300264 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RDEG0EC.exe
2014-03-07 20:38:42 88B44DC12A53840A787C08E14A964E28 4194304 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R02BC4U.exe
2014-03-07 20:36:55 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n1211\s1214.exe
2014-03-07 20:33:21 BD04C8AD7799268D3548D8004F7A17D2 300264 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVXGQPP.exe
2014-03-06 22:10:33 E6633716EE2AC06BCB4A58FF993015F3 155976 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\instup.exe
2014-03-06 22:10:31 D11625C81FB88DC8A607BB9D76920A3D 2966792 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\aswOfferTool.exe
2014-03-06 22:10:29 B8FA402B238DB49C35CAF711D5BC9843 1093216 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\avBugReport.exe
2014-03-06 21:46:54 DD4F6772674BF73C44DA7BA243217763 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$ITB3Z1M.exe
2014-03-06 21:46:48 70E1733885FA423935A0DD78C1067740 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IO7NWFU.exe
2014-03-06 21:42:05 99EC56CB45237A16F36AB97D40F4C73E 87640360 ----a-w- C:\Users\Luna Bugatti\Desktop\avast_free_antivirus_setup.exe
2014-03-06 21:41:06 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6556\ins6556.exe
2014-03-06 21:08:10 446AF151B600F919B0C9B9BBEB2928BF 299240 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RTB3Z1M.exe
2014-03-06 21:05:05 6D1DAD6437B0AD404D7D6168D52188A5 18605480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
2014-03-06 21:04:24 7BA42AA291589414F3526DD4768081BD 1569312 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\n8924\PCFaster_1402-90ab5d89.exe
2014-03-06 21:04:21 7660B5ADF77FFD06F0A5224F8DE7AF9E 164427 ----a-w- C:\Program Files (x86)\View-Password-soft\Uninstall.exe
2014-03-06 21:04:21 34E55CCCCAFC74AC8FACA8DCBFDE24D3 93184 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
2014-03-06 21:04:21 1988369D87BC0A36753766267C30B297 195072 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe
2014-03-06 21:01:24 72C47C06258A34F3F649C304D52BA25A 299240 ----a-w- C:\Users\Luna Bugatti\Downloads\Programas Download\Avast! Free Antivirus.exe
2014-03-05 18:51:46 D2C9D8BB8C3852480B8344FBC41B3C54 60480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KD8DN0C1\yet_another_cleaner_ash[1].exe
2014-03-05 18:51:32 FF2E369C855034B69B0646A50C9BDEBC 313920 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE75AFEP\yet_another_cleaner_ash[1].exe
=== C: other files ==
2014-03-11 18:12:29 D728622F132E27F796BE9DDD41582B7A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVL31K9.zip
2014-03-11 16:52:56 3DC193C2B5E62A2350D12A94EDB306D2 140626 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\OfficeUninstaller\UninstallOffice2010.vbs
2014-03-11 16:43:25 7F08CF0B93908EFA1193B3E57F0B2DCE 2497745 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVL31K9.zip
2014-03-07 00:12:46 D13A88CA51202A49207C4D7CD8186DB0 608268 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\scoped_dir_4032_14292\aswWebRepChrome.crx
2014-03-06 22:10:32 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\pingeaqc.sys
2014-03-06 21:04:22 AE0A6D7EFA143AEE6683E216E8083AF9 15708 ----a-w- C:\Program Files (x86)\View-Password-soft\155.xpi
2014-03-05 19:45:21 844B86762F1CE9E8EBA7A838634F38FA 3643698 ----a-w- C:\Users\Luna Bugatti\Downloads\Material da aula de Publicidade e Proganda.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartProtect"="C:\ProgramData\SmartProtect\SmartProtect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Baidu Antivirus"="C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe -auto"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartProtect"="C:\ProgramData\SmartProtect\SmartProtect.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Deskmedia"="C:\Positivo\Deskmedia\GerenciadorLocal.exe"
"Posibar"="C:\Positivo\Deskmedia\Posibar.exe"
"StartUpManagerPositivo"="C:\Program Files\Positivo Inform tica\Mundo Positivo Gerenciador de Inicializa‡Æo\ManagerWindows.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/01/2014 21:51]
C:\Windows\tasks\AutoKMS.job --a-------- C:\Windows\AutoKMS.exe [11/03/2014 15:09]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
C:\Windows\tasks\View Password Update.job --a-------- C:\Program Files (x86)\View-Password-soft\View-.exe []
C:\Windows\tasks\View Password_wd.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633" [C:\Windows\system32\CScript.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\View Password Update" [C:\Program Files (x86)\View-Password-soft\View-.exe]
"C:\Windows\SysNative\tasks\View Password_wd" [C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{ed9459dc-a2c7-4f3a-9930-87f516e1bd5d}"="C:\Program Files (x86)\View-Password-soft\155.xpi" [06/03/2014 18:04]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jljheddigenhleadfofeccneimcmlefp - C:\Users\Luna Bugatti\AppData\Roaming\speedtest4354\speedtest4354.crx[]
Google Docs - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BDBF1E28-E592-4B41-8946-7EE9872BB895}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{BDBF1E28-E592-4B41-8946-7EE9872BB895} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BDBF1E28-E592-4B41-8946-7EE9872BB895} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13828"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4NWLPCM will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=25 11107046 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\LUNABU~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4NWLPCM" not found
==== EOF on 11/03/2014 at 18:04:33,15 ======================
Vou enviar então o Log do Zoek ok? Não sei se fiz certo, mas enfim:
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Luna Bugatti on 11/03/2014 at 17:35:14,93.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Downloads\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]
==== System Restore Info ======================
11/03/2014 17:37:59 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\Program Files\McAfee deleted successfully
C:\Users\Luna Bugatti\AppData\Roaming\Google deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\Luna Bugatti\daemonprocess.txt deleted
C:\Users\Luna Bugatti\.android deleted
C:\Users\Luna Bugatti\AppData\Roaming\freegames111 deleted
C:\Users\Luna Bugatti\AppData\Roaming\speedtest4354 deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Baidu deleted
C:\Users\Luna Bugatti\AppData\Local\cache deleted
C:\windows\SysNative\tasks\Baidu Antivirus Update deleted
C:\windows\SysNative\tasks\bench-S-1-5-21-496720758-2715497450-824948769-1001 deleted
C:\Windows\tasks\bench-S-1-5-21-496720758-2715497450-824948769-1001.job deleted
C:\Windows\tasks\bench-Updater removing.job deleted
C:\Users\Public\Documents\AlawarWrapper deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-03-11 18:09:03 48A77273E8C545DCB70EEE3866CD2123 135 ----a-w- C:\Windows\AutoKMS.ini
2014-03-11 18:09:03 0ED398A4D031B9CFB10E3FEDF97AD836 614400 ----a-w- C:\Windows\AutoKMS.exe
====== C:\Users\LUNABU~1\AppData\Local\Temp ====
2014-03-11 17:02:05 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6361\s6361.exe
2014-03-11 16:41:00 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2230\s2230.exe
2014-03-07 20:45:41 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2932\s2932.exe
2014-03-07 20:36:55 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n1211\s1214.exe
2014-03-06 22:10:33 E6633716EE2AC06BCB4A58FF993015F3 155976 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\instup.exe
2014-03-06 22:10:32 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\pingeaqc.sys
2014-03-06 22:10:32 DC730F5EA07F8CE98E49BBBD110EAA14 3167112 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\HTMLayout.dll
2014-03-06 22:10:31 D11625C81FB88DC8A607BB9D76920A3D 2966792 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\aswOfferTool.exe
2014-03-06 22:10:31 BCDEA07CD91EF85BBCC869DF4906C8C1 7201640 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\Instup.dll
2014-03-06 22:10:29 B8FA402B238DB49C35CAF711D5BC9843 1093216 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\avBugReport.exe
2014-03-06 21:41:06 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6556\ins6556.exe
2014-03-06 21:05:05 6D1DAD6437B0AD404D7D6168D52188A5 18605480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
2014-03-06 21:04:24 7BA42AA291589414F3526DD4768081BD 1569312 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\n8924\PCFaster_1402-90ab5d89.exe
2014-03-03 18:33:38 488AB9E11C6D560EC43141366AADFC4C 6296752 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\SPSetup.exe
2014-03-02 20:39:04 0B8986DA46793D5412C94681E05A13AE 918016 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Quarantine.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-16 20:58:24 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-02-16 20:43:09 961A45CC15514178E511BBF1384CE0B8 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys
====== C:\Windows\Tasks ======
2014-03-11 18:09:04 EE81BF5EA48B7C424EBCF0C04FA6202E 2450 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS
2014-03-11 18:09:03 5B19ECAAB32DA34F3512C963EA50B558 238 ----a-w- C:\Windows\Tasks\AutoKMS.job
2014-03-11 17:27:31 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
2014-03-06 21:04:30 13213117F92DF0726D22BC5DF3C52A41 3100 ----a-w- C:\Windows\Sysnative\Tasks\View Password Update
2014-03-06 21:04:29 C041B61AC67E25E5C4F60EA3690969F9 446 ----a-w- C:\Windows\Tasks\View Password Update.job
2014-03-06 21:04:25 935441F7C0C9CA2D65D79DFFE7C348FE 3044 ----a-w- C:\Windows\Sysnative\Tasks\View Password_wd
2014-03-06 21:04:24 EC5D9338E949935EF00113740A1F5196 450 ----a-w- C:\Windows\Tasks\View Password_wd.job
2014-03-05 11:17:02 CC36084DE9D623CC5B41E20C9E6926AE 3544 ----a-w- C:\Windows\Sysnative\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-11 17:25:17 -------- d-----w- C:\Program Files\Microsoft Office
2014-03-07 17:41:18 -------- d-----w- C:\Program Files\office.tmp
======= C:\PROGRA~2 =====
2014-03-11 17:31:36 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2014-03-11 17:24:39 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services
2014-03-11 17:22:27 -------- d-----w- C:\PROGRA~2\Microsoft Office
2014-03-11 17:03:05 -------- d-----w- C:\PROGRA~2\VS Revo Group
2014-03-07 17:20:38 -------- d-----w- C:\PROGRA~2\Microsoft SkyDrive
2014-03-07 16:46:54 -------- d-----w- C:\PROGRA~2\WinRAR
2014-03-06 21:04:22 -------- d-----w- C:\PROGRA~2\View-Password-soft
======= C: =====
2014-02-28 14:13:23 1E4A1B03D1B6CD8A174A826F76E009F4 16 ----a-w- C:\InjectIntoProcess crash
====== C:\Users\Luna Bugatti\AppData\Roaming ======
2014-03-11 17:23:02 -------- d-----w- C:\Users\Luna Bugatti\AppData\Local\Microsoft Help
2014-03-11 17:03:05 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2014-03-07 18:28:26 -------- d-----w- C:\Users\Luna Bugatti\AppData\Local\Akamai
2014-03-07 16:47:36 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\WinRAR
2014-03-07 16:47:04 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-16 03:04:59 -------- d-----w- C:\Users\Luna Bugatti\AppData\Locallow\{EA34C851-D481-49F5-A356-3A8B0A8F3B7E}
====== C:\Users\Luna Bugatti ======
2014-03-11 20:03:20 0E46611DBBD6E6B94E1AF709F6A6CEFC 1949184 ----a-w- C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
2014-03-11 18:25:50 -------- d-----w- C:\Users\Luna Bugatti\SyncFolder
2014-03-11 17:33:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-03-11 17:22:23 -------- d-----w- C:\Users\TODOSO~1\Microsoft Help
2014-03-11 17:22:23 -------- d-----w- C:\ProgramData\Microsoft Help
2014-03-07 17:20:05 -------- d-----w- C:\Users\TODOSO~1\Microsoft SkyDrive
2014-03-07 17:20:05 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2014-03-07 16:47:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-03-06 22:17:18 -------- d-----w- C:\Users\TODOSO~1\Google
2014-03-06 22:17:18 -------- d-----w- C:\ProgramData\Google
2014-03-06 21:42:05 99EC56CB45237A16F36AB97D40F4C73E 87640360 ----a-w- C:\Users\Luna Bugatti\Desktop\avast_free_antivirus_setup.exe
2014-02-16 03:00:03 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2014-02-16 03:00:03 A77C1B6C168C66DC30D017F505032F04 286 --sha-r- C:\ProgramData\ntuser.pol
====== C: exe-files ==
2014-03-11 20:03:20 0E46611DBBD6E6B94E1AF709F6A6CEFC 1949184 ----a-w- C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
2014-03-11 19:24:38 A8B3E64FBDB2E23D6DD21C69D13FD9A6 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$ITSWIJ9.exe
2014-03-11 19:24:38 A6F66E7E82C403E061AE26C2410E4FB1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IBRD4RW.exe
2014-03-11 19:23:23 A888D01894D938477911B94E307639D5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I6PSHIH.exe
2014-03-11 19:23:23 2C6B56693A675F7986DAF583F0B87A9F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IRAR79M.exe
2014-03-11 18:35:37 3B940CEE0459674DBE1A297E1086EF4B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IKKVQZV.exe
2014-03-11 18:15:29 6F16484998F783115F4E1318EA7F707E 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IS8REJ3.exe
2014-03-11 18:10:56 0308A228BFABCEF3CD1C8BEE8BAA9E09 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IUYD9KT.exe
2014-03-11 18:10:45 9C05B494B787A0A5B4CCDC00FF290FDB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IDEG0EC.exe
2014-03-11 18:10:45 34C9FCAA5061CB8AF728F57ADE3962C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVXGQPP.exe
2014-03-11 18:10:25 F5F1BED22D21CD7724E89784A8FFF9E5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IXRDWJF.exe
2014-03-11 18:10:25 925F60F70324FA315CF28F24388E6D95 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVJRL5K.exe
2014-03-11 18:10:25 56C8B959CF9872E6A4F112F0C167DF59 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I2V6BGH.exe
2014-03-11 17:10:31 3FC89C942B905CCE58D3A46A5B8E83A1 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IUW2WPI.exe
2014-03-11 17:03:08 761102A9B90EC601E8B3071120063D74 87550 ----a-w- C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
2014-03-11 17:02:54 4F99CAE27FFD46712E65C21444AACDFC 2623656 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RS8REJ3.exe
2014-03-11 17:02:05 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6361\s6361.exe
2014-03-11 17:01:55 D317A5705CAAE3994BC90105E14450A2 300776 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVJRL5K.exe
2014-03-11 16:45:48 CF973E3CC9F47B5B2E3305F8B17071EB 15823872 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R4NYTCY.br\Office 2010 Toolkit.exe
2014-03-11 16:45:00 F3340C3B335BFAC8893DD2FECB653EF0 135632 ----a-w- C:\Program Files (x86)\WinRAR\Uninstall.exe
2014-03-11 16:45:00 ECE8AF6A140F74CE0CCF17AF8C20735B 305616 ----a-w- C:\Program Files (x86)\WinRAR\UnRAR.exe
2014-03-11 16:45:00 94443859A79BA90AB966A56152FFE367 488912 ----a-w- C:\Program Files (x86)\WinRAR\Rar.exe
2014-03-11 16:45:00 09D45BC9221A9EE375D4AADE51AF726D 1238480 ----a-w- C:\Program Files (x86)\WinRAR\WinRAR.exe
2014-03-11 16:44:37 E86BA4122DA9E466C80ED38ADBAE0F5C 1764632 ----a-w- C:\Users\Luna Bugatti\Downloads\Programas Download\wrar501.exe
2014-03-11 16:42:01 510990E49318F60F1284EDFCCEDC8245 31016848 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RUW2WPI.exe
2014-03-11 16:41:00 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2230\s2230.exe
2014-03-11 16:40:42 B648F68E1AA843457FAC792EABAF9E57 300776 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R2V6BGH.exe
2014-03-11 16:38:45 2FBCFD6502B8DABD6D83F12BB0026333 167528 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RUYD9KT.exe
2014-03-11 16:26:48 67B68615388946ED1940E9BB100EFC14 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$I02BC4U.exe
2014-03-07 20:45:41 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n2932\s2932.exe
2014-03-07 20:45:24 1993699DDFA684BBDB8579155F0B2D10 300264 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RDEG0EC.exe
2014-03-07 20:38:42 88B44DC12A53840A787C08E14A964E28 4194304 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$R02BC4U.exe
2014-03-07 20:36:55 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n1211\s1214.exe
2014-03-07 20:33:21 BD04C8AD7799268D3548D8004F7A17D2 300264 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVXGQPP.exe
2014-03-06 22:10:33 E6633716EE2AC06BCB4A58FF993015F3 155976 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\instup.exe
2014-03-06 22:10:31 D11625C81FB88DC8A607BB9D76920A3D 2966792 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\aswOfferTool.exe
2014-03-06 22:10:29 B8FA402B238DB49C35CAF711D5BC9843 1093216 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\avBugReport.exe
2014-03-06 21:46:54 DD4F6772674BF73C44DA7BA243217763 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$ITB3Z1M.exe
2014-03-06 21:46:48 70E1733885FA423935A0DD78C1067740 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IO7NWFU.exe
2014-03-06 21:42:05 99EC56CB45237A16F36AB97D40F4C73E 87640360 ----a-w- C:\Users\Luna Bugatti\Desktop\avast_free_antivirus_setup.exe
2014-03-06 21:41:06 18332589D7068650441AB03E352A3441 275456 ----atw- C:\Users\Luna Bugatti\AppData\Local\Temp\n6556\ins6556.exe
2014-03-06 21:08:10 446AF151B600F919B0C9B9BBEB2928BF 299240 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RTB3Z1M.exe
2014-03-06 21:05:05 6D1DAD6437B0AD404D7D6168D52188A5 18605480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe
2014-03-06 21:04:24 7BA42AA291589414F3526DD4768081BD 1569312 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\n8924\PCFaster_1402-90ab5d89.exe
2014-03-06 21:04:21 7660B5ADF77FFD06F0A5224F8DE7AF9E 164427 ----a-w- C:\Program Files (x86)\View-Password-soft\Uninstall.exe
2014-03-06 21:04:21 34E55CCCCAFC74AC8FACA8DCBFDE24D3 93184 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
2014-03-06 21:04:21 1988369D87BC0A36753766267C30B297 195072 ----a-w- C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe
2014-03-06 21:01:24 72C47C06258A34F3F649C304D52BA25A 299240 ----a-w- C:\Users\Luna Bugatti\Downloads\Programas Download\Avast! Free Antivirus.exe
2014-03-05 18:51:46 D2C9D8BB8C3852480B8344FBC41B3C54 60480 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KD8DN0C1\yet_another_cleaner_ash[1].exe
2014-03-05 18:51:32 FF2E369C855034B69B0646A50C9BDEBC 313920 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZE75AFEP\yet_another_cleaner_ash[1].exe
=== C: other files ==
2014-03-11 18:12:29 D728622F132E27F796BE9DDD41582B7A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$IVL31K9.zip
2014-03-11 16:52:56 3DC193C2B5E62A2350D12A94EDB306D2 140626 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\OfficeUninstaller\UninstallOffice2010.vbs
2014-03-11 16:43:25 7F08CF0B93908EFA1193B3E57F0B2DCE 2497745 ----a-w- C:\$Recycle.Bin\S-1-5-21-496720758-2715497450-824948769-1001\$RVL31K9.zip
2014-03-07 00:12:46 D13A88CA51202A49207C4D7CD8186DB0 608268 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\scoped_dir_4032_14292\aswWebRepChrome.crx
2014-03-06 22:10:32 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Users\Luna Bugatti\AppData\Local\Temp\_av_iup.tm~a08680\pingeaqc.sys
2014-03-06 21:04:22 AE0A6D7EFA143AEE6683E216E8083AF9 15708 ----a-w- C:\Program Files (x86)\View-Password-soft\155.xpi
2014-03-05 19:45:21 844B86762F1CE9E8EBA7A838634F38FA 3643698 ----a-w- C:\Users\Luna Bugatti\Downloads\Material da aula de Publicidade e Proganda.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartProtect"="C:\ProgramData\SmartProtect\SmartProtect.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Baidu Antivirus"="C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe -auto"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartProtect"="C:\ProgramData\SmartProtect\SmartProtect.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Deskmedia"="C:\Positivo\Deskmedia\GerenciadorLocal.exe"
"Posibar"="C:\Positivo\Deskmedia\Posibar.exe"
"StartUpManagerPositivo"="C:\Program Files\Positivo Inform tica\Mundo Positivo Gerenciador de Inicializa‡Æo\ManagerWindows.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/01/2014 21:51]
C:\Windows\tasks\AutoKMS.job --a-------- C:\Windows\AutoKMS.exe [11/03/2014 15:09]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
C:\Windows\tasks\View Password Update.job --a-------- C:\Program Files (x86)\View-Password-soft\View-.exe []
C:\Windows\tasks\View Password_wd.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633" [C:\Windows\system32\CScript.exe]
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\View Password Update" [C:\Program Files (x86)\View-Password-soft\View-.exe]
"C:\Windows\SysNative\tasks\View Password_wd" [C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{ed9459dc-a2c7-4f3a-9930-87f516e1bd5d}"="C:\Program Files (x86)\View-Password-soft\155.xpi" [06/03/2014 18:04]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jljheddigenhleadfofeccneimcmlefp - C:\Users\Luna Bugatti\AppData\Roaming\speedtest4354\speedtest4354.crx[]
Google Docs - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BDBF1E28-E592-4B41-8946-7EE9872BB895}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{BDBF1E28-E592-4B41-8946-7EE9872BB895} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BDBF1E28-E592-4B41-8946-7EE9872BB895} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13828"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jljheddigenhleadfofeccneimcmlefp deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4NWLPCM will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=25 11107046 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\LUNABU~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C4NWLPCM" not found
==== EOF on 11/03/2014 at 18:04:33,15 ======================
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
(RESOLVIDO) Baidu Remoção
por Aline Angélica Ter 11 Mar 2014, 18:19
# AdwCleaner v3.021 - Relatório criado 11/03/2014 às 17:08:56
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Luna Bugatti - LUNABUGATTI
# Executando de : C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[x] Não Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freesofttoday
Pasta Deletada : C:\Program Files (x86)\Bench
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\MyPC Backup
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Windows\SysWOW64\SearchProtect
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\BeamriseUninstall
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\Freesofttoday
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\genienext
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\lollipop
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\fst_br_43
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luna Bugatti\Documents\Mobogenie
Arquivo Deletada : C:\Windows\Tasks\bench-sys.job
Arquivo Deletada : C:\Windows\System32\Tasks\bench-sys
Arquivo Deletada : C:\Windows\System32\Tasks\LaunchApp
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_43]
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKLM\Software\Bench
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3639 octets] - [11/03/2014 17:07:20]
AdwCleaner[S0].txt - [3134 octets] - [11/03/2014 17:08:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3194 octets] ##########
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Luna Bugatti - LUNABUGATTI
# Executando de : C:\Users\Luna Bugatti\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
[x] Não Deletada : CltMngSvc
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\AlawarWrapper
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freesofttoday
Pasta Deletada : C:\Program Files (x86)\Bench
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\MyPC Backup
Pasta Deletada : C:\Program Files (x86)\predm
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Windows\SysWOW64\SearchProtect
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\BeamriseUninstall
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\Freesofttoday
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\genienext
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\lollipop
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Local\fst_br_43
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Luna Bugatti\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Luna Bugatti\Documents\Mobogenie
Arquivo Deletada : C:\Windows\Tasks\bench-sys.job
Arquivo Deletada : C:\Windows\System32\Tasks\bench-sys
Arquivo Deletada : C:\Windows\System32\Tasks\LaunchApp
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_43]
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKLM\Software\Bench
Chave Deletedo : HKLM\Software\FreeSoftToday
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Tutorials
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16798
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3639 octets] - [11/03/2014 17:07:20]
AdwCleaner[S0].txt - [3134 octets] - [11/03/2014 17:08:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3194 octets] ##########
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Ter 11 Mar 2014, 18:25
Siga, por gentileza, as dicas do tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 11:17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 Single Language x64
Ran by Luna Bugatti on 12/03/2014 at 11:01:37,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2014 at 11:07:47,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 Single Language x64
Ran by Luna Bugatti on 12/03/2014 at 11:01:37,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12/03/2014 at 11:07:47,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 11:23
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 12 Mar 2014, 13:40, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 12:03
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Luna Bugatti on 12/03/2014 at 11:32:47,98.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
==== System Restore Info ======================
12/03/2014 11:33:34 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-01-14 02:01:10 2014-03-07 19:16:24 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-14 02:01:10 2014-03-12 14:47:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-03-05 11:17:00 2014-03-07 19:50:47 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-14 02:01:38 2014-03-07 19:50:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-03-05 11:17:00 2014-03-07 19:50:47 -------- d-----w- C:\Users\All Users\Baidu Security
2014-01-14 02:01:38 2014-03-07 19:50:51 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-03-06 21:14:43 2014-03-06 21:14:43 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security
2014-03-07 20:46:53 2014-03-07 20:46:53 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-07 20:46:53 2014-03-07 20:46:53 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-06 21:10:56 2014-03-07 19:24:29 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-01-14 02:01:39
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-01-14 02:01:39
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-299B5FDB.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 168810
Created time: 2014-03-07 00:42:37
Modified time: 2014-03-07 00:42:37
MD5: 21463955E82A0C46A739876B032B2B6B
SHA1: 8A09C93E5CA3C2A5CB2D73DC94E27BE7DBCA5627
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-03-11 20:53:19
Modified time: 2014-01-14 02:01:35
MD5: EB0093A8E5DBB721076A268EDE267144
SHA1: D532EA50DD817FF485AA400061288A1DACDFB519
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-03-06 03-11-55-0825-[20838].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-06 03-13-09-0504-[21079].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-03-06 03-14-56-0634-[21429].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-06 03-15-09-0520-[21471].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-03-06 03-15-11-0413-[21478].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-07 03-22-23-0690-[31134].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-03-07 03-24-02-0571-[31458].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luna Bugatti\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=hex:53,41,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"="Bav"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"="Baidu, Inc."
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"="Bav"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"="Baidu, Inc."
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{ed9459dc-a2c7-4f3a-9930-87f516e1bd5d}"="C:\Program Files (x86)\View-Password-soft\155.xpi" [06/03/2014 18:04]
==== Chrome Look ======================
Google Docs - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Luna Bugatti\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Luna Bugatti\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosUI.exe Offer
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Promoção Vivo.lnk -
==== shortcuts in Users Start Menu ======================
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Office Anytime Upgrade.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\promo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13828"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=25 11107046 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\LUNABU~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 12/03/2014 at 11:57:03,59 ======================
Tool run by Luna Bugatti on 12/03/2014 at 11:32:47,98.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
==== System Restore Info ======================
12/03/2014 11:33:34 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-01-14 02:01:10 2014-03-07 19:16:24 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-14 02:01:10 2014-03-12 14:47:21 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-03-05 11:17:00 2014-03-07 19:50:47 -------- d-----w- C:\ProgramData\Baidu Security
2014-01-14 02:01:38 2014-03-07 19:50:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-03-05 11:17:00 2014-03-07 19:50:47 -------- d-----w- C:\Users\All Users\Baidu Security
2014-01-14 02:01:38 2014-03-07 19:50:51 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-03-06 21:14:43 2014-03-06 21:14:43 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security
2014-03-07 20:46:53 2014-03-07 20:46:53 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-07 20:46:53 2014-03-07 20:46:53 -------- d-----w- C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-06 21:10:56 2014-03-07 19:24:29 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-01-14 02:01:39
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-01-14 02:01:39
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-299B5FDB.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 168810
Created time: 2014-03-07 00:42:37
Modified time: 2014-03-07 00:42:37
MD5: 21463955E82A0C46A739876B032B2B6B
SHA1: 8A09C93E5CA3C2A5CB2D73DC94E27BE7DBCA5627
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-03-11 20:53:19
Modified time: 2014-01-14 02:01:35
MD5: EB0093A8E5DBB721076A268EDE267144
SHA1: D532EA50DD817FF485AA400061288A1DACDFB519
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-03-06 03-11-55-0825-[20838].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-06 03-13-09-0504-[21079].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-03-06 03-14-56-0634-[21429].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-06 03-15-09-0520-[21471].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-03-06 03-15-11-0413-[21478].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-07 03-22-23-0690-[31134].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-03-07 03-24-02-0571-[31458].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luna Bugatti\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=hex:53,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=hex:53,41,\
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"="Bav"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"="Baidu, Inc."
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"="Bav"
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"="Baidu, Inc."
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Firefox Extensions Registry ======================
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{ed9459dc-a2c7-4f3a-9930-87f516e1bd5d}"="C:\Program Files (x86)\View-Password-soft\155.xpi" [06/03/2014 18:04]
==== Chrome Look ======================
Google Docs - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
AdBlock - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
Google Wallet - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\Luna Bugatti\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Luna Bugatti\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosUI.exe Offer
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Promoção Vivo.lnk -
==== shortcuts in Users Start Menu ======================
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\accicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pubs.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Office Anytime Upgrade.lnk - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\promo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyServer"="http=127.0.0.1:13828"
"ProxyEnable"=dword:00000001
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=168 folders=25 11107046 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Luna Bugatti\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\LUNABU~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 12/03/2014 at 11:57:03,59 ======================
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 12:46
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 12 Mar 2014, 13:41, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 13:16
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Luna Bugatti on 12/03/2014 at 12:56:24,97.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
C:\zoek-results2014-03-12-145703.log 29094 bytes
==== System Restore Info ======================
12/03/2014 12:58:04 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-03-06 03-11-55-0825-[20838].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-06 03-13-09-0504-[21079].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-03-06 03-14-56-0634-[21429].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-06 03-15-09-0520-[21471].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-03-06 03-15-11-0413-[21478].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-07 03-22-23-0690-[31134].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-03-07 03-24-02-0571-[31458].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luna Bugatti\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-299B5FDB.pf" not found
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-01-14 02:01:10 2014-03-12 15:59:45 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-14 02:01:10 2014-03-12 16:02:35 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-03-12 14:56:11 2014-03-12 14:56:11 -------- d-----w- C:\ProgramData\Baidu
2014-03-12 14:56:11 2014-03-12 14:56:11 -------- d-----w- C:\Users\All Users\Baidu
2014-03-12 15:59:20 2014-03-12 15:59:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-03-12 15:59:26 2014-03-12 15:59:28 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-03-12 15:59:28 2014-03-12 15:59:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-03-12 15:59:36 2014-03-12 15:59:36 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-03-12 15:59:36 2014-03-12 15:59:37 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-03-12 15:59:37 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-12 15:59:38 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-03-12 15:59:20 2014-03-12 15:59:24 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-03-12 15:59:39 2014-03-12 15:59:39 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-12 15:59:42 2014-03-12 15:59:42 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=596 folders=137 307563990 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not found
==== EOF on 12/03/2014 at 13:06:29,32 ======================
Tool run by Luna Bugatti on 12/03/2014 at 12:56:24,97.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
C:\zoek-results2014-03-12-145703.log 29094 bytes
==== System Restore Info ======================
12/03/2014 12:58:04 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\BAVSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634-2014-03-06 03-11-55-0825-[20838].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-06 03-13-09-0504-[21079].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Pcftray-2014-03-06 03-14-56-0634-[21429].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-06 03-15-09-0520-[21471].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-LeakRepair-2014-03-06 03-15-11-0413-[21478].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-07 03-22-23-0690-[31134].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-03-07 03-24-02-0571-[31458].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BAVSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsSvc]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\Luna Bugatti\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.FriendlyAppName"=-
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe.ApplicationCompany"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\011414-37015-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130342156188599015.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
==== Deleting Files \ Folders ======================
"C:\Windows\Prefetch\BAIDU_SECURE_SYSTEMUP_4.0.1.5-299B5FDB.pf" not found
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Luna Bugatti\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavBase.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavClean.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavCs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavDs.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavFi.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavOa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavPe.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavQv.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavScan.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSig.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSk.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUa.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavVt.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BDrvComm.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsCore.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\CloudDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DrvInst.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HackerDefense.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\HipsHB.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\sqlite.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-01-14 02:01:10 2014-03-12 15:59:45 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-14 02:01:10 2014-03-12 16:02:35 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-03-12 14:56:11 2014-03-12 14:56:11 -------- d-----w- C:\ProgramData\Baidu
2014-03-12 14:56:11 2014-03-12 14:56:11 -------- d-----w- C:\Users\All Users\Baidu
2014-03-12 15:59:20 2014-03-12 15:59:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-03-12 15:59:26 2014-03-12 15:59:28 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-03-12 15:59:28 2014-03-12 15:59:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-03-12 15:59:36 2014-03-12 15:59:36 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-03-12 15:59:36 2014-03-12 15:59:37 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-03-12 15:59:37 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-12 15:59:38 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-03-12 15:59:20 2014-03-12 15:59:24 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-03-12 15:59:39 2014-03-12 15:59:39 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-12 15:59:42 2014-03-12 15:59:42 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=596 folders=137 307563990 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavWl.dat" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BAVSvc.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BHipsSvc.log" not found
"C:\Program Files (x86)\Baidu Security" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not found
==== EOF on 12/03/2014 at 13:06:29,32 ======================
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 13:39
Desative temporariamente seu antivírus para evitar conflitos.*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Qua 12 Mar 2014, 13:57, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 13:55
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Luna Bugatti on 12/03/2014 at 13:47:32,39.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
C:\zoek-results2014-03-12-145703.log 29094 bytes
C:\zoek-results2014-03-12-160629.log 24958 bytes
==== System Restore Info ======================
12/03/2014 13:48:25 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-03-12 15:59:20 2014-03-12 15:59:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-03-12 15:59:26 2014-03-12 15:59:28 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-03-12 16:48:38 2014-03-12 16:48:38 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-03-12 15:59:28 2014-03-12 15:59:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-03-12 15:59:36 2014-03-12 15:59:36 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-03-12 16:48:38 2014-03-12 16:48:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-03-12 15:59:36 2014-03-12 15:59:37 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-03-12 15:59:37 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-12 15:59:38 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-03-12 15:59:20 2014-03-12 15:59:24 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-03-12 15:59:39 2014-03-12 15:59:39 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-12 15:59:42 2014-03-12 15:59:42 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-03-11 20:53:19
Modified time: 2014-01-14 02:01:35
MD5: EB0093A8E5DBB721076A268EDE267144
SHA1: D532EA50DD817FF485AA400061288A1DACDFB519
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-03-12 15:59:36
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-03-12 15:59:38
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=602 folders=141 307564802 bytes)
==== EOF on 12/03/2014 at 13:51:37,22 ======================
Tool run by Luna Bugatti on 12/03/2014 at 13:47:32,39.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Luna Bugatti\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-11-210433.log 25576 bytes
C:\zoek-results2014-03-12-145703.log 29094 bytes
C:\zoek-results2014-03-12-160629.log 24958 bytes
==== System Restore Info ======================
12/03/2014 13:48:25 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-496720758-2715497450-824948769-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\Baidu Security not found
C:\Program Files (x86)\Baidu Security\Baidu Antivirus not found
C:\ProgramData\Baidu deleted
==== Folders Found ======================
2014-03-11 20:08:57 2014-03-11 20:08:57 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-03-12 15:59:20 2014-03-12 15:59:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-03-12 15:59:26 2014-03-12 15:59:28 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-03-12 16:48:38 2014-03-12 16:48:38 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu
2014-03-12 15:59:28 2014-03-12 15:59:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-03-12 15:59:36 2014-03-12 15:59:36 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-11 20:53:16 2014-03-11 20:53:16 -------- d---a-w- C:\zoek_backup\C_PROGRA~3_Baidu
2014-03-12 16:48:38 2014-03-12 16:48:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu
2014-03-12 15:59:36 2014-03-12 15:59:37 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-03-12 15:59:37 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-03-12 15:59:38 2014-03-12 15:59:38 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-03-12 15:59:43 2014-03-12 15:59:43 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-03-12 15:59:20 2014-03-12 15:59:24 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-03-12 15:59:39 2014-03-12 15:59:39 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-12 15:59:42 2014-03-12 15:59:42 -------- d---a-w- C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu Antivirus Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3438
Created time: 2014-03-11 20:53:19
Modified time: 2014-01-14 02:01:35
MD5: EB0093A8E5DBB721076A268EDE267144
SHA1: D532EA50DD817FF485AA400061288A1DACDFB519
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-03-12 15:59:36
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1223
Created time: 2014-03-12 15:59:38
Modified time: 2014-01-14 02:01:39
MD5: 477EF3B0461FE87422B45F2B0759FFCA
SHA1: 58677E076BD61EE876153118062BD66642F9FD9E
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=602 folders=141 307564802 bytes)
==== EOF on 12/03/2014 at 13:51:37,22 ======================
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 13:58
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 14:04
~ Relatório do ZHPDiag v2014.3.12.13 - Nicolas Coolman (12/03/2014)
~ Iniciado por Luna Bugatti (12/03/2014 14:01:18)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.149 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Windows Defender W8
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI - Português
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1489 MB (19% free)
System Restore: Activé (Enable)
System drive C: has 230 GB (82%) free of 278 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUNABUGATTI
~ User Name: Luna Bugatti
~ All Users Names: Luna Bugatti, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luna Bugatti\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luna Bugatti\AppData\Roaming\
~ %Desktop% : C:\Users\Luna Bugatti\Desktop\
~ %Favorites% : C:\Users\Luna Bugatti\Favorites\
~ %LocalAppData% : C:\Users\Luna Bugatti\AppData\Local\
~ %StartMenu% : C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 230 Go of 278 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.27/05/2013 - 10:06:37.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/05/2013 - 09:31:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.27/05/2013 - 10:25:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/05/2013 - 10:28:58.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/643
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 2/2497
~ Mon Bureau (My Desktop) : 2/1470
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] - (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184] [PID.2652] =>PUP.ViewPassword
[MD5.E0E7BD7828EA7B8721BE29375C0D04DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704] [PID.2952]
[MD5.F41AC5D823E9739E1FD1A497D4BE493F] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.14548]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.30604]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 04s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual do Usuário.lnk . (...) -- C:\Fabricante\Manual do Usuario\Manual do Usuário.pdf
O4 - GS\Desktop [Public]: Positivo Jogos.lnk . (...) -- C:\Fabricante\Positivo Jogos Atalhos
O4 - GS\Desktop [Public]: Promoção Vivo.lnk . (.Positivo Informática S.A. - Aplicação da Promoção Vivo® Banda Larga.) -- C:\Program Files\Positivo Informática\Vivo\VivoVideoAd.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Promocao Vivo.lnk . (.Positivo Informática S.A. - Aplicação da Promoção Vivo® Banda Larga.) -- C:\Program Files\Positivo Informática\Vivo\VivoVideoAd.exe
O4 - GS\QuickLaunch [Luna Bugatti]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Luna Bugatti]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Luna Bugatti]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Luna Bugatti]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Luna Bugatti]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Luna Bugatti]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Luna Bugatti]: Positivo Aplicativos.lnk . (.Positivo Informática S.A. - Positivo Aplicativos.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosUI.exe
~ Global Startup: 32 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [Posibar] . (.Positivo Informática - Posibar.) -- C:\Positivo\Deskmedia\Posibar.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKCU\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [fst_br_27] Chave orfã
O4 - HKUS\S-1-5-21-496720758-2715497450-824948769-1001\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF968A8-EB78-4883-BB15-A5173D819C68}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA39D95-3AC0-4D25-A776-2DED1459E656}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{7EF968A8-EB78-4883-BB15-A5173D819C68}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AA39D95-3AC0-4D25-A776-2DED1459E656}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Update Bizzybolt (Update Bizzybolt) . (...) - C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe (.not file.) =>PUP.Bizzybolt
O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe =>PUP.ViewPassword
~ Services: 12 Legitimates Filtered in 00mn 07s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [238]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [446] =>PUP.ViewPassword
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password_wd.job [450] =>PUP.ViewPassword
[MD5.0ED398A4D031B9CFB10E3FEDF97AD836] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe [614400] =>Trojan.Trojan.Keygen
[MD5.BB8A3FD6A7359BFDDEE77F21D89B2E63] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe [248320] =>PUP.ViewPassword
[MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184] =>PUP.ViewPassword
~ Scheduled Task: 17 Legitimates Filtered in 00mn 10s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Deskmedia]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Deskmedia]
~ Key Software: 157 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/03/2014 - 16:49:55 - [1,284] ----D C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword
O43 - CFD: 12/03/2014 - 13:07:05 - [27,196] --H-D C:\ProgramData\SmartProtect
O43 - CFD: 01/08/2013 - 06:23:44 - [9,612] ----D C:\ProgramData\Vivo
~ Program Folder: 115 Legitimates Filtered in 00mn 16s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.759A7C3365C4893A6F62E642EB890C7E] - 11/03/2014 - 13:28:25 ---A- . (...) -- C:\Windows\SynInst.log [417]
O44 - LFC:[MD5.48A77273E8C545DCB70EEE3866CD2123] - 11/03/2014 - 15:09:03 ---A- . (...) -- C:\Windows\AutoKMS.ini [135]
O44 - LFC:[MD5.0ED398A4D031B9CFB10E3FEDF97AD836] - 11/03/2014 - 15:09:03 ---A- . (.No owner - AutoKMS.) -- C:\Windows\AutoKMS.exe [614400] =>Trojan.Trojan.Keygen
O44 - LFC:[MD5.3F37B8BACDB375590D7D927C58C9B59D] - 11/03/2014 - 16:51:05 ---A- . (...) -- C:\Windows\ntbtlog.txt [439152]
O44 - LFC:[MD5.E9C319AD3A24F21CD6B12A315DEE1A3E] - 11/03/2014 - 18:04:33 ---A- . (...) -- C:\zoek-results2014-03-11-210433.log [25576]
O44 - LFC:[MD5.E711DE76EF8430545C6052E2B98B81C0] - 12/03/2014 - 11:31:19 ---A- . (...) -- C:\Windows\win.ini [199]
O44 - LFC:[MD5.A396D42F4A0EDA214AD79B346D7F1157] - 12/03/2014 - 11:57:03 ---A- . (...) -- C:\zoek-results2014-03-12-145703.log [29094]
O44 - LFC:[MD5.AFCACF23C44F0509B6FDBE4A19ECCE8C] - 12/03/2014 - 13:06:29 ---A- . (...) -- C:\zoek-results2014-03-12-160629.log [24958]
O44 - LFC:[MD5.C48124970F2882A40591AFC396B3E828] - 12/03/2014 - 13:06:57 ---A- . (...) -- C:\Windows\AutoKMS.log [3249]
O44 - LFC:[MD5.74C622A60FFAB7CE6ED0F54BC3764128] - 12/03/2014 - 13:10:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.8EC61098FF2707A59DA12AD2E4F0685E] - 12/03/2014 - 13:10:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.76262E45210FBD3B1D5F358D8694E225] - 12/03/2014 - 13:51:37 ---A- . (...) -- C:\zoek-results.log [6757]
O44 - LFC:[MD5.12489965D687C7DAD0F5814FFEBA870B] - 27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O44 - LFC:[MD5.52702E8890D8423D885B831057DBEEF6] - 27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O44 - LFC:[MD5.1E4A1B03D1B6CD8A174A826F76E009F4] - 28/02/2014 - 11:34:58 ---A- . (...) -- C:\InjectIntoProcess crash [16]
~ Files: 47 Legitimates Filtered in 00mn 06s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.12489965D687C7DAD0F5814FFEBA870B] - 27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.52702E8890D8423D885B831057DBEEF6] - 27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 00:12:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 19 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/03/2014] (...) -- C:\Users\Luna Bugatti\Desktop\zoek.exe [1285120]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{81214B5D-86D7-4E99-A1B4-3D909965612D}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{5583A738-224E-4D14-9AF8-6A64450D4305}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/01/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/10/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 12/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 | (Update Bizzybolt) . (...) - C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe =>PUP.Bizzybolt
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 27/05/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/10/2013 65304 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosService.exe
SR - | Auto 24/01/2013 51480 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
SR - | Auto 22/03/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 27/07/2012 636952 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 19/12/2012 129488 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 19/12/2012 165328 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 19/12/2012 277456 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/12/2012 364496 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 06/03/2014 195072 | (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe =>PUP.ViewPassword
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\Update Bizzybolt] =>PUP.Bizzybolt^
[HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword] =>PUP.ViewPassword^
C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword^
C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe =>PUP.ViewPassword^
C:\Windows\Tasks\View Password Update.job =>PUP.ViewPassword^
C:\Windows\Tasks\View Password_wd.job =>PUP.ViewPassword^
C:\Windows\AutoKMS.exe =>Trojan.Trojan.Keygen^
C:\Program Files (x86)\View-Password-soft\View-.exe =>PUP.ViewPassword^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 169642 Items scanned in 00mn 38s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ViewPassword
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Bizzybolt
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 4 link(s) detected in 00mn 38s
~ 778 Legitimates filtered by white list
End of the scan (390 lines in 02mn 11s)(0)
~ Iniciado por Luna Bugatti (12/03/2014 14:01:18)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16843
GCIE: Google Chrome v33.0.1750.149 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Windows Defender W8
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 11 Plugin
Adobe Reader XI - Português
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1489 MB (19% free)
System Restore: Activé (Enable)
System drive C: has 230 GB (82%) free of 278 GB
---\\ Modo de conexão ao sistema
~ Computer Name: LUNABUGATTI
~ User Name: Luna Bugatti
~ All Users Names: Luna Bugatti, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Luna Bugatti\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Luna Bugatti\AppData\Roaming\
~ %Desktop% : C:\Users\Luna Bugatti\Desktop\
~ %Favorites% : C:\Users\Luna Bugatti\Favorites\
~ %LocalAppData% : C:\Users\Luna Bugatti\AppData\Local\
~ %StartMenu% : C:\Users\Luna Bugatti\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 230 Go of 278 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.79EDF01FA13D886F8E1B655D542011FB] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 05:13:41.) -- C:\Windows\System32\wininet.dll [2241536]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.27/05/2013 - 10:06:37.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.09D9EB9E7898F8E6561473A20CC808B9] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.25/07/2012 - 23:26:53.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/05/2013 - 09:31:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.27/05/2013 - 10:25:46.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.76929F4A69E425911A63B407E26C2589] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/05/2013 - 10:28:58.) -- C:\Windows\system32\Drivers\ntfs.sys [1933544]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/643
~ Mes musiques (My Musics) : 1/3
~ Mes Favoris (My Favorites) : 1/11
~ Mes Documents (My Documents) : 2/2497
~ Mon Bureau (My Desktop) : 2/1470
~ Menu demarrer (Programs) : 1/25
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] - (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184] [PID.2652] =>PUP.ViewPassword
[MD5.E0E7BD7828EA7B8721BE29375C0D04DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286704] [PID.2952]
[MD5.F41AC5D823E9739E1FD1A497D4BE493F] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [859976] [PID.14548]
[MD5.64A2A75D8F4BD07BD0A0029AA8825BBF] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8353792] [PID.30604]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Luna Bugatti\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
~ Google Browser: 16 Legitimates Filtered in 00mn 04s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:13828 =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Manual do Usuário.lnk . (...) -- C:\Fabricante\Manual do Usuario\Manual do Usuário.pdf
O4 - GS\Desktop [Public]: Positivo Jogos.lnk . (...) -- C:\Fabricante\Positivo Jogos Atalhos
O4 - GS\Desktop [Public]: Promoção Vivo.lnk . (.Positivo Informática S.A. - Aplicação da Promoção Vivo® Banda Larga.) -- C:\Program Files\Positivo Informática\Vivo\VivoVideoAd.exe
O4 - GS\Program [Public]: Desktop.lnk - Chave orfã
O4 - GS\Program [Public]: Promocao Vivo.lnk . (.Positivo Informática S.A. - Aplicação da Promoção Vivo® Banda Larga.) -- C:\Program Files\Positivo Informática\Vivo\VivoVideoAd.exe
O4 - GS\QuickLaunch [Luna Bugatti]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [Luna Bugatti]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\QuickLaunch [Luna Bugatti]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\TaskBar [Luna Bugatti]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O4 - GS\Program [Luna Bugatti]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Luna Bugatti]: PhotoScape.lnk . (...) -- C:\Program Files (x86)\PhotoScape\PhotoScape.exe
O4 - GS\Desktop [Luna Bugatti]: Positivo Aplicativos.lnk . (.Positivo Informática S.A. - Positivo Aplicativos.) -- C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosUI.exe
~ Global Startup: 32 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [Posibar] . (.Positivo Informática - Posibar.) -- C:\Positivo\Deskmedia\Posibar.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (.Positivo Informática SA - Gerenciador de Inicialização.) -- C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe
O4 - HKCU\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [fst_br_27] Chave orfã
O4 - HKUS\S-1-5-21-496720758-2715497450-824948769-1001\..\Run: [SmartProtect] . (...) -- C:\ProgramData\SmartProtect\SmartProtect.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EF968A8-EB78-4883-BB15-A5173D819C68}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AA39D95-3AC0-4D25-A776-2DED1459E656}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{7EF968A8-EB78-4883-BB15-A5173D819C68}: NameServer = 200.204.0.10 200.204.0.138
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AA39D95-3AC0-4D25-A776-2DED1459E656}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{686BE745-0B36-440D-8A51-54BCED8F6045}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Update Bizzybolt (Update Bizzybolt) . (...) - C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe (.not file.) =>PUP.Bizzybolt
O23 - Service: View Password (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe =>PUP.ViewPassword
~ Services: 12 Legitimates Filtered in 00mn 07s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\AutoKMS.job [238]
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password Update.job [446] =>PUP.ViewPassword
O39 - APT:Automatic Planified Task - C:\Windows\Tasks\View Password_wd.job [450] =>PUP.ViewPassword
[MD5.0ED398A4D031B9CFB10E3FEDF97AD836] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS.exe [614400] =>Trojan.Trojan.Keygen
[MD5.BB8A3FD6A7359BFDDEE77F21D89B2E63] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe [248320] =>PUP.ViewPassword
[MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184] =>PUP.ViewPassword
~ Scheduled Task: 17 Legitimates Filtered in 00mn 10s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Deskmedia]
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Deskmedia]
~ Key Software: 157 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 07/03/2014 - 16:49:55 - [1,284] ----D C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword
O43 - CFD: 12/03/2014 - 13:07:05 - [27,196] --H-D C:\ProgramData\SmartProtect
O43 - CFD: 01/08/2013 - 06:23:44 - [9,612] ----D C:\ProgramData\Vivo
~ Program Folder: 115 Legitimates Filtered in 00mn 16s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.759A7C3365C4893A6F62E642EB890C7E] - 11/03/2014 - 13:28:25 ---A- . (...) -- C:\Windows\SynInst.log [417]
O44 - LFC:[MD5.48A77273E8C545DCB70EEE3866CD2123] - 11/03/2014 - 15:09:03 ---A- . (...) -- C:\Windows\AutoKMS.ini [135]
O44 - LFC:[MD5.0ED398A4D031B9CFB10E3FEDF97AD836] - 11/03/2014 - 15:09:03 ---A- . (.No owner - AutoKMS.) -- C:\Windows\AutoKMS.exe [614400] =>Trojan.Trojan.Keygen
O44 - LFC:[MD5.3F37B8BACDB375590D7D927C58C9B59D] - 11/03/2014 - 16:51:05 ---A- . (...) -- C:\Windows\ntbtlog.txt [439152]
O44 - LFC:[MD5.E9C319AD3A24F21CD6B12A315DEE1A3E] - 11/03/2014 - 18:04:33 ---A- . (...) -- C:\zoek-results2014-03-11-210433.log [25576]
O44 - LFC:[MD5.E711DE76EF8430545C6052E2B98B81C0] - 12/03/2014 - 11:31:19 ---A- . (...) -- C:\Windows\win.ini [199]
O44 - LFC:[MD5.A396D42F4A0EDA214AD79B346D7F1157] - 12/03/2014 - 11:57:03 ---A- . (...) -- C:\zoek-results2014-03-12-145703.log [29094]
O44 - LFC:[MD5.AFCACF23C44F0509B6FDBE4A19ECCE8C] - 12/03/2014 - 13:06:29 ---A- . (...) -- C:\zoek-results2014-03-12-160629.log [24958]
O44 - LFC:[MD5.C48124970F2882A40591AFC396B3E828] - 12/03/2014 - 13:06:57 ---A- . (...) -- C:\Windows\AutoKMS.log [3249]
O44 - LFC:[MD5.74C622A60FFAB7CE6ED0F54BC3764128] - 12/03/2014 - 13:10:00 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [155144]
O44 - LFC:[MD5.8EC61098FF2707A59DA12AD2E4F0685E] - 12/03/2014 - 13:10:00 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [763854]
O44 - LFC:[MD5.76262E45210FBD3B1D5F358D8694E225] - 12/03/2014 - 13:51:37 ---A- . (...) -- C:\zoek-results.log [6757]
O44 - LFC:[MD5.12489965D687C7DAD0F5814FFEBA870B] - 27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O44 - LFC:[MD5.52702E8890D8423D885B831057DBEEF6] - 27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O44 - LFC:[MD5.1E4A1B03D1B6CD8A174A826F76E009F4] - 28/02/2014 - 11:34:58 ---A- . (...) -- C:\InjectIntoProcess crash [16]
~ Files: 47 Legitimates Filtered in 00mn 06s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.12489965D687C7DAD0F5814FFEBA870B] - 27/02/2014 - 23:15:47 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:[MD5.52702E8890D8423D885B831057DBEEF6] - 27/02/2014 - 23:15:56 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624] =>Adware.BDSearch
O58 - SDL:[MD5.F4C1984178175ACE4A75BE23059C3E0A] - 21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:[MD5.955FFE2B1D74A9E0E3E0E558E6A17F3B] - 28/10/2013 - 00:12:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [107288]
O58 - SDL:[MD5.5252D7BC56E5E0ED715AEA8FE173A455] - 22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:[MD5.4E85355B94CFCB67C135F6521A4895A7] - 26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
~ Drivers: 19 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/03/2014] (...) -- C:\Users\Luna Bugatti\Desktop\zoek.exe [1285120]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "TCP Query User{81214B5D-86D7-4E99-A1B4-3D909965612D}C:\windows\kmsemulator.exe" |In - Public - P6 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
O87 - FAEL: "UDP Query User{5583A738-224E-4D14-9AF8-6A64450D4305}C:\windows\kmsemulator.exe" |In - Public - P17 - TRUE | .(...) -- C:\windows\kmsemulator.exe (.not file.)
~ Firewall: 215 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 15/01/2014 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 05/10/2012 276288 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 12/03/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/03/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 10/07/1658 0 | (Update Bizzybolt) . (...) - C:\Program Files (x86)\Bizzybolt\updateBizzybolt.exe =>PUP.Bizzybolt
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Auto 27/05/2013 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/10/2013 65304 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Experience\Positivo Experience\PositivoAplicativosService.exe
SR - | Auto 24/01/2013 51480 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files (x86)\Positivo Informática\Mundo Positivo Bateria\BatteryManagerService.exe
SR - | Auto 22/03/2013 15344 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/09/2012 2466448 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 27/07/2012 636952 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 19/12/2012 129488 | (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 19/12/2012 165328 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 19/12/2012 277456 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/12/2012 364496 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 06/03/2014 195072 | (ViewPassword) . (...) - C:\Program Files (x86)\View-Password-soft\ViewPassword155.exe =>PUP.ViewPassword
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 07s
---\\ Scâner Aditional (088)
Database Version : 13031 - (12/03/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 6
[HKLM\SYSTEM\CurrentControlSet\Services\Update Bizzybolt] =>PUP.Bizzybolt^
[HKLM\SYSTEM\CurrentControlSet\Services\ViewPassword] =>PUP.ViewPassword^
C:\Program Files (x86)\View-Password-soft =>PUP.ViewPassword^
C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe =>PUP.ViewPassword^
C:\Windows\Tasks\View Password Update.job =>PUP.ViewPassword^
C:\Windows\Tasks\View Password_wd.job =>PUP.ViewPassword^
C:\Windows\AutoKMS.exe =>Trojan.Trojan.Keygen^
C:\Program Files (x86)\View-Password-soft\View-.exe =>PUP.ViewPassword^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
~ Additionnel Scan: 169642 Items scanned in 00mn 38s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ViewPassword
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.Proxy
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Bizzybolt
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 4 link(s) detected in 00mn 38s
~ 778 Legitimates filtered by white list
End of the scan (390 lines in 02mn 11s)(0)
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 15:12
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Qua 12 Mar 2014, 15:46, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 15:41
Rapport de ZHPFix 2014.3.12.3 par Nicolas Coolman, Update du 12/03/2014
Fichier d'export Registre :
Run by Luna Bugatti at 12/03/2014 15:40:32
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
========== Chaves do Registo ==========
ELIMINÉ: Service: Update Bizzybolt
ELIMINÉ: Service: ViewPassword
ELIMINÉ:* HKLM\Software\Baidu Security
========== Valores do Registo ==========
ELIMINÉ: TCP Query User{81214B5D-86D7-4E99-A1B4-3D909965612D}C:\windows\kmsemulator.exe
ELIMINÉ: UDP Query User{5583A738-224E-4D14-9AF8-6A64450D4305}C:\windows\kmsemulator.exe
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (Public) : {A646A707-EC5F-48FC-94FB-D64751F4A108}
ELIMINÉ: FirewallRaz (Public) : {6C964AA2-D5D5-47C5-BC62-137E66C5FAF2}
ELIMINÉ: FirewallRaz (None) : {D663DFA0-7680-4797-8B62-415C4C283789}
ELIMINÉ: FirewallRaz (None) : {4EE47A99-D5F4-496A-8782-F46FFF3BE8D5}
ELIMINÉ: FirewallRaz (None) : {CADE9596-91B9-494D-9F1B-D84ECB12A9BB}
ELIMINÉ: FirewallRaz (None) : {78F1CF86-5861-4B62-A5B4-8F7FE1432B50}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ:* c:\program files (x86)\view-password-soft\viewpassword_wd.exe
ELIMINA REINICIAR: c:\program files (x86)\view-password-soft\viewpassword155.exe
ELIMINÉ: c:\windows\tasks\view password update.job
ELIMINÉ: c:\windows\tasks\view password_wd.job
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (22) (1.052.559 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: View Password Update
ELIMINÉ: View Password Update
ELIMINÉ: View Password_wd
ELIMINÉ: View Password_wd
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO [MD5.BB8A3FD6A7359BFDDEE77F21D89B2E63] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe [248320]
NÃO-TRATADO [MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184]
========== Recapitulativo ==========
1 : Processo memória
3 : Chaves do Registo
26 : Valores do Registo
1 : Pastas
9 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
2 : Outros
End of clean in 00mn 36s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luna Bugatti\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/03/2014 15:40:34 [3577]
Fichier d'export Registre :
Run by Luna Bugatti at 12/03/2014 15:40:32
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe
========== Chaves do Registo ==========
ELIMINÉ: Service: Update Bizzybolt
ELIMINÉ: Service: ViewPassword
ELIMINÉ:* HKLM\Software\Baidu Security
========== Valores do Registo ==========
ELIMINÉ: TCP Query User{81214B5D-86D7-4E99-A1B4-3D909965612D}C:\windows\kmsemulator.exe
ELIMINÉ: UDP Query User{5583A738-224E-4D14-9AF8-6A64450D4305}C:\windows\kmsemulator.exe
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (Public) : {A646A707-EC5F-48FC-94FB-D64751F4A108}
ELIMINÉ: FirewallRaz (Public) : {6C964AA2-D5D5-47C5-BC62-137E66C5FAF2}
ELIMINÉ: FirewallRaz (None) : {D663DFA0-7680-4797-8B62-415C4C283789}
ELIMINÉ: FirewallRaz (None) : {4EE47A99-D5F4-496A-8782-F46FFF3BE8D5}
ELIMINÉ: FirewallRaz (None) : {CADE9596-91B9-494D-9F1B-D84ECB12A9BB}
ELIMINÉ: FirewallRaz (None) : {78F1CF86-5861-4B62-A5B4-8F7FE1432B50}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ:* c:\program files (x86)\view-password-soft\viewpassword_wd.exe
ELIMINA REINICIAR: c:\program files (x86)\view-password-soft\viewpassword155.exe
ELIMINÉ: c:\windows\tasks\view password update.job
ELIMINÉ: c:\windows\tasks\view password_wd.job
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (22) (1.052.559 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: View Password Update
ELIMINÉ: View Password Update
ELIMINÉ: View Password_wd
ELIMINÉ: View Password_wd
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Outros ==========
NÃO-TRATADO [MD5.BB8A3FD6A7359BFDDEE77F21D89B2E63] [APT] [View Password Update] (...) -- C:\Program Files (x86)\View-Password-soft\View-.exe [248320]
NÃO-TRATADO [MD5.34E55CCCCAFC74AC8FACA8DCBFDE24D3] [APT] [View Password_wd] (...) -- C:\Program Files (x86)\View-Password-soft\ViewPassword_wd.exe [93184]
========== Recapitulativo ==========
1 : Processo memória
3 : Chaves do Registo
26 : Valores do Registo
1 : Pastas
9 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
2 : Outros
End of clean in 00mn 36s
========== Caminho do ficheiro do relatório ==========
C:\Users\Luna Bugatti\AppData\Roaming\ZHP\ZHPFix[R1].txt - 12/03/2014 15:40:34 [3577]
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 15:47
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes.
Ficamos no aguardo.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 17:06
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.03.12.09
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Luna Bugatti :: LUNABUGATTI [administrador]
Proteção: Permitir
12/03/2014 15:49:30
mbam-log-2014-03-12 (15-49-30).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 364779
Tempo decorrido: 1 hora(s), 9 minuto(s), 38 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 8
HKCR\Speed Test 127.BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Navbar (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Navbar.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.ScriptHostObject (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.ScriptHostObject.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Tool (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Tool.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_freegames111\install_helper.exe (Trojan.BProtector) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_speedtest4354\install_helper.exe (Trojan.BProtector) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Versão da Base de Dados: v2014.03.12.09
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Luna Bugatti :: LUNABUGATTI [administrador]
Proteção: Permitir
12/03/2014 15:49:30
mbam-log-2014-03-12 (15-49-30).txt
Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 364779
Tempo decorrido: 1 hora(s), 9 minuto(s), 38 segundo(s)
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
Chaves de Registro Detectadas: 8
HKCR\Speed Test 127.BackgroundHostObject (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.BackgroundHostObject.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Navbar (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Navbar.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.ScriptHostObject (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.ScriptHostObject.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Tool (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Speed Test 127.Tool.1 (PUP.Optional.SpeedTest.A) -> Enviado para a Quarentena e deletado com sucesso.
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
Arquivos Detectados: 2
C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_freegames111\install_helper.exe (Trojan.BProtector) -> Enviado para a Quarentena e deletado com sucesso.
C:\zoek_backup\C_Users_Luna Bugatti_AppData_Roaming_speedtest4354\install_helper.exe (Trojan.BProtector) -> Enviado para a Quarentena e deletado com sucesso.
(fim)
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Baidu Remoção
por Aline Angélica Qua 12 Mar 2014, 17:09
Cara, ficou 100%. Tá funcionando melhor do que nunca.
Você é demais, alias mais que mais.
Muito obrigada mesmo.
:rindo_atoa:
Você é demais, alias mais que mais.
Muito obrigada mesmo.
:rindo_atoa:
Aline Angélica- Iniciante
- Mensagens : 16
Reputação : 0
Data de inscrição : 11/03/2014
Idade : 32
Re: Baidu Remoção
por Power Max Qua 12 Mar 2014, 17:11
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Baidu Remoção
por Power Max Seg 24 Mar 2014, 14:10
CASO RESOLVIDO
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|