Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remover Baidu
2 participantes
Página 3 de 4
Página 3 de 4 • 
1, 2, 3, 4
Re: Remover Baidu
por Power Max Sex 11 Abr 2014, 16:39
Faça o download do OTM (de Old Timer) no link abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Selecione e copie todo o texto destacado em vermelho que te passei.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Última edição por Power Max em Sex 11 Abr 2014, 23:56, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sex 11 Abr 2014, 17:46
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AVAST Software\WRC\SearchRules\baidu.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AVAST Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}\\DllName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\AVAST Software\WRC\SearchRules\baidu.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\AVAST Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 04112014_164214
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_CURRENT_USER\Software\AVAST Software\WRC\SearchRules\baidu.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AVAST Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}\\DllName deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\BaiduAntivirusIconLock\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\AVAST Software\WRC\SearchRules\baidu.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\AVAST Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com\ not found.
Registry key HKEY_USERS\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2364669226-1398954891-4146519358-1000\Software\Avast Software\WRC\SearchRules\baidu.com not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
Registry key HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 04112014_164214
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sex 11 Abr 2014, 17:48
Clique com o botão direito do mouse sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione, copie todo o texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Após abrir o SystemLook.exe, selecione, copie todo o texto destacado em vermelho que te passei.
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sex 11 Abr 2014, 18:26
SystemLook 30.07.11 by jpshortstuff
Log created at 17:23 on 11/04/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [11:27 10/04/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
-= EOF =-
Log created at 17:23 on 11/04/2014 by casal
Administrator - Elevation successful
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [11:27 10/04/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32]
@="C:\Program Files\Baidu Security\Baidu Antivirus\BavShx.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
-= EOF =-
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sex 11 Abr 2014, 18:44
Selecione e copie todo o texto destacado em vermelho que te passei
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Clique com o botão direito do mouse sobre o OTM.exe e escolha a opção Executar como administrador.
Cole o texto que você acabou de copiar acima no espaço em branco abaixo da frase Paste instructions for itens to be Moved
Depois disto clique no botão MoveIt!
Depois de fazer os procedimentos acima, feche o OTM. Nota: O OTM deverá pedir para reiniciar o PC para concluir o processo de eliminação dos problemas, neste caso é só confirmar clicando em Yes. Neste caso, após a reinicialização, navegue até a pasta C:\_OTMoveIt\MovedFiles e abra o mais novo arquivo com extensão .log presente, selecione e copie todo o conteúdo desse relatório e poste aqui em seu próximo post.
Última edição por Power Max em Sex 11 Abr 2014, 23:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sex 11 Abr 2014, 18:56
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 04112014_174733
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
OTM by OldTimer - Version 3.1.21.0 log created on 04112014_174733
Files moved on Reboot...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sex 11 Abr 2014, 19:56
Faça o download do OTL (by OldTimer), e salve na sua área de trabalho (Desktop):[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Clique com o direito sobre o arquivo OTL.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Selecione todo este texto destacado em vermelho que te passei, clique com o botão direito do mouse sobre a seleção e escolha a opção Copiar
Clique com o botão direito do mouse sobre o OTL.exe e escolha a opção Executar como administrador.
Clique com o botão direito do mouse em qualquer parte branca, da sessão Exames Personalizados/Correções e escolha a opção Colar
Feche TODAS as janelas (deixando aberto só o próprio OTL).
Clique no botão [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
O programa executará o script e reiniciará o seu computador.
Quando o Windows for carregado, o OTL será executado automaticamente. Permita a sua execução.
Um bloco de notas será aberto, contendo algumas informações.
Copie TODO o conteúdo deste bloco de notas e cole na sua resposta.
Uma cópia deste log ficará armazenado na pasta C:\_OTL\MovedFiles com o nome no seguinte formato data_hora.log.
Exemplo: 03142010_145545.log
Última edição por Power Max em Sex 11 Abr 2014, 23:55, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sex 11 Abr 2014, 23:46
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 04112014_224052
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A93904A-BB1E-4a0c-9753-B57B9AE272CC}\InprocServer32\\@ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 04112014_224052
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000\\DeviceDesc scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000\\DeviceDesc scheduled to be deleted on reboot.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sex 11 Abr 2014, 23:53
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga estes tutoriais abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sex 11 Abr 2014, 23:59
~ Relatório do ZHPDiag v2014.4.9.16 - Nicolas Coolman (09/04/2014)
~ Iniciado por casal (11/04/2014 22:52:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 253 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 253 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 01:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 20:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/290
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/229
~ Mon Bureau (My Desktop) : 1/2023
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1168]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1040]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1192]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1260]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1000]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3720]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3780]
[MD5.75516A4D91F913A48D14A5D8C04BBD0E] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688] [PID.3756]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3800]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4004]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.1248]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.3896]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.3268]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.3032]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3396]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3344]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.1708]
[MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.4440]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1028]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1652]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1672]
[MD5.1A5F12AF8D00055B07DD0139A2251F03] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2838568] [PID.1784]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1836]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.516]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1468]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2528]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3524]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.1364]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2664]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] SpeedDial v.4.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.0.7.2 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [jgceplfonlgodadnpognljgdjlcnpjnh] Nielsen v.1.8.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.3.4.2 (Désactivé) =>PUP.ExtendedProtection
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.1.3, (Désactivé) =>PUP.QuickStart
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 12s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (.Nielsen - Nielsen FirefoxTracker Plug-in.) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll
~ Firefox Browser: 24 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [casal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [casal]: Freezip.lnk . (...) -- C:\Program Files\Free zip\7zFM.exe (.not file.)
O4 - GS\Program [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [casal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [casal]: exe-1.04.1.lnk . (...) -- C:\Program Files\exe\exe.exe
O4 - GS\Desktop [casal]: fixlist.lnk . (...) -- C:\Users\casal\Downloads\fixlist.txt (.not file.)
O4 - GS\Desktop [casal]: FRST.lnk . (.Farbar - Aut2Exe.) -- C:\Users\casal\Downloads\FRST.exe
O4 - GS\Desktop [casal]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [casal]: OTL (1).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - GS\Desktop [casal]: OTL (2).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTM.exe
O4 - GS\Desktop [casal]: SystemLook.lnk . (...) -- C:\Users\casal\Downloads\SystemLook.exe
O4 - GS\Desktop [casal]: zoek - Atalho.lnk . (...) -- C:\Users\casal\Downloads\zoek.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Assistente para criação de disco de recuperação.lnk . (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_4E633D72E60CDC1A05956C.exe
O4 - GS\Startup [Public]: OSD.lnk . (...) -- C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - GS\Startup [casal]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NielsenOnline] . (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\RunOnce: [OTL] . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Nielsen Update (NielsenUpdate) . (.The Nielsen Company - NielsenOnline.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
~ Services: 8 Legitimates Filtered in 00mn 23s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (nnfwdk) . (.The Nielsen Company - Nielsen Network Filter Driver.) - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Nielsen - (...) [HKLM] -- NetSight
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 210 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2014 - 17:12:19 - [79,980] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [0,006] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 01/08/2012 - 20:46:05 - [0,084] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [0,059] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [0,002] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [0] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 171 Legitimates Filtered in 00mn 40s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.83E569BEC3CB8C8F269A69A97AA72BD2] - 08/04/2014 - 23:05:04 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.02A210BE5BD28FC64533B5E5BAE87B64] - 11/04/2014 - 08:55:26 ---A- . (...) -- C:\PureRa.txt [63208]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/04/2014 - 09:56:43 ---A- . (...) -- C:\Windows\System32\shoD684.tmp [0]
O44 - LFC:[MD5.6CAD0404086985C8892D2788D228C98C] - 11/04/2014 - 11:35:08 ---A- . (...) -- C:\Windows\ntbtlog.txt [219874]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
~ Files: 50 Legitimates Filtered in 00mn 09s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4312D307729EBC73FEA44E32D6BB2F97] - 03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.BEE9AE78676412FE17000411F26847ED] - 17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 18/12/2013 - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys (nnfwdk) .(.The Nielsen Company - Nielsen Network Filter Driver.) - LEGACY_NNFWDK
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\casal\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.5.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 73 Legitimates Filtered in 00mn 07s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 255 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/10/2013 2838568 | (NielsenUpdate) . (.The Nielsen Company.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 35s
---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKCU\Software\BI] =>Adware.MegaSearch
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
~ Additionnel Scan: 246089 Items scanned in 01mn 34s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ExtendedProtection
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.QuickStart
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
~ MSI: 5 link(s) detected in 00mn 00s
~ 995 Legitimates filtered by white list
End of the scan (520 lines in 04mn 37s)(0)
~ Iniciado por casal (11/04/2014 22:52:11)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 253 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 253 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 01:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 20:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 01s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/290
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/229
~ Mon Bureau (My Desktop) : 1/2023
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 06s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1168]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1040]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1192]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1260]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1000]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3720]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3780]
[MD5.75516A4D91F913A48D14A5D8C04BBD0E] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688] [PID.3756]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3800]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4004]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.1248]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.3896]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.3268]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.3032]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.3396]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3344]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.1708]
[MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.4440]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1028]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1652]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1672]
[MD5.1A5F12AF8D00055B07DD0139A2251F03] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2838568] [PID.1784]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1836]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.516]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1468]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2528]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3524]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.1364]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2664]
~ Processes Running: Scanned in 00mn 03s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] SpeedDial v.4.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.0.7.2 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [jgceplfonlgodadnpognljgdjlcnpjnh] Nielsen v.1.8.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.3.4.2 (Désactivé) =>PUP.ExtendedProtection
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.1.3, (Désactivé) =>PUP.QuickStart
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 12s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (.Nielsen - Nielsen FirefoxTracker Plug-in.) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll
~ Firefox Browser: 24 Legitimates Filtered in 00mn 01s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [casal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [casal]: Freezip.lnk . (...) -- C:\Program Files\Free zip\7zFM.exe (.not file.)
O4 - GS\Program [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [casal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [casal]: exe-1.04.1.lnk . (...) -- C:\Program Files\exe\exe.exe
O4 - GS\Desktop [casal]: fixlist.lnk . (...) -- C:\Users\casal\Downloads\fixlist.txt (.not file.)
O4 - GS\Desktop [casal]: FRST.lnk . (.Farbar - Aut2Exe.) -- C:\Users\casal\Downloads\FRST.exe
O4 - GS\Desktop [casal]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [casal]: OTL (1).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - GS\Desktop [casal]: OTL (2).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTM.exe
O4 - GS\Desktop [casal]: SystemLook.lnk . (...) -- C:\Users\casal\Downloads\SystemLook.exe
O4 - GS\Desktop [casal]: zoek - Atalho.lnk . (...) -- C:\Users\casal\Downloads\zoek.exe
~ Global Startup: 76 Legitimates Filtered in 00mn 03s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Assistente para criação de disco de recuperação.lnk . (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_4E633D72E60CDC1A05956C.exe
O4 - GS\Startup [Public]: OSD.lnk . (...) -- C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - GS\Startup [casal]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NielsenOnline] . (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\RunOnce: [OTL] . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Nielsen Update (NielsenUpdate) . (.The Nielsen Company - NielsenOnline.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
~ Services: 8 Legitimates Filtered in 00mn 23s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (nnfwdk) . (.The Nielsen Company - Nielsen Network Filter Driver.) - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Nielsen - (...) [HKLM] -- NetSight
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\BI]
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 210 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2014 - 17:12:19 - [79,980] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [0,006] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 01/08/2012 - 20:46:05 - [0,084] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [0,059] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [0,002] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [0] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 171 Legitimates Filtered in 00mn 40s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.83E569BEC3CB8C8F269A69A97AA72BD2] - 08/04/2014 - 23:05:04 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.02A210BE5BD28FC64533B5E5BAE87B64] - 11/04/2014 - 08:55:26 ---A- . (...) -- C:\PureRa.txt [63208]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/04/2014 - 09:56:43 ---A- . (...) -- C:\Windows\System32\shoD684.tmp [0]
O44 - LFC:[MD5.6CAD0404086985C8892D2788D228C98C] - 11/04/2014 - 11:35:08 ---A- . (...) -- C:\Windows\ntbtlog.txt [219874]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
~ Files: 50 Legitimates Filtered in 00mn 09s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.) =>P2P.µTorrent
~ SMSR Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4312D307729EBC73FEA44E32D6BB2F97] - 03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.BEE9AE78676412FE17000411F26847ED] - 17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 04s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 18/12/2013 - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys (nnfwdk) .(.The Nielsen Company - Nielsen Network Filter Driver.) - LEGACY_NNFWDK
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.5.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 73 Legitimates Filtered in 00mn 07s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 255 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/10/2013 2838568 | (NielsenUpdate) . (.The Nielsen Company.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 35s
---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.µTorrent^
[HKCU\Software\Somoto] =>Adware.MegaSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller] =>Adware.MegaSearch
[HKCU\Software\BI] =>Adware.MegaSearch
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
~ Additionnel Scan: 246089 Items scanned in 01mn 34s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ExtendedProtection
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.QuickStart
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MegaSearch
~ MSI: 5 link(s) detected in 00mn 00s
~ 995 Legitimates filtered by white list
End of the scan (520 lines in 04mn 37s)(0)
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:01
Porque você postou este log do ZHP? O PC está com algum problema?
Última edição por Power Max em Sáb 12 Abr 2014, 00:02, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:02
Nossa, eu é que agradeço e desculpe o trabalho. Obrigado mesmo.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:05
Não,não esquece. O que faço com os programas abaixados?
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:06
Embora você tenha postado sem querer, este log ainda mostra adwares. Será que você instalou algum programa recentemente que possa ter recontaminado o PC? aguarde um momento que vou montar o script para remover estes problemas.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:11
Não baixei nenhum programa, pois estou sem o antivírus. Só abro a internet para procurar ajuda no fórum.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:15
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 12 Abr 2014, 14:25, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:25
Rapport de ZHPFix 2014.4.7.2 par Nicolas Coolman, Update du 07/04/2014
Fichier d'export Registre :
Run by casal at 11/04/2014 23:23:59
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKCU\Software\BI
ELIMINÉ:* HKCU\Software\Somoto
ELIMINÉ:* StartupReg: uTorrent
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\casal\appdata\roaming\microsoft\windows\start menu\programs\freezip.lnk
ELIMINÉ: c:\users\casal\desktop\fixlist.lnk
ELIMINÉ Temporários windows (167) (10.756.732 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 42s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/04/2014 17:38:36 [20984]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/04/2014 17:38:45 [21141]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R3].txt - 10/04/2014 22:04:37 [1015]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R4].txt - 11/04/2014 23:24:03 [1659]
Fichier d'export Registre :
Run by casal at 11/04/2014 23:23:59
High Elevated Privileges : OK
Windows 7 Starter Edition, 32-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ:* HKCU\Software\BI
ELIMINÉ:* HKCU\Software\Somoto
ELIMINÉ:* StartupReg: uTorrent
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\users\casal\appdata\roaming\microsoft\windows\start menu\programs\freezip.lnk
ELIMINÉ: c:\users\casal\desktop\fixlist.lnk
ELIMINÉ Temporários windows (167) (10.756.732 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 42s
========== Caminho do ficheiro do relatório ==========
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R1].txt - 10/04/2014 17:38:36 [20984]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R2].txt - 10/04/2014 17:38:45 [21141]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R3].txt - 10/04/2014 22:04:37 [1015]
C:\Users\casal\AppData\Roaming\ZHP\ZHPFix[R4].txt - 11/04/2014 23:24:03 [1659]
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:26
Abra novamente o ( ZHPDiag )[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:27
Quando vou no menu iniciar - todos os programas - o Baidu aparece.
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Rodrig Sáb 12 Abr 2014, 00:38
~ Relatório do ZHPDiag v2014.4.9.16 - Nicolas Coolman (09/04/2014)
~ Iniciado por casal (11/04/2014 23:35:00)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 253 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 253 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 01:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 20:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/290
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/229
~ Mon Bureau (My Desktop) : 1/2022
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1168]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1040]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1192]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1260]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1000]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3720]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3780]
[MD5.75516A4D91F913A48D14A5D8C04BBD0E] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688] [PID.3756]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3800]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4004]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.1248]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.3896]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.3268]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.3032]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3344]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.1708]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5844]
[MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.3272]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2192]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1028]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1652]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1672]
[MD5.1A5F12AF8D00055B07DD0139A2251F03] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2838568] [PID.1784]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1836]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.516]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1468]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2528]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3524]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.1364]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2664]
[MD5.2C49B175AEE1D4364B91B531417FE583] - (.Microsoft Corporation - Instalador de Módulos do Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [204800] [PID.4276]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] SpeedDial v.4.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.0.7.2 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [jgceplfonlgodadnpognljgdjlcnpjnh] Nielsen v.1.8.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.3.4.2 (Désactivé) =>PUP.ExtendedProtection
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.1.3, (Désactivé) =>PUP.QuickStart
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (.Nielsen - Nielsen FirefoxTracker Plug-in.) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [casal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [casal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [casal]: exe-1.04.1.lnk . (...) -- C:\Program Files\exe\exe.exe
O4 - GS\Desktop [casal]: FRST.lnk . (.Farbar - Aut2Exe.) -- C:\Users\casal\Downloads\FRST.exe
O4 - GS\Desktop [casal]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [casal]: OTL (1).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - GS\Desktop [casal]: OTL (2).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTM.exe
O4 - GS\Desktop [casal]: SystemLook.lnk . (...) -- C:\Users\casal\Downloads\SystemLook.exe
O4 - GS\Desktop [casal]: zoek - Atalho.lnk . (...) -- C:\Users\casal\Downloads\zoek.exe
~ Global Startup: 74 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Assistente para criação de disco de recuperação.lnk . (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_4E633D72E60CDC1A05956C.exe
O4 - GS\Startup [Public]: OSD.lnk . (...) -- C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - GS\Startup [casal]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NielsenOnline] . (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\RunOnce: [OTL] . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Nielsen Update (NielsenUpdate) . (.The Nielsen Company - NielsenOnline.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
~ Services: 8 Legitimates Filtered in 00mn 24s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (nnfwdk) . (.The Nielsen Company - Nielsen Network Filter Driver.) - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Nielsen - (...) [HKLM] -- NetSight
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 22 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 206 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2014 - 17:12:19 - [79,980] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [0,006] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 01/08/2012 - 20:46:05 - [0,084] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [0,059] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [0,002] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [0] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 171 Legitimates Filtered in 00mn 07s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.83E569BEC3CB8C8F269A69A97AA72BD2] - 08/04/2014 - 23:05:04 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.02A210BE5BD28FC64533B5E5BAE87B64] - 11/04/2014 - 08:55:26 ---A- . (...) -- C:\PureRa.txt [63208]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/04/2014 - 09:56:43 ---A- . (...) -- C:\Windows\System32\shoD684.tmp [0]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
~ Files: 46 Legitimates Filtered in 00mn 05s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4312D307729EBC73FEA44E32D6BB2F97] - 03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.BEE9AE78676412FE17000411F26847ED] - 17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 18/12/2013 - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys (nnfwdk) .(.The Nielsen Company - Nielsen Network Filter Driver.) - LEGACY_NNFWDK
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\casal\AppData\Local\Google\Chrome\Application\chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.5.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 73 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 255 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/10/2013 2838568 | (NielsenUpdate) . (.The Nielsen Company.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 32s
---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
~ Additionnel Scan: 244428 Items scanned in 01mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ExtendedProtection
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.QuickStart
~ MSI: 4 link(s) detected in 00mn 00s
~ 987 Legitimates filtered by white list
End of the scan (506 lines in 03mn 34s)(0)
~ Iniciado por casal (11/04/2014 23:35:00)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17041
MFIE: Mozilla Firefox 28.0 (Defaut)
GCIE: Google Chrome v34.0.1847.116
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows Vista (TM) Ultimate, 32-bit Service Pack 1 (Build 6000)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : KO
Windows Automatic Updates : OK
---\\ Softwares de proteçao do sistema
---\\ Softwares d'optimização do sistema
CCleaner v4.12 =>.Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 28 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 2038 MB (46% free)
System Restore: Activé (Enable)
System drive C: has 253 GB (87%) free of 288 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AMORE
~ User Name: casal
~ All Users Names: Convidado, casal, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\casal\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\casal\AppData\Roaming\
~ %Desktop% : C:\Users\casal\Desktop\
~ %Favorites% : C:\Users\casal\Favorites\
~ %LocalAppData% : C:\Users\casal\AppData\Local\
~ %StartMenu% : C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 253 Go of 288 Go)
D: CD-ROM drive (Not Inserted)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 43 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.07/07/2011 - 10:29:24.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 21:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 01:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 17:29:06.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 17:29:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 20:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 21:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 19:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 19:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 19:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/07/2011 - 10:30:36.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 17:29:08.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 22:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 19:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 19:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 19:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 17:29:07.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 17:29:03.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/290
~ Mes Videos (My Videos) : 1/2
~ Mes Favoris (My Favorites) : 1/29
~ Mes Documents (My Documents) : 7/229
~ Mon Bureau (My Desktop) : 1/2022
~ Menu demarrer (Programs) : 1/45
~ Hidden Files: Scanned in 00mn 02s
---\\ Processos lançados
[MD5.FDBAA6322B3B408CD275A14654EF3D6B] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe [495708] [PID.1168]
[MD5.25107F58D1B8F60D67D1EE95798C0DE8] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696] [PID.1040]
[MD5.68257A00D12A44A390514E668407C8FA] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [141848] [PID.1192]
[MD5.F1C66577F5BFDD08B8E21B9ED2FE1300] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [173592] [PID.1260]
[MD5.1900188CF86CB7C82CB5C51F8EACCF86] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [150552] [PID.1000]
[MD5.0260412F3ED50279F42B913A42A9C66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\Windows\system32\igfxsrvc.exe [252952] [PID.3720]
[MD5.8895BE670D1D4BD478B16DD311273F4A] - (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1557800] [PID.3780]
[MD5.75516A4D91F913A48D14A5D8C04BBD0E] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688] [PID.3756]
[MD5.DE8C5AB7EE56A7DA0166B2E2B0E496A2] - (.Synaptics Incorporated - Synaptics Pointing Device Helper.) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe [103720] [PID.3800]
[MD5.FC551A8B8E637B2147C003C885B6756E] - (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe [1496576] [PID.4004]
[MD5.FE7AC897D23D88EEBA687BBD61DBBDCA] - (.No owner - IPM.exe.) -- C:\Program Files\OEM\IPM 1.5\IPM.exe [1106432] [PID.1248]
[MD5.2256E495D6B2566DE6DDBC6632510477] - (.No owner - OSD.) -- C:\Program Files\OEM\OSD 1.7\SunflowerOSD.exe [548864] [PID.3896]
[MD5.EB7F5388A3B1318DFFA8EA50C71835EF] - (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe [1560576] [PID.3268]
[MD5.58FC1B36032F03342E4C02813F80DAC1] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe [30714328] [PID.3032]
[MD5.111ADB8738E6A9EF7001920F108B4833] - (.Positivo Informática S.A. - Positivo Backup.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Backup\PositivoSmartBackup.exe [1858048] [PID.3344]
[MD5.DFC999E39D7465077B45F08C53BEE076] - (.Positivo Informática S.A. - Positivo Áudio.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Áudio\AudioPower.exe [1015808] [PID.1708]
[MD5.8E556A72D54F7E3B7844AB9217F02DD7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [275568] [PID.5844]
[MD5.F4651164AA1330735ADEA50AD0A326F2] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8208896] [PID.3272]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2192]
[MD5.D44D3387809EEDB5564735EC27BE700E] - (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\STacSV.exe [237650] [PID.1028]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1652]
[MD5.6D3242D8E7476F6A976084611A1594C1] - (.Positivo Informática S.A - Battery Power Service.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe [45056] [PID.1672]
[MD5.1A5F12AF8D00055B07DD0139A2251F03] - (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2838568] [PID.1784]
[MD5.FD306FBCCE7ADB1077B709742E7148E9] - (...) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe [71096] [PID.1836]
[MD5.19D34534176E62F35DDB7DC7B7FF2A87] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.516]
[MD5.1AEBDC693C74EA55FE05D51FA6573EBC] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.1468]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2528]
[MD5.B752FC4AB1F3D5048A17E1D993028998] - (.Positivo Informática S.A - Battery Power Main Application.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryPower.exe [1208320] [PID.3524]
[MD5.5BD9CC8C50D3FFF051AB6FF009BE9602] - (.Positivo Informática S.A. - WindowsService.) -- C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe [64592] [PID.1364]
[MD5.31A0E93CDF29007D6C6FFFB632F375ED] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2664]
[MD5.2C49B175AEE1D4364B91B531417FE583] - (.Microsoft Corporation - Instalador de Módulos do Windows.) -- C:\Windows\servicing\TrustedInstaller.exe [204800] [PID.4276]
~ Processes Running: Scanned in 00mn 01s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [bbjciahceamgodcoidkjpchnokgfpphh] Funmoods v.1.0 (Désactivé) =>PUP.Funmoods
G2 - GCE: Preference [User Data\Default] [cjpglkicenollcignonpgiafdgfeehoj] SpeedDial v.4.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [gaiilaahiahdejapggenmdmafpmbipje] DealPly v.3.0.7.2 (Désactivé) =>PUP.DealPly
G2 - GCE: Preference [User Data\Default] [jgceplfonlgodadnpognljgdjlcnpjnh] Nielsen v.1.8.1 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [ogfjmhfnldnajmfaofeiaepghjenbgjo] Extended Protection v.3.4.2 (Désactivé) =>PUP.ExtendedProtection
G2 - GCE: Preference [User Data\Default] [pelmeidfhdlhlbjimpabfcbnnojbboma] Quick Start v.3.1.3, (Désactivé) =>PUP.QuickStart
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 18 Legitimates Filtered in 00mn 11s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\p4r4c8sz.default-1394306066141\prefs.js
C:\Users\casal\AppData\Roaming\Mozilla\Firefox\Profiles\yfiiolph.default-1396892395728\prefs.js
P2 - FPN: [HKLM] [@nielsen/FirefoxTracker] - (.Nielsen - Nielsen FirefoxTracker Plug-in.) -- C:\Program Files\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Cadastro.lnk . (.Positivo Informática - Registro de usuários Positivo Inform.) -- C:\Program Files\Positivo Informática\SW_Cadastro\Registro.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Desktop [Public]: Receitanet 1.04 .lnk . (.SERPRO - Serviço Federal de Processamento d - Receitanet.) -- C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
O4 - GS\Desktop [Public]: Webcam.lnk . (...) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_F4711BF7C212A03CB0C5A8.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\QuickLaunch [casal]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - GS\TaskBar [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [casal]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [casal]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [casal]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [casal]: exe-1.04.1.lnk . (...) -- C:\Program Files\exe\exe.exe
O4 - GS\Desktop [casal]: FRST.lnk . (.Farbar - Aut2Exe.) -- C:\Users\casal\Downloads\FRST.exe
O4 - GS\Desktop [casal]: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk . (...) -- C:\Arquivos de Programas RFB\IRPF2014\IRPF2014.exe
O4 - GS\Desktop [casal]: OTL (1).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - GS\Desktop [casal]: OTL (2).lnk . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTM.exe
O4 - GS\Desktop [casal]: SystemLook.lnk . (...) -- C:\Users\casal\Downloads\SystemLook.exe
O4 - GS\Desktop [casal]: zoek - Atalho.lnk . (...) -- C:\Users\casal\Downloads\zoek.exe
~ Global Startup: 74 Legitimates Filtered in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - GS\Startup [Public]: Assistente para criação de disco de recuperação.lnk . (.Positivo Informática - Recovery.) -- C:\Program Files\Positivo Informática\Recovery\Recovery2.exe
O4 - GS\Startup [Public]: IPM.lnk . (...) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_4E633D72E60CDC1A05956C.exe
O4 - GS\Startup [Public]: OSD.lnk . (...) -- C:\Windows\Installer\{5A9C96FE-1376-45E1-8556-C81255F0B5A7}\_51DECE17D28CB133DD0C64.exe
O4 - GS\Startup [Public]: Ralink Wireless Utility.lnk . (.Ralink Technology, Corp. - RaUI MFC Application.) -- C:\Program Files\Ralink\Common\RaUI.exe
O4 - GS\Startup [casal]: Dropbox.lnk . (.Dropbox, Inc. - Dropbox.) -- C:\Users\casal\AppData\Roaming\Dropbox\bin\Dropbox.exe =>.Dropbox
O4 - HKLM\..\Run: [SysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] . (...) -- C:\Program Files\Positivo Informática\Gerenciador de Inicialização Positivo\ManagerWindows.exe
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NielsenOnline] . (.The Nielsen Company - NielsenOnline.) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\RunOnce: [OTL] . (.OldTimer Tools - No Comment.) -- C:\Users\casal\Downloads\OTL.exe
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2364669226-1398954891-4146519358-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\casal\AppData\Local\Google\Update\GoogleUpdate.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} . (.Microsoft Corporation - Windows Live Writer Blog This Extension.) -- C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CCS\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS1\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS1\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{B7F4A48C-FC31-4615-AFDB-E88BFDB109FD}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: NameServer = 200.175.182.139,200.175.5.139
O17 - HKLM\System\CS2\Services\Tcpip\..\{5AE40E16-3297-4BC8-B00E-C38BFD003E4B}: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
O17 - HKLM\System\CS2\Services\Tcpip\..\{C8F930EE-434F-4859-82A8-6A1CC10A4FC6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.123.31.55 187.123.31.56 187.123.31.54
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Nielsen Update (NielsenUpdate) . (.The Nielsen Company - NielsenOnline.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
~ Services: 8 Legitimates Filtered in 00mn 24s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (nnfwdk) . (.The Nielsen Company - Nielsen Network Filter Driver.) - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys
~ Drivers: 63 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: Driver 1.2 - (.OEM.) [HKLM] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: IPM 1.5 - (.OEM.) [HKLM] -- {AADF4228-0772-4D43-92EB-B245E3A17B00}
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM] -- IRPF2014
O42 - Logiciel: Nielsen - (...) [HKLM] -- NetSight
O42 - Logiciel: OSD 1.7 - (.OEM.) [HKLM] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 22 Legitimates Filtered in 00mn 02s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\IBOPE]
[HKCU\Software\SERPRO]
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKLM\Software\NSCPID]
[HKLM\Software\SoilIO]
~ Key Software: 206 Legitimates Filtered in 00mn 02s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/04/2014 - 17:12:19 - [79,980] ----D C:\Program Files\exe
O43 - CFD: 11/04/2014 - 08:36:46 - [0,006] ----D C:\Program Files\Free zip
O43 - CFD: 07/03/2014 - 15:38:44 - [8,843] ----D C:\Program Files\Programas RFB
O43 - CFD: 08/03/2014 - 15:12:29 - [0] ----D C:\Program Files\RBM
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio
O43 - CFD: 01/12/2013 - 07:44:47 - [0] ----D C:\ProgramData\Audio Power
O43 - CFD: 01/08/2012 - 20:46:05 - [0,084] ----D C:\Users\casal\AppData\Roaming\br.org.cesar.ajudante.Ajudante
O43 - CFD: 10/04/2014 - 17:12:49 - [0,059] ----D C:\Users\casal\AppData\Roaming\exe
O43 - CFD: 02/08/2012 - 19:53:10 - [0,002] ----D C:\Users\casal\AppData\Roaming\Mural dos Amigos
O43 - CFD: 14/12/2013 - 16:38:35 - [0] ----D C:\Users\casal\AppData\Local\Inquisit
O43 - CFD: 29/10/2013 - 22:06:11 - [0] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\exe
O43 - CFD: 12/04/2012 - 10:31:02 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 11/04/2013 - 17:27:19 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 07/03/2014 - 14:31:00 - [0,004] ----D C:\Users\casal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 171 Legitimates Filtered in 00mn 07s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.83E569BEC3CB8C8F269A69A97AA72BD2] - 08/04/2014 - 23:05:04 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.02A210BE5BD28FC64533B5E5BAE87B64] - 11/04/2014 - 08:55:26 ---A- . (...) -- C:\PureRa.txt [63208]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 11/04/2014 - 09:56:43 ---A- . (...) -- C:\Windows\System32\shoD684.tmp [0]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.6AF049CEC3A2D4FF797DDE5D013BDD5B] - 11/04/2014 - 22:50:05 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [16160]
O44 - LFC:[MD5.5811DA8CC1E6CD77967BEC1D1C7EF9A8] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148924]
O44 - LFC:[MD5.2669C46FE5289555BC025A49456D04B0] - 29/03/2014 - 10:06:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [709402]
~ Files: 46 Legitimates Filtered in 00mn 05s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 21:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 18:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.4312D307729EBC73FEA44E32D6BB2F97] - 03/10/2011 - 14:21:54 ---A- . (...) -- C:\Windows\System32\Drivers\pad.sys [52496]
O58 - SDL:[MD5.6A06E33B9C2502D315C23731401358BF] - 04/12/2009 - 14:43:46 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys [16248]
O58 - SDL:[MD5.4125AE13E301EDD3E0FFD57A7AC00258] - 04/12/2009 - 14:44:18 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\Soilkbc.sys [10744]
O58 - SDL:[MD5.F0E973C24C9DFECE8853588918E62055] - 04/12/2009 - 14:44:36 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\SoilMC.sys [10616]
O58 - SDL:[MD5.F92254B0BCFCD10CAAC7BCCC7CB7F467] - 12/11/2009 - 11:48:56 ---A- . (...) -- C:\Windows\System32\Drivers\StarOpen.sys [7168]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 21:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.BEE9AE78676412FE17000411F26847ED] - 17/06/2010 - 09:10:14 ---A- . (.IDT, Inc. - IDT PC Audio.) -- C:\Windows\System32\Drivers\stwrt.sys [431616]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 17:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 17:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 17:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 17:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 17:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 17:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 17:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 17:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 17:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 17:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 17:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 17:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 17:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 17:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 01s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 18/12/2013 - C:\Program Files\NetRatingsNetSight\NetSight\meter1\nnfwdk.sys (nnfwdk) .(.The Nielsen Company - Nielsen Network Filter Driver.) - LEGACY_NNFWDK
~ Legacy: 101 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {5149167E-EC05-ABF1-729A-7D253194AFED} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.8DDB84FB5FD7958654F23ECE6EA14D0F] [SPRF][15/01/2014] (.Baidu, Inc. - Baidu Antivirus FileSplitUpLoad Library.) -- C:\ProgramData\FileSplitUpLoad.dll [167784]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "15687B932DF62574EB863CDB6B2F9DEE" . (.Webcam 1.5.) -- C:\Windows\Installer\{39B78651-6FD2-4752-BE68-C3BDB6F2D9EE}\_6FEFF9B68218417F98F549.exe
O90 - PUC: "8224FDAA277034D429BE2B543E1AB700" . (.IPM 1.5.) -- C:\Windows\Installer\{AADF4228-0772-4D43-92EB-B245E3A17B00}\_6FEFF9B68218417F98F549.exe
~ Update Products: 70 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
~ WIS: 73 Legitimates Filtered in 00mn 03s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-32-build-27708-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 255 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/03/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 30/10/2012 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 30/10/2012 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 19/03/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 03/10/2012 64592 | (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Experience\MundoPositivoService.exe
SR - | Auto 20/03/2012 45056 | (BatteryManagerSrv) . (.Positivo Informática S.A.) - C:\Program Files\Positivo Informática\Positivo Experience\Positivo Bateria\BatteryManagerService.exe
SR - | Auto 03/03/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/10/2013 2838568 | (NielsenUpdate) . (.The Nielsen Company.) - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
SR - | Auto 12/11/2009 71096 | (NMSAccessU) . (...) - C:\Program Files\CDBurnerXP\NMSAccessU.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 17/06/2010 237650 | (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\STacSV.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 32s
---\\ Scâner Aditional (088)
Database Version : 13044 - (09/04/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 4
Fichiers trouvés (Files found) : 0
[HKLM\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh] =>PUP.Funmoods^
[HKLM\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje] =>PUP.DealPly^
[HKLM\Software\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo] =>PUP.ExtendedProtection^
[HKLM\Software\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma] =>PUP.QuickStart^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh =>PUP.Funmoods^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje =>PUP.DealPly^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo =>PUP.ExtendedProtection^
C:\Users\casal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma =>PUP.QuickStart^
~ Additionnel Scan: 244428 Items scanned in 01mn 33s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.Funmoods
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.DealPly
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ExtendedProtection
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.QuickStart
~ MSI: 4 link(s) detected in 00mn 00s
~ 987 Legitimates filtered by white list
End of the scan (506 lines in 03mn 34s)(0)
Rodrig- Membro
- Mensagens : 219
Reputação : 1
Data de inscrição : 03/04/2014
Idade : 43
Localização : Paraná
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:50
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Sáb 12 Abr 2014, 14:25, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remover Baidu
por Power Max Sáb 12 Abr 2014, 00:51
Depois disto aproveite e instale um antivirus de sua preferência > Faça uma verificação completa com ele e envie os vírus que ele encontrar para a quarentena dele.
Depois disto nos diga se o antivirus removeu mais alguns vírus.
Depois disto nos diga se o antivirus removeu mais alguns vírus.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Página 3 de 4 • 1, 2, 3, 4
Página 3 de 4
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|