Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35114 mensagens em 3558 assuntos
Últimos assuntos
» Pc reinicia ao desligar e vai pra BIOS
por joram Ontem à(s) 14:41

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


Preciso de ajuda para remover o Baidu por completo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Sab 10 Maio 2014, 22:40

Instalaram o Baidu aqui no meu pc e eu não estou conseguindo desinstalar ele totalmente. Depois que instalou ele, meu pc ficou mais lento e eu não estou conseguindo usar alguns programas, como o "Sxe Injected" que eu uso para um jogo.

Desde já, agradeço pela atenção.

Relatorio do HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:49:14, on 10/5/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Messenger\msmsgs.exe
C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CASA\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC App Store Uninstall 3.14.9.3480.lnk = C:\WINDOWS\system32\rundll32.exe
O8 - Extra context menu item: Baixar com Mipony - [Você precisa estar registrado e conectado para ver este link.] de programas\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyEpson Portal Service - SEIKO EPSON CORPORATION - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe

--
End of file - 6980 bytes
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Sab 10 Maio 2014, 23:38

   Olá guijorge.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 00:12

# AdwCleaner v3.207 - Relatório criado 10/05/2014 às 21:54:37
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : CASA - CASA-CE19F7E264
# Executando de : C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
[#] Serviço Deletada : WajamUpdaterV3

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\apn
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Tarma Installer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\Dowonloadu kkeepeer
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\SearchNewTab
Pasta Deletada : C:\Documents and Settings\All Users\Dados de aplicativos\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\BonanzaDeals
Pasta Deletada : C:\Arquivos de programas\BonanzaDealsLive
Pasta Deletada : C:\Arquivos de programas\Conduit
Pasta Deletada : C:\Arquivos de programas\DealPly
Pasta Deletada : C:\Arquivos de programas\Iminent
Pasta Deletada : C:\Arquivos de programas\IminentToolbar
Pasta Deletada : C:\Arquivos de programas\Mobogenie
Pasta Deletada : C:\Arquivos de programas\Optimizer Pro
Pasta Deletada : C:\Arquivos de programas\SaveSense
Pasta Deletada : C:\Arquivos de programas\SaveSenseLive
Pasta Deletada : C:\Arquivos de programas\Wajam
Pasta Deletada : C:\Arquivos de programas\YoutubeAdblocker
Pasta Deletada : C:\Arquivos de programas\Movier-media
Pasta Deletada : C:\Arquivos de programas\Arquivos comuns\Umbrella
Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\BonanzaDealsLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Conduit
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\FilesFrog Update Checker
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\genienext
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\lollipop
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Mobogenie
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SaveSenseLive
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Movier-media
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Babylon
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\baidu
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\DealPly
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\IminentToolbar
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\newnext.me
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\OpenCandy
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\SwvUpdater
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SaveSense
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\SmartTweak Software
Pasta Deletada : C:\Documents and Settings\CASA\Menu Iniciar\Programas\Wajam
Pasta Deletada : C:\Documents and Settings\CASA\Meus documentos\Mobogenie
Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\torch
Pasta Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\rcdyafe@jol-ae.net
[!] Pasta Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\dpfmnidneollbamkpkhhmjmnkkapjpno
[!] Pasta Deletada : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
[!] Pasta Deletada : C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\mapipbmejdiglaoinndhldjdehabcnlp
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Documents and Settings\CASA\daemonprocess.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\LiveSupport.exe_log.txt
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\regsvr32.exe_log.txt
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\defaults\pref\all-iminent.js
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\invalidprefs.js
Arquivo Deletada : C:\Arquivos de programas\Mozilla Firefox\browser\searchplugins\StartWeb.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\searchplugins\WebSearch.xml
Arquivo Deletada : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\user.js
Arquivo Deletada : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\WINDOWS\Tasks\SaveSenseLiveUpdateTaskMachineUA.job

***** [ Atalhos ] *****


***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\igdhbblpcellaljokkpfhcjlagemhgjl
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKCU\Toolbar
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Iminent.WebBooster.InternetExplorer.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.BrowserHelperObject.1
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender
Chave Deletedo : HKLM\SOFTWARE\Classes\IminentWebBooster.ScriptExtender.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Chave Deletedo : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2186473
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CB6EC1D6-C605-463F-BF4C-35C8979BD948}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F21B1E5-5AFC-43C9-9C66-515046E92EC2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3728BA43-F94F-42A4-9E8D-00B930D1DB28}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE10BF86-DA68-441E-91FA-38336363E3CD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{115C823C-88A9-4C8A-A5E2-714A240E575B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A7DF592F-6E2A-45C4-9A87-4BD217D714ED}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CE10BF86-DA68-441E-91FA-38336363E3CD}]
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BI
Chave Deletedo : HKCU\Software\BonanzaDealsLive
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Crossrider
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Mp3Tube
Chave Deletedo : HKCU\Software\RegisteredApplicationsEx
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\smarttweak
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\Tbccint_HKLM
Chave Deletedo : HKCU\Software\Wajam
Chave Deletedo : HKCU\Software\Movier-media
Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Chave Deletedo : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKCU\Software\AppDataLow\SProtector
Chave Deletedo : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Chave Deletedo : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Chave Deletedo : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\SaveSense
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SProtector
Chave Deletedo : HKLM\Software\Tarma Installer
Chave Deletedo : HKLM\Software\Wajam
Chave Deletedo : HKLM\Software\Movier-media
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Movier-media Toolbar
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Movier-media Toolbar
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v7.0.5730.13

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js ]

Linha deletada : user_pref("aol_toolbar.default.homepage.check", false);
Linha deletada : user_pref("aol_toolbar.default.search.check", false);
Linha deletada : user_pref("browser.search.defaultenginename", "WebSearch");
Linha deletada : user_pref("browser.search.defaultenginename,S", "WebSearch");
Linha deletada : user_pref("browser.search.defaulturl", "hxxp://websearch.webisgreat.info/?pid=512&r=2014/02/15&hid=13662907570809320993&lg=EN&cc=BR&unqvl=48&l=1&q=");
Linha deletada : user_pref("browser.search.order.1", "WebSearch");
Linha deletada : user_pref("browser.search.order.1,S", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine", "WebSearch");
Linha deletada : user_pref("browser.search.selectedEngine,S", "WebSearch");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.findwide.com/?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&serpv=22");
Linha deletada : user_pref("extensions.9_MKq80Szm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"sumorobo.net\")>-1||url.indexOf(\"mindri.c[...]
Linha deletada : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Linha deletada : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Linha deletada : user_pref("extensions.MP3RV7C.domain", "\"[Você precisa estar registrado e conectado para ver este link.]
Linha deletada : user_pref("extensions.OACI.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){win[...]
Linha deletada : user_pref("extensions.crossrider.bic", "14316086948d95d27677771cb3cdf568");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "pt");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.delta.instlDay", "15927");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.22.0");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.22.00:48:02");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.22.0");
Linha deletada : user_pref("extensions.delta_i.babExt", "");
Linha deletada : user_pref("extensions.delta_i.babTrack", "affID=123892&tsp=4970");
Linha deletada : user_pref("extensions.delta_i.srcExt", "ss");
Linha deletada : user_pref("extensions.iminent.admin", false);
Linha deletada : user_pref("extensions.iminent.aflt", "orgnl");
Linha deletada : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Linha deletada : user_pref("extensions.iminent.autoRvrt", "false");
Linha deletada : user_pref("extensions.iminent.dfltLng", "");
Linha deletada : user_pref("extensions.iminent.excTlbr", false);
Linha deletada : user_pref("extensions.iminent.ffxUnstlRst", false);
Linha deletada : user_pref("extensions.iminent.id", "100e6cc7000000000000001617f4fbda");
Linha deletada : user_pref("extensions.iminent.instlDay", "16064");
Linha deletada : user_pref("extensions.iminent.instlRef", "");
Linha deletada : user_pref("extensions.iminent.newTab", false);
Linha deletada : user_pref("extensions.iminent.prdct", "iminent");
Linha deletada : user_pref("extensions.iminent.prtnrId", "iminent");
Linha deletada : user_pref("extensions.iminent.rvrt", "false");
Linha deletada : user_pref("extensions.iminent.smplGrp", "none");
Linha deletada : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Linha deletada : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Linha deletada : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Linha deletada : user_pref("extensions.iminent.vrsnTs", "1.8.28.314:11:49");
Linha deletada : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Linha deletada : user_pref("extensions.y24.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.typ[...]
Linha deletada : user_pref("iminent.LayoutId", "1");
Linha deletada : user_pref("iminent.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.adapters", "{\"thepiratebay\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"1387987960297259200\"},\"pastebin\":{\"CountryCode\":\"BR\",\"NoAds\":false,\"Sta[...]
Linha deletada : user_pref("iminent.enabledAds", "false");
Linha deletada : user_pref("iminent.registerToolbarEvent100", "1387996550057");
Linha deletada : user_pref("iminent.registerToolbarEvent102", "1387992297497");
Linha deletada : user_pref("iminent.registerToolbarEvent109", "1387992441772");
Linha deletada : user_pref("iminent.registerToolbarEvent111", "1387992441826");
Linha deletada : user_pref("iminent.registerToolbarEvent112", "1387992444590");
Linha deletada : user_pref("iminent.registerToolbarEvent122", "1387992441847");
Linha deletada : user_pref("iminent.registerToolbarEvent140", "1388000487425");
Linha deletada : user_pref("iminent.version", "7.51.3.1");
Linha deletada : user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.51.3.1\",\"InstallEventCTime\":1387987937293,\"InstallEvent\":\"True\"}");
Linha deletada : user_pref("keyword.URL", "hxxp://search.findwide.com/serp?guid={BD08630A-F90A-45A5-88F1-F21405F5EFA7}&action=default_search&serpv=22&k=");
Linha deletada : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Linha deletada : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Linha deletada : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Linha deletada : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Linha deletada : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp

*************************

AdwCleaner[R0].txt - [29864 octets] - [10/05/2014 21:52:50]
AdwCleaner[S0].txt - [28820 octets] - [10/05/2014 21:54:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28881 octets] ##########
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 00:42

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 01:00

até essa parte eu já tinha feito, eu vi em outro tutorial. Agora o resto eu não fiz

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by CASA on s b 10/05/2014 at 22:06:47,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1935655697-1326574676-682003330-1003\Software\sweetim



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\baidu"
Successfully deleted: [Folder] "C:\Documents and Settings\CASA\Dados de aplicativos\getrighttogo"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\CASA\Dados de aplicativos\mozilla\firefox\profiles\su6ov3rd.default\prefs.js

user_pref("extensions.9_MKq80Szm.url", "hxxp://jpi-syncer.info/sync2/?q=hfZ9ofV9CShEAen0qjwGtMqLDe49CNU0nVsMCMlNhd9FqdaGrjkFqdw9qjaMBzqUojw9rdkFrdsGrHgFpih7hfs0pihPBMn0qjC8rTa





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on s b 10/05/2014 at 22:24:10,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 01:32

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Dom 11 Maio 2014, 13:08, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 02:19

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at  1:38:05,40.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11/5/2014 01:39:33 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:

Added to C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Documents and Settings\CASA\.android deleted
C:\Arquivos de programas\Wise\Wise Registry Cleaner deleted
C:\Documents and Settings\NetworkService\Dados de aplicativos\SaveSense deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\boost_interprocess deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\InstallMate deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\Package Cache deleted
C:\WINDOWS\DUMP5052.tmp deleted
C:\WINDOWS\DUMP51d9.tmp deleted
C:\WINDOWS\DUMP5bfa.tmp deleted
C:\WINDOWS\tasks\At2.job deleted
C:\WINDOWS\tasks\At3.job deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\jetpack deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{CF830981-8F31-C561-C7A0-FE2CE1878B40}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\DOCUME~1\ALLUSE~1\DADOSD~1\b295b2ef7c2848e" deleted

==== Folders Found ======================

2013-12-07 14:17:57 2013-12-07 14:17:57 -------- d-----w- C:\BaiduDownloads
2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2013-12-30 12:51:02 2013-12-30 12:51:03 -------- d-----w- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu
2013-10-17 20:45:31 2014-05-10 20:06:26 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security
2014-05-10 20:01:17 2014-05-10 20:01:17 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu
2013-10-17 20:45:43 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\All Users\Documentos\Baidu Security
2013-10-17 20:46:17 2013-10-18 14:26:53 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-21 01:33:11 2013-12-21 01:33:11 -------- d-----w- C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-19 20:09:05 2013-12-19 20:09:05 -------- d-----w- C:\Documents and Settings\CASA\Meus documentos\Baidu Security
2014-05-10 20:06:08 2014-05-10 21:58:29 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus
2013-10-17 20:45:44 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe
2013-10-18 14:35:26 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe
2013-10-18 14:35:27 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr
2013-10-17 20:45:45 2013-10-18 14:24:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe
2013-10-18 14:35:29 2013-10-18 17:39:45 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr
2013-10-18 14:35:29 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr
2013-10-18 14:26:13 2013-10-18 17:39:46 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr
2013-12-17 16:25:22 2013-12-17 16:25:22 -------- d-----w- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb

==== Files Found ======================


--- C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 276977
Created time: 2013-08-12 08:53:28
Modified time: 2013-10-17 20:48:51
MD5: 52F117EC12695BC4CA0D23DC6B04C4D0
SHA1: A23CDF0EFABCFCBBFC9E4E31A9B2450C3B254E8F


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 38199
Created time: 2013-10-18 14:32:46
Modified time: 2013-10-18 14:32:46
MD5: E34CC999DAEB385EEE69BD2F0CD751D0
SHA1: B5CD65072EC49F77B8EEACCEAF51026A3DF890BD


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 279579
Created time: 2013-08-12 08:53:30
Modified time: 2013-10-17 20:48:59
MD5: C3CBE9EF4B18574B3543751C63552058
SHA1: D98990408763E5EF3FEE7E1DE55F5643F58775CE


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 89926
Created time: 2013-10-18 14:33:00
Modified time: 2013-10-18 14:33:00
MD5: 206AA22DC62D561F3F843644004CA2F6
SHA1: 27881C4EAFC277B4AB45633E5FF7798470023F46


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe\BaiduSafe.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 363517
Created time: 2013-08-12 08:53:34
Modified time: 2013-10-17 20:49:11
MD5: 168018466AA174B4DE480BC4425389E3
SHA1: F1635D18ED4B9FE58122C4E969BDE1679BE6B93E


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 37391
Created time: 2013-10-18 14:33:15
Modified time: 2013-10-18 14:33:15
MD5: 49FB585DD6A39C20DE43CAB747D226EE
SHA1: 369B2F302A74E2139A66F013DDB264E835F38700


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr\BaiduExtMgr.bskin ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: -c--a-w-
File size: 16292
Created time: 2013-10-18 14:34:42
Modified time: 2013-10-18 14:34:42
MD5: 9040D6DE24A6B194CE1B826825525B75
SHA1: 61BAA22D268C54ECF30131D04EC9AC662FF49903


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAndrHelper.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 260800
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: 36A0486F3BB35344A93BE76D97C0F94C
SHA1: AAFB3B7D6F27379B4267CF8805AF5358CBF74B5F


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduBatteryDoctor.exe ---
Company: Baidu Inc.
File Description: Battery Doctor
File Version: 4,0,2,53249
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 531648
Created time: 2013-12-12 03:13:38
Modified time: 2013-12-12 03:13:38
MD5: E8B62AC3A377013D600A7F708083B6A4
SHA1: 5D9A7A76CFCA9AF6D75FFDC5DB423C3E6C79F3AD


--- C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduWifiSharing.exe ---
Company: Baidu Inc.
File Description: Baidu Wifi Sharing
File Version: 4,0,2,53323
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2012 Baidu, Inc. All rights reserved.
Original Filename:
File type: ----a-w-
File size: 524992
Created time: 2013-12-13 06:09:42
Modified time: 2013-12-13 06:09:42
MD5: 6EBD57BE7EE1C50F2A48C4E6B1A1A18D
SHA1: 086E873FA44B1F0C3327C93DCA791CFDFF83D18A


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Arquivos de programas\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="baidu"

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"="Baidu Antivirus Mini Setup"

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"="Baidu Antivirus Mini Setup"

[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"="Baidu Antivirus Setup"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [20/12/2013 23:35]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
- AVG PrivacyFix - %ProfilePath%\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
785105A23650755A8F7A72405EB0D923 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
95812430959AE88CDD0301AB3A71913B - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll - Shockwave Flash
AC987EE8037531807C5D7E6217A23501 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6768C724599214E4F9ADD9F8FF5097EB - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
01E4DA82C518853EF3B16209C038D7B9 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
A64F2C388DC26BE3E469EDC3657B14F4 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CE6DB25FFA35FD051C503F11DB745862 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll - Silverlight Plug-In
AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
65BB0A5EF842C9C85646040F7EFEF91C - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrlui.dll - Microsoft (R) Silverlight


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fplhdcjmbpfkejbhngmlngaecbjmoimd - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx[25/02/2013 07:09]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://find.localstrike.net/"
"Default_Page_URL"="http://find.localstrike.net/"
"Default_Search_URL"="http://find.localstrike.net/"
"Search Page"="http://find.localstrike.net/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://find.localstrike.net"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Desktop\EVEREST Ultimate Edition.lnk - C:\Arquivos de programas\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Documents and Settings\CASA\Desktop\Exedb Anti Malware Scanner.lnk - C:\Arquivos de programas\exedb\Exedb Anti Malware scanner\exedbantimalware.exe
C:\Documents and Settings\CASA\Desktop\FlashGet downloads.lnk - C:\Downloads
C:\Documents and Settings\CASA\Desktop\Format Factory.lnk - C:\Arquivos de programas\FreeTime\FormatFactory\FormatFactory.exe
C:\Documents and Settings\CASA\Desktop\Grand Chase.lnk - C:\Level Up Games\Grand Chase\GrandChase.exe
C:\Documents and Settings\CASA\Desktop\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Desktop\Movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Desktop\PaintTool SAI .lnk - C:\Arquivos de programas\Eddie Sekiguchi Softwares\PaintTool SAI\sai.exe
C:\Documents and Settings\CASA\Desktop\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Desktop\SnapPea.lnk - C:\Arquivos de programas\WandouLabs\wandoujia2.exe -from=desktop_default
C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Desktop\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Documents and Settings\All Users\Desktop\avast Free Antivirus.lnk -  
C:\Documents and Settings\All Users\Desktop\Defraggler.lnk - C:\Arquivos de programas\Defraggler\Defraggler.exe
C:\Documents and Settings\All Users\Desktop\Elsword.lnk - C:\Level Up Games\Elsword\elsword.exe
C:\Documents and Settings\All Users\Desktop\Horizon.lnk - C:\Arquivos de programas\Daring Development\Horizon\v2\Horizon.exe
C:\Documents and Settings\All Users\Desktop\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\All Users\Desktop\MyDefrag.lnk - C:\Arquivos de programas\MyDefrag v4.3.1\MyDefrag.exe
C:\Documents and Settings\All Users\Desktop\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Documents and Settings\All Users\Desktop\UltraISO.lnk - C:\Arquivos de programas\UltraISO\UltraISO.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Counter Strike Curitiba.lnk - C:\Arquivos de programas\Counter Strike 1.6\CS Curitiba.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Jogar - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hl.exe -nomaster -game cstrike
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Remover - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\remover.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013\Servidor - CS 1.6 - 2013.lnk - C:\Arquivos de programas\Counter Strike 1.6\hlds.exe -nomaster -game cstrike -insecure
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk - C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini"
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Revo Uninstaller.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Run Hunter Mode.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Uninstall.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\Revo Uninstaller\Website.lnk - C:\Arquivos de programas\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\sXe Injected.lnk - C:\Arquivos de programas\sXe Injected\sXe Injected.exe
C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected\Uninstall.lnk - C:\Arquivos de programas\sXe Injected\uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk - C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server\Plex Media Server.lnk - C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Memory Optimizer.lnk - C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Arquivos de programas\MiPony\MiPony.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\movier.lnk - C:\Arquivos de programas\Movier\Movier.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Arquivos de programas\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Arquivos de programas\PhotoScape\PhotoScape.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

==== shortcuts After Repair ======================

C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CASA\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF830981-8F31-C561-C7A0-FE2CE1878B40} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateMyDrivers.exe deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\CASA\Configurações locais\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\CASA\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=118 folders=23 76892389 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\CASA\CONFIG~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== EOF on dom 11/05/2014 at  2:15:53,32 ======================
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 11:05

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Dom 11 Maio 2014, 13:08, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 12:03

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at 11:43:54,12.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Meus documentos\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-11-051553.log 35791 bytes

==== System Restore Info ======================

11/5/2014 11:46:58 Zoek.exe System Restore Point Created Succesfully.

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\BavPro_Setup_Mini_203.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Documents and Settings\\CASA\\Meus documentos\\Downloads\\BavPro_Setup_Mini_Br1.exe"=-
[HKEY_USERS\S-1-5-21-1935655697-1326574676-682003330-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\DOCUME~1\\CASA\\CONFIG~1\\Temp\\baidu_secure\\update\\BavPro_Setup_Br1.exe"=-

==== Deleting Files \ Folders ======================

C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\Baidu Antivirus not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1033\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1046\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\BaiduSafe not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\I18N\1054\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\3.7.0.0\update\skin\tools\BaiduExtMgr not found
C:\RECYCLER\S-1-5-21-1935655697-1326574676-682003330-1003\Dc172\PC Faster\4.0.0.0\BaiduAdb not found
C:\BaiduDownloads deleted
C:\Arquivos de programas\FreeTime\FormatFactory\FFModules\Package\BaiDu deleted
C:\Documents and Settings\All Users\Dados de aplicativos\Baidu Security deleted
C:\Documents and Settings\All Users\Documentos\Baidu deleted
C:\Documents and Settings\All Users\Documentos\Baidu Security deleted
C:\Documents and Settings\CASA\Meus documentos\Baidu Security deleted
"C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security" deleted

==== Folders Found ======================

2014-05-11 00:54:41 2014-05-11 00:54:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\All Users\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu
2014-05-11 00:55:16 2014-05-11 00:55:16 -------- d-----w- C:\AdwCleaner\Quarantine\C\Documents and Settings\CASA\Dados de aplicativos\baidu\Baidu Antivirus
2014-05-11 14:48:13 2014-05-11 14:48:13 -------- d---a-w- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu
2014-05-11 14:48:12 2013-12-07 14:17:57 -------- d---a-w- C:\zoek_backup\C_BaiduDownloads
2014-05-11 14:48:13 2014-05-11 14:48:49 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Dados de aplicativos_Baidu Security
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu
2014-05-11 14:48:50 2014-05-11 14:48:50 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_All Users_Documentos_Baidu Security
2014-05-11 14:48:51 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-11 14:49:01 2014-05-11 14:49:01 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Meus documentos_Baidu Security
2014-05-11 14:48:59 2014-05-11 14:48:59 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-11 14:49:00 2014-05-11 14:49:00 -------- d---a-w- C:\zoek_backup\C_Documents and Settings_CASA_Dados de aplicativos_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu_Baidu-TB-ASBar.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:49:01
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7


--- C:\zoek_backup\C_Arquivos de programas_FreeTime_FormatFactory_FFModules_Package_BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-11 14:48:13
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=309 folders=81 389662089 bytes)

==== EOF on dom 11/05/2014 at 11:52:22,09 ======================
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 12:05

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Dom 11 Maio 2014, 13:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 12:37

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by CASA on dom 11/05/2014 at 12:11:41,04.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\CASA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-11-051553.log 35791 bytes
C:\zoek-results2014-05-11-145222.log 12274 bytes

==== System Restore Info ======================

11/5/2014 12:12:42 Zoek.exe System Restore Point Created Succesfully.

==== Suspicious Entries Found ======================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=309 folders=81 389662089 bytes)

==== EOF on dom 11/05/2014 at 12:13:46,04 ======================
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 12:44

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 13:08

~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman  (11/5/2014)
~ Iniciado por CASA (11/5/2014 12:55:14)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011

---\\ Softwares d'optimização do sistema
CCleaner v4.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (71% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4247
~ Menu demarrer (Programs) : 1/55
~ Hidden Files:  Scanned in 00mn 09s



---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe   [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe   [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe   [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe   [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe   [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe   [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe   [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe   [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe   [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe   [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe   [7874048] [PID.4028]
~ Processes Running:  Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [AllUsers]: Memory Optimizer.lnk . (.Softorino - Memory Optimizer Pro.)  -- C:\Arquivos de programas\Memory Optimizer\MemOptimizerPro.exe   =>PUP.OptimizerPro
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll   =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [KernelFaultCheck] Chave orfã
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\WINDOWS\Tasks\060184C3-9766-46a0-B258-F4518A0B2633.job   [450]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - C:\WINDOWS\system32\drivers\bnbase.sys
~ Drivers: 72 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid  - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 21/12/2013 - 13:35:28 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 12:03:59 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.DA5F0574BF8D47E4889F260C77ADBEB8] - 10/5/2014 - 17:07:22 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys   [155968]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll   [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log   [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log   [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log   [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb   [278071812]
O44 - LFC:[MD5.CB0E07B9B630B77CE76D4C4278D328B1] - 29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys   [94976]
O44 - LFC:[MD5.443B1929FB74D90FE82F724A0D826224] - 29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys   [45888]
O44 - LFC:[MD5.26F863F9D8AB9F2558B07C4B1619466C] - 29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys   [29504]  =>Adware.BDSearch
O44 - LFC:[MD5.FC8BB46FF549611FCCA66590277BB21B] - 29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys   [58784]
O44 - LFC:[MD5.A1672C26F42DA344C840D72F80FCE096] - 29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys   [51616]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini   [116]
~ Files: 21 Legitimates Filtered in 00mn 11s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO:  Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{56d8ed66-3e86-11e3-8ff5-001617f4fbda}\AutoRun\command. (...) -- E:\RunClubSanDisk.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys   [49944]  =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys   [180248]  =>.ALWIL Software
O58 - SDL:29/4/2014 - 09:11:13 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\WINDOWS\system32\Drivers\Bfilter.sys   [45888]
O58 - SDL:29/4/2014 - 09:11:24 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\WINDOWS\system32\Drivers\Bfmon.sys   [29504]  =>Adware.BDSearch
O58 - SDL:29/4/2014 - 09:11:07 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\WINDOWS\system32\Drivers\Bhbase.sys   [94976]
O58 - SDL:29/4/2014 - 09:11:49 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\WINDOWS\system32\Drivers\bnbase.sys   [58784]
O58 - SDL:29/4/2014 - 09:11:55 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\WINDOWS\system32\Drivers\bndef.sys   [51616]
O58 - SDL:14/4/2014 - 23:30:52 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\WINDOWS\system32\Drivers\Bprotect.sys   [155968]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys   [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys   [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys   [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys   [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys   [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys   [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys   [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys   [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys   [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys   [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys   [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys   [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys   [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys   [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys   [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys   [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys   [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys   [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys   [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys   [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys   [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys   [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys   [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys   [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys   [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys   [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys   [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys   [34560]
~ Drivers: 98 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 29/4/2014 - C:\WINDOWS\system32\drivers\bnbase.sys (Bnbase)  .(.Baidu, Inc. - Baidu Antivirus NetBase Driver.) - LEGACY_BNBASE
~ Legacy: 156 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe   [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe   [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe   [1340496]  =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe   [1340496]  =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe   [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe   [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)  =>PUP.SaveSense
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)  =>PUP.SaveSense
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)  =>PUP.SaveSense
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)  =>PUP.SaveSense
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)  =>PUP.SaveSense
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)  =>PUP.SaveSense
~ BCK: 5131 Legitimates Filtered in 00mn 13s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 |  (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 |  (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 |  (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 |  (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 |  (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 |  (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 |  (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 |  (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services:  Scanned in 00mn 13s



---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 9

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}]   =>Adware.BDSearch
C:\Documents and Settings\CASA\Desktop\utorrent(1).exe   =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe   =>P2P.BitTorrent^
[HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}] (SaveSenseLive.OneClickProcessLauncher)   =>PUP.SaveSense^
[HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}] (SaveSenseLive Legacy On Demand)   =>PUP.SaveSense^
[HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
[HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}] (SaveSenseLive Process Launcher Class)   =>PUP.SaveSense^
[HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}] (SaveSenseLive Broker Class Factory)   =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
~ Additionnel Scan: 234600 Items scanned in 01mn 14s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.OptimizerPro
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.SaveSense
~ MSI: 3 link(s) detected in 00mn 00s



~ 956 Legitimates filtered by white list
End of the scan (540 lines in 02mn 36s)(0)
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 13:25

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Dom 11 Maio 2014, 16:34, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 13:40

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by CASA at 11/5/2014 13:39:03
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BNBASE Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase
ELIMINÉ CLSID MPSK: {56d8ed66-3e86-11e3-8ff5-001617f4fbda}
ELIMINÉ: HKCR\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
ELIMINÉ: HKCR\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
ELIMINÉ: HKCR\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
ELIMINÉ: HKCR\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
ELIMINÉ: HKCR\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
ELIMINÉ: HKCR\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{116ba71c-8187-4f15-9a1f-c9d6289155d1}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {E041C0CC-13A8-4D0D-8F39-6DA7DB51FAD1}
ELIMINÉ RunValue: KernelFaultCheck
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\documents and settings\all users\desktop\memory optimizer.lnk
ELIMINÉ: c:\arquivos de programas\memory optimizer\memoptimizerpro.exe
ELIMINÉ: c:\windows\tasks\060184c3-9766-46a0-b258-f4518a0b2633.job
ELIMINÉ: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ: c:\windows\system32\drivers\bfilter.sys
ELIMINÉ: c:\windows\system32\drivers\bfmon.sys
ELIMINÉ: c:\windows\system32\drivers\bnbase.sys
ELIMINÉ: c:\windows\system32\drivers\bndef.sys
ELIMINÉ Temporários windows (2) (6.124 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
10 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
11 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema


End of clean in 00mn 13s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2392]
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 13:46

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 14:00

~ Relatório do ZHPDiag v2014.5.11.60 - Nicolas Coolman  (11/5/2014)
~ Iniciado por CASA (11/5/2014 13:55:56)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found


---\\ Navegadores Internet
MSIE: Internet Explorer v7.0.5730.13
MFIE: Mozilla Firefox 29.0.1 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : KO

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2011

---\\ Softwares d'optimização do sistema
CCleaner v4.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 9, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1534 MB (70% free)
System Restore: Activé (Enable)
System drive C: has 10 GB (13%) free of 75 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-CE19F7E264
~ User Name: CASA
~ All Users Names: SUPPORT_388945a0, HelpAssistant, Convidado, CASA, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\CASA\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\CASA\Desktop\
~ %Favorites% : C:\Documents and Settings\CASA\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\CASA\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\

---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 10 Go of 75 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 45 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.13/4/2008 - 19:21:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.A4A0FC92358F39538A6494C42EF99FE9] - (.Microsoft Corporation - Internet Extensions for Win32.) (.13/8/2007 - 17:54:10.) -- C:\WINDOWS\system32\wininet.dll [818688]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.13/4/2008 - 19:21:24.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.322D0E36693D6E24A2398BEE62A268CD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/4/2008 - 12:19:24.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138112]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 11:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/4/2008 - 12:14:22.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/4/2008 - 11:40:48.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.13/4/2008 - 18:52:44.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.13/4/2008 - 09:36:06.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.485BC6BEB778B5E9702E6AA3D384C0CB] - (.Microsoft Corporation - Driver de porta i8042.) (.13/4/2008 - 18:55:20.) -- C:\WINDOWS\system32\Drivers\i8042prt.sys [53504]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.13/4/2008 - 11:41:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.13/4/2008 - 11:57:16.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.68755F0FF16070178B54674FE5B847B0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/4/2008 - 12:17:02.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456576]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.13/4/2008 - 12:21:02.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.13/4/2008 - 12:15:54.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.13/4/2008 - 19:02:26.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/4/2008 - 12:19:44.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 11:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 18:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.13/4/2008 - 18:53:02.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/141
~ Mes musiques (My Musics) : 1/14
~ Mes Videos (My Videos) : 2/4
~ Mes Favoris (My Favorites) : 1/12
~ Mes Documents (My Documents) : 12/1709
~ Mon Bureau (My Desktop) : 3/4248
~ Menu demarrer (Programs) : 1/55
~ Hidden Files:  Scanned in 00mn 05s



---\\ Processos lançados
[MD5.D74884939D53612FD84AC82C59CCFE27] - (.AVAST Software - avast! Service.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe   [50344] [PID.1564]
[MD5.B92F2B3247F0A99490C1298A1D3D7B4C] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe   [153600] [PID.1292]
[MD5.AFEBF9E0B223FF04709F747C172D3540] - (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe   [3764024] [PID.1436]
[MD5.651336B99C75FB54E4B5971CF458F9BD] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe   [121856] [PID.1452]
[MD5.EFF5E5CCA31672BD00AF87D170590AFB] - (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe   [1695232] [PID.1636]
[MD5.80A79264302910C7C24BA7E44267EFEF] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe   [182696] [PID.1872]
[MD5.64728E18A44946AD5B6C023CE6C6F235] - (.SEIKO EPSON CORPORATION - No Comment.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe   [644480] [PID.208]
[MD5.A3B67AA9F60533557FD9141BCA9FA4A9] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 81.98.) -- C:\WINDOWS\system32\nvsvc32.exe   [131139] [PID.292]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.280]
[MD5.9C65C4F46BB75904B8B843724971E020] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) -- C:\Arquivos de programas\EPSON\MyEpson Portal\mep.exe   [2387520] [PID.2324]
[MD5.6D2018AEE93285F2A8BEF55D722187A3] - (.Microsoft Corporation - Application Layer Gateway Service.) -- C:\WINDOWS\System32\alg.exe   [44544] [PID.2580]
[MD5.4593394B063EA7447F864444DB48C4AB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe   [7874048] [PID.572]
~ Processes Running:  Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN:Firefox Plugin Navigator . (.No owner - NPAPI Extension for Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\Plugins\nppluginrichmediaplayer.dll
~ Firefox Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 19



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [CASA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Documents and Settings\CASA\Dados de aplicativos\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast5] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\WINDOWS\system32\NvCpl.dll   =>.NVIDIA Corporation
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [ctfmon.exe] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1935655697-1326574676-682003330-1003\..\Run: [MSMSGS] . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{CF5A45AF-745C-49A2-A590-EFBC92C21523}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
O24 - Desktop General: WallPaper - .(...) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Microsoft\Wallpaper1.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\WINDOWS\system32\drivers\bnbase.sys (.not file.)
~ Drivers: 70 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Counter Strike 1.6 - 2013 - (...) [HKLM] -- Counter Strike 1.6 - 2013
O42 - Logiciel: Exedb Anti Malware Scanner - (.File Info.) [HKLM] -- Exedb Anti Malware Scanner
O42 - Logiciel: Gerenciador de Downloads - (.Level Up! Gerenciador.) [HKCU] -- a54e16f5d00985b6
O42 - Logiciel: Horizon v2.7.6.2 - (.Daring Development Inc..) [HKLM] -- d4cfeebc-b821-40b7-9f81-d366b1466f03_is1
O42 - Logiciel: Mz Game Accelerator - (.Mz Game Accelerator.) [HKLM] -- MzGameAccelerator_is1
O42 - Logiciel: Pid  - (.Might and Delight.) [HKLM] -- Steam App 218740
O42 - Logiciel: sXe Injected - (.Alejandro Cortés.) [HKLM] -- sXe Injected
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\39200InstEnd]
[HKCU\Software\Autogg]
[HKCU\Software\Autogg_ini]
[HKCU\Software\WandouLabs]
[HKCU\Software\nands]
[HKCU\Software\sXe Injected]
[HKLM\Software\sXe_Injected]
~ Key Software: 272 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/4/2014 - 22:05:00 - [] ----D C:\Arquivos de programas\Counter Strike 1.6
O43 - CFD: 25/12/2013 - 02:00:41 - [] ----D C:\Arquivos de programas\Daring Development
O43 - CFD: 2/2/2014 - 21:10:37 - [] ----D C:\Arquivos de programas\exedb
O43 - CFD: 11/5/2014 - 13:38:59 - [] ----D C:\Arquivos de programas\Memory Optimizer
O43 - CFD: 20/7/2013 - 12:50:36 - [] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 11/5/2014 - 13:41:42 - [] ----D C:\Arquivos de programas\sXe Injected
O43 - CFD: 28/10/2013 - 14:17:22 - [] ----D C:\Arquivos de programas\WandouLabs
O43 - CFD: 20/7/2013 - 12:49:53 - [] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 21/12/2013 - 13:24:55 - [0] ----D C:\Documents and Settings\All Users\Dados de aplicativos\ioloGovernor
O43 - CFD: 10/3/2014 - 00:28:05 - [] ----D C:\Documents and Settings\All Users\Dados de aplicativos\levelup downloader
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLCodeIgniter
O43 - CFD: 16/11/2013 - 18:06:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLDrupal
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJoomla
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLJQuery
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSmarty
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLSymfony
O43 - CFD: 16/11/2013 - 18:06:31 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLWordPress
O43 - CFD: 16/11/2013 - 18:06:32 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\CLYii
O43 - CFD: 21/12/2013 - 13:24:52 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\ioloGovernor
O43 - CFD: 30/12/2013 - 11:17:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\MP3Rocket
O43 - CFD: 6/8/2013 - 14:17:18 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Radiocom
O43 - CFD: 2/11/2013 - 19:56:33 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2
O43 - CFD: 6/8/2013 - 14:35:30 - [] ----D C:\Documents and Settings\CASA\Dados de aplicativos\WandoujiaUsbDriver
O43 - CFD: 6/8/2013 - 14:17:16 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Radiocom
O43 - CFD: 25/12/2013 - 19:04:01 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Team_360h
O43 - CFD: 20/12/2013 - 23:39:05 - [] ----D C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Tecno_Clique
O43 - CFD: 25/12/2013 - 00:20:01 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Acessórios
O43 - CFD: 17/4/2014 - 21:49:21 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
O43 - CFD: 2/2/2014 - 21:10:44 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Exedb
O43 - CFD: 11/5/2014 - 11:39:52 - [] R---D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
O43 - CFD: 10/3/2014 - 00:27:04 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\Level Up! Gerenciador
O43 - CFD: 10/5/2014 - 21:03:00 - [] ----D C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
~ Program Folder: 202 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 10/5/2014 - 21:54:09 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\WINDOWS\system32\sqlite3.dll   [536576]
O44 - LFC:[MD5.29D9AA97D5D548E178F9A74DADC2CC34] - 11/5/2014 - 02:15:53 ---A- . (...) -- C:\zoek-results2014-05-11-051553.log   [35791]
O44 - LFC:[MD5.87C3D2FAC8EDAF75B9FC2A3B217CF961] - 11/5/2014 - 11:39:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log   [49]
O44 - LFC:[MD5.F42CBA96C305F4BC6758EE35F19A3C4B] - 11/5/2014 - 11:40:03 ---A- . (...) -- C:\WINDOWS\wiadebug.log   [298]
O44 - LFC:[MD5.93116AE812930459E8E56B613EA5FAF2] - 11/5/2014 - 11:52:22 ---A- . (...) -- C:\zoek-results2014-05-11-145222.log   [12274]
O44 - LFC:[MD5.975963F5471B4961A733EB7D10E6D0F3] - 11/5/2014 - 12:13:46 ---A- . (...) -- C:\zoek-results.log   [2546]
O44 - LFC:[MD5.472BBE60C5CBCFC438879BC964D66480] - 27/4/2014 - 14:32:36 ---A- . (...) -- C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb   [278071812]
O44 - LFC:[MD5.5866F5AC5FA90002CC1275789B715A60] - 9/5/2014 - 11:20:31 ---A- . (...) -- C:\WINDOWS\NeroDigital.ini   [116]
~ Files: 15 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\WandouLabs\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Arquivos de programas\WandouLabs\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe" [Enabled] .(.No owner.) -- C:\Documents and Settings\CASA\Dados de aplicativos\Wandoujia2\Applications\2.63.0.4343\wandoujia2.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Grand Chase\main.exe" [Enabled] .(.KOG.) -- C:\Level Up! Games\Grand Chase\main.exe
O47 - AAKE:Key Export SP - "C:\Level Up! Games\Elsword\data\x2.exe" [Enabled] .(.No owner.) -- C:\Level Up! Games\Elsword\data\x2.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\Plex Media Server.exe
O47 - AAKE:Key Export SP - "C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe" [Enabled] .(.Plex, Inc..) -- C:\Arquivos de programas\Plex\Plex Media Server\PlexDlnaServer.exe
~ Keys Export: 22 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswRvrt.sys   [49944]  =>.ALWIL Software
O58 - SDL:13/1/2014 - 16:44:57 ---A- . (...) -- C:\WINDOWS\system32\Drivers\aswVmm.sys   [180248]  =>.ALWIL Software
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys   [262528]
O58 - SDL:13/4/2008 - 09:36:06 ----- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys   [144384]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlmnt5.sys   [126686]
O58 - SDL:13/4/2008 - 11:23:40 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\mtlstrm.sys   [1309184]
O58 - SDL:13/4/2008 - 09:34:28 ----- . (.Matrox Graphics Inc. - Matrox Parhelia Miniport Driver.) -- C:\WINDOWS\system32\Drivers\mtxparhm.sys   [452736]
O58 - SDL:13/4/2008 - 11:23:42 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\ntmtlfax.sys   [180360]
O58 - SDL:19/8/2013 - 19:23:29 ---A- . (.microOLAP Technologies LTD - PSSDK Driver Protocol v4.1 32bit.) -- C:\WINDOWS\system32\Drivers\pssdk41.sys   [36928]
O58 - SDL:28/10/2001 - 12:07:22 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys   [17792]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\recagent.sys   [13776]
O58 - SDL:13/4/2008 - 11:23:44 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnt7554.sys   [129535]
O58 - SDL:13/4/2008 - 11:23:46 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slntamr.sys   [404990]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slnthal.sys   [95424]
O58 - SDL:13/4/2008 - 11:23:48 ----- . (.Smart Link - No Comment.) -- C:\WINDOWS\system32\Drivers\slwdmsup.sys   [13240]
O58 - SDL:28/10/2001 - 12:06:30 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys   [58112]
O58 - SDL:28/10/2001 - 12:06:08 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys   [9032]
O58 - SDL:28/10/2001 - 12:06:16 ---A- . (...) -- C:\WINDOWS\system32\country.sys   [27097]
O58 - SDL:28/10/2001 - 12:06:36 ---A- . (...) -- C:\WINDOWS\system32\himem.sys   [4896]
O58 - SDL:28/10/2001 - 12:06:40 ---A- . (...) -- C:\WINDOWS\system32\key01.sys   [42809]
O58 - SDL:3/8/2004 - 19:46:56 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys   [42537]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys   [27900]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys   [29146]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys   [29370]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys   [29274]
O58 - SDL:28/10/2001 - 12:07:10 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys   [29146]
O58 - SDL:3/8/2004 - 19:45:20 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys   [33984]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys   [34560]
O58 - SDL:3/8/2004 - 19:45:12 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys   [35648]
O58 - SDL:3/8/2004 - 19:45:16 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys   [35424]
O58 - SDL:3/8/2004 - 19:45:14 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys   [34560]
~ Drivers: 92 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.js> <ClPhpEd.Files>[HKLM\..\open\Command] (.Codelobster Software - Codelobster PHP Edition.) -- C:\Arquivos de programas\Codelobster Software\CodelobsterPHPEdition\ClPhpEd.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <chrome.exe> <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][10/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe   [1316991]
[MD5.A12E03CB2D09CC26579778EB50E9021B] [SPRF][9/10/2011] (.Team 360h - Iso2God.) -- C:\Documents and Settings\CASA\Desktop\Iso2God.exe   [539136]
[MD5.7AD417F4184635CC4C1E3140AED83E13] [SPRF][3/1/2014] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent(1).exe   [1340496]  =>P2P.BitTorrent
[MD5.17FCF196B13AD0AAA3BA11605CA1EE21] [SPRF][25/12/2013] (.BitTorrent Inc. - µTorrent.) -- C:\Documents and Settings\CASA\Desktop\utorrent.exe   [1340496]  =>P2P.BitTorrent
[MD5.99C687C10AEF076BBDE66C7EFAE46B0A] [SPRF][20/2/2008] (...) -- C:\Documents and Settings\CASA\Desktop\xextool.exe   [484864]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][11/5/2014] (...) -- C:\Documents and Settings\CASA\Desktop\zoek.exe   [1285120]
~ Files: 8 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/4/2008 225280 |  (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 20/7/2013 116648 |  (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 20/7/2013 116648 |  (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 10/5/2014 119408 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 10/11/2006 774144 |  (NBService) . (.Nero AG.) - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 6/1/2014 5403030 |  (npggsvc) . (.INCA Internet Co., Ltd..) - C:\WINDOWS\system32\GameMon.des
SS - | Auto 21/6/2013 162408 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Arquivos de programas\Skype\Updater\Updater.exe
SS - | Demand 6/9/2013 565672 |  (Steam Client Service) . (.Valve Corporation.) - C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe
SR - | Auto 13/1/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 14/9/2009 153600 |  (EPSON_EB_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.exe
SR - | Auto 14/9/2009 121856 |  (EPSON_PM_RPCV4_04) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.exe
SR - | Auto 20/12/2013 182696 |  (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
SR - | Auto 4/12/2009 644480 |  (MyEpson Portal Service) . (.SEIKO EPSON CORPORATION.) - C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe
SR - | Auto 24/7/2006 131139 |  (NVSvc) . (.NVIDIA Corporation.) - C:\WINDOWS\system32\nvsvc32.exe
SR - | Auto 16/4/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
~ Services:  Scanned in 00mn 13s



---\\ Scâner Aditional (088)
Database Version : 13045 - (11/5/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 1
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 2

C:\Documents and Settings\CASA\Desktop\utorrent(1).exe   =>P2P.BitTorrent^
C:\Documents and Settings\CASA\Desktop\utorrent.exe   =>P2P.BitTorrent^
~ Additionnel Scan: 234544 Items scanned in 00mn 48s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 947 Legitimates filtered by white list
End of the scan (484 lines in 01mn 45s)(0)
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 14:05

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.
_________________________________________________________________________________________________________

 Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 32-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 32 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta juntamente com o relatório do ZHPFix. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).


Última edição por Power Max em Dom 11 Maio 2014, 16:33, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 14:20

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by CASA at 11/5/2014 14:15:22
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)

Reciclagem vazia (00mn 01s)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bnbase

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (2) (3.072 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 08s

========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/5/2014 13:39:06 [2492]
C:\Documents and Settings\CASA\Dados de aplicativos\ZHP\ZHPFix[R2].txt - 11/5/2014 14:15:24 [920]
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 14:21

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:11-05-2014
Ran by CASA (administrator) on CASA-CE19F7E264 on 11-05-2014 14:15:57
Running from C:\Documents and Settings\CASA\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Portuguese Brazilian
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: [Você precisa estar registrado e conectado para ver este link.]
Download link for 64-Bit Version: [Você precisa estar registrado e conectado para ver este link.]
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: [Você precisa estar registrado e conectado para ver este link.]

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE
(AVAST Software) C:\ARQUIV~1\ALWILS~1\Avast5\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE
(Microsoft Corporation) C:\Arquivos de programas\Messenger\msmsgs.exe
(Oracle Corporation) C:\Arquivos de programas\Java\jre7\bin\jqs.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mepService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(SEIKO EPSON CORPORATION) C:\Arquivos de programas\epson\MyEpson Portal\mep.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avast5] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [7311360 2006-07-24] (NVIDIA Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Run: [MSMSGS] => C:\Arquivos de programas\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1935655697-1326574676-682003330-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = [Você precisa estar registrado e conectado para ver este link.]
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = [Você precisa estar registrado e conectado para ver este link.]
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Arquivos de programas\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - E&ndereço - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Você precisa estar registrado e conectado para ver este link.]
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Arquivos de programas\Arquivos comuns\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Arquivos de programas\Arquivos comuns\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default
FF NewTab: [Você precisa estar registrado e conectado para ver este link.]
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: [Você precisa estar registrado e conectado para ver este link.]
FF Keyword.URL: [Você precisa estar registrado e conectado para ver este link.]
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Arquivos de programas\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Arquivos de programas\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Arquivos de programas\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Arquivos de programas\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nppluginrichmediaplayer.dll ()
FF Plugin ProgramFiles/Appdata: C:\Arquivos de programas\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\buscape.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\mercadolivre.xml
FF SearchPlugin: C:\Arquivos de programas\mozilla firefox\browser\searchplugins\yahoo-br.xml
FF Extension: AVG PrivacyFix - C:\Documents and Settings\CASA\Dados de aplicativos\Mozilla\Firefox\Profiles\su6ov3rd.default\Extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi [2014-05-09]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Arquivos de programas\Alwil Software\Avast5\WebRep\FF [2013-08-03]
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-08-07]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Você precisa estar registrado e conectado para ver este link.]
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-19]
CHR Extension: (YouTube) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-19]
CHR Extension: (Pesquisa do Google) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-19]
CHR Extension: (avast! Ad Blocker) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\fplhdcjmbpfkejbhngmlngaecbjmoimd [2013-11-21]
CHR Extension: (RealDownloader) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-10-09]
CHR Extension: (Google Wallet) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-19]
CHR HKLM\...\Chrome\Extension: [fplhdcjmbpfkejbhngmlngaecbjmoimd] - C:\Arquivos de programas\Alwil Software\Avast5\AdBlocker\Chrome\avast-adblocker-chrome.crx [2013-08-03]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Dados de aplicativos\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-04-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe [50344 2014-01-13] (AVAST Software)
R2 EPSON_EB_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Arquivos de programas\Arquivos comuns\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
S2 gupdate; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
S3 gupdatem; C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [116648 2013-07-20] (Google Inc.)
R2 JavaQuickStarterService; C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696 2013-12-20] (Oracle Corporation)
S3 MozillaMaintenance; C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe [119408 2014-05-10] (Mozilla Foundation)
R2 MyEpson Portal Service; C:\Arquivos de programas\EPSON\MyEpson Portal\mepService.exe [644480 2009-12-04] (SEIKO EPSON CORPORATION)
S3 NBService; C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [5403030 2014-01-06] (INCA Internet Co., Ltd.)
S3 odserv; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
S2 SkypeUpdate; C:\Arquivos de programas\Skype\Updater\Updater.exe [162408 2013-06-21] (Skype Technologies)
S3 Steam Client Service; C:\Arquivos de programas\Arquivos comuns\Steam\SteamService.exe [565672 2013-09-06] (Valve Corporation)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [4017536 2006-08-18] (Realtek Semiconductor Corp.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-13] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-13] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-13] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-13] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-13] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-13] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 FETNDIS; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc.              )
R3 FETNDISB; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [42496 2004-04-14] (VIA Technologies, Inc.              )
R2 inpout32; C:\WINDOWS\System32\Drivers\inpout32.sys [11936 2013-12-24] (Highresolution Enterprises [[Você precisa estar registrado e conectado para ver este link.]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 PsSdk41; C:\WINDOWS\system32\Drivers\pssdk41.sys [36928 2013-08-19] (microOLAP Technologies LTD)
S3 usbbus; C:\WINDOWS\System32\DRIVERS\lgusbbus.sys [13056 2012-03-02] (LG Electronics Inc.)
S3 UsbDiag; C:\WINDOWS\System32\DRIVERS\lgusbdiag.sys [20864 2012-03-02] (LG Electronics Inc.)
S3 USBModem; C:\WINDOWS\System32\DRIVERS\lgusbmodem.sys [25216 2012-03-02] (LG Electronics Inc.)
R0 videX32; C:\WINDOWS\System32\DRIVERS\videX32.sys [9728 2006-02-23] (VIA Technologies, Inc.)
R0 xfilt; C:\WINDOWS\System32\DRIVERS\xfilt.sys [11264 2006-02-23] (VIA Technologies,Inc)
S2 aswFsBlk; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;
S3 XDva409; \??\C:\WINDOWS\system32\XDva409.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-11 14:15 - 2014-05-11 14:16 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:12 - 2014-05-11 14:13 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 12:51 - 2014-05-11 14:15 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:51 - 2014-05-11 12:54 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:12 - 2014-05-11 11:52 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:46 - 2014-05-11 02:15 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 01:39 - 2014-05-11 12:13 - 00002546 _____ () C:\zoek-results.log
2014-05-11 01:35 - 2014-05-11 11:49 - 00000000 ____D () C:\zoek_backup
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-10 21:52 - 2014-05-10 21:55 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:48 - 2014-05-10 21:49 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 21:02 - 2014-05-11 13:41 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-10 16:07 - 2014-05-10 16:08 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-10 15:03 - 2014-05-03 07:12 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-09 21:17 - 2014-05-05 12:23 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-08 22:47 - 2014-05-06 04:46 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-29 10:29 - 2014-05-03 14:57 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-04-27 14:32 - 2014-04-18 15:17 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-27 14:27 - 2014-04-27 14:41 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-20 18:59 - 2014-04-18 15:17 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 20:01 - 2012-06-16 12:30 - 311164390 _____ () C:\Documents and Settings\CASA\Desktop\Proje-X-qpa.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-17 21:54 - 2014-05-11 02:34 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:46 - 2014-04-17 22:05 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group

==================== One Month Modified Files and Folders =======

2014-05-11 14:16 - 2014-05-11 14:15 - 00018036 _____ () C:\Documents and Settings\CASA\Desktop\FRST.txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00001019 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix[R2].txt
2014-05-11 14:15 - 2014-05-11 14:15 - 00000000 ____D () C:\FRST
2014-05-11 14:15 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\CASA\Dados de aplicativos\ZHP
2014-05-11 14:13 - 2014-05-11 14:12 - 01055232 _____ (Farbar) C:\Documents and Settings\CASA\Desktop\FRST.exe
2014-05-11 13:57 - 2014-05-11 13:57 - 00034092 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.txt
2014-05-11 13:56 - 2013-07-20 13:59 - 00001068 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-11 13:41 - 2014-05-10 21:02 - 00000000 ____D () C:\Arquivos de programas\sXe Injected
2014-05-11 13:39 - 2014-05-11 13:39 - 00002492 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFixReport.txt
2014-05-11 13:38 - 2013-12-21 13:35 - 00000000 ____D () C:\Arquivos de programas\Memory Optimizer
2014-05-11 12:54 - 2014-05-11 12:51 - 00001700 _____ () C:\Documents and Settings\CASA\Desktop\ZHPFix.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00001595 _____ () C:\Documents and Settings\CASA\Desktop\ZHPDiag.lnk
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\ZHP
2014-05-11 12:54 - 2014-05-11 12:51 - 00000000 ____D () C:\Arquivos de programas\ZHPDiag
2014-05-11 12:51 - 2013-07-20 12:57 - 00000000 __RHD () C:\Documents and Settings\CASA\Dados de aplicativos
2014-05-11 12:51 - 2013-07-20 09:39 - 00000000 ___RD () C:\Arquivos de programas
2014-05-11 12:51 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Iniciar\Programas
2014-05-11 12:13 - 2014-05-11 01:39 - 00002546 _____ () C:\zoek-results.log
2014-05-11 12:04 - 2014-02-08 13:37 - 00032284 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-11 12:04 - 2013-07-20 23:59 - 00001014 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job
2014-05-11 11:52 - 2014-05-11 12:12 - 00012274 _____ () C:\zoek-results2014-05-11-145222.log
2014-05-11 11:49 - 2014-05-11 01:35 - 00000000 ____D () C:\zoek_backup
2014-05-11 11:49 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos
2014-05-11 11:49 - 2013-07-20 09:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Documentos
2014-05-11 11:49 - 2013-07-20 09:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Dados de aplicativos
2014-05-11 11:45 - 2013-08-03 14:22 - 00000382 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-11 11:40 - 2014-02-08 13:37 - 00000298 _____ () C:\WINDOWS\wiadebug.log
2014-05-11 11:39 - 2014-02-08 13:37 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-11 11:39 - 2013-08-08 22:48 - 00000314 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-08-07 15:38 - 00000292 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-11 11:39 - 2013-07-20 13:59 - 00001064 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-11 11:39 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar
2014-05-11 11:39 - 2013-07-20 12:56 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-11 02:34 - 2014-04-17 21:54 - 00056074 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-11 02:34 - 2013-07-20 12:57 - 00000210 ___SH () C:\Documents and Settings\CASA\ntuser.ini
2014-05-11 02:15 - 2014-05-11 11:46 - 00035791 _____ () C:\zoek-results2014-05-11-051553.log
2014-05-11 02:15 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\NetworkService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\LocalService\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\Default User\Configuraþ§es locais
2014-05-11 02:10 - 2014-05-11 02:10 - 00000000 ____D () C:\Documents and Settings\CASA\Configuraþ§es locais
2014-05-11 02:10 - 2013-07-20 12:57 - 00000000 ____D () C:\Documents and Settings\CASA
2014-05-11 02:10 - 2013-07-20 12:56 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-11 01:57 - 2013-12-21 13:34 - 00000000 ____D () C:\Arquivos de programas\Wise
2014-05-11 01:57 - 2013-07-20 12:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Dados de aplicativos
2014-05-11 01:34 - 2014-05-11 01:34 - 01285120 _____ () C:\Documents and Settings\CASA\Desktop\zoek.exe
2014-05-10 22:06 - 2014-05-10 22:06 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-10 22:04 - 2014-05-10 22:04 - 01016261 _____ (Thisisu) C:\Documents and Settings\CASA\Desktop\JRT.exe
2014-05-10 21:55 - 2014-05-10 21:52 - 00000000 ____D () C:\AdwCleaner
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\SUPPORT_388945a0\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\HelpAssistant\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:15 - 00000000 ____D () C:\Documents and Settings\Convidado\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\ASPNET\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2014-02-15 11:14 - 00000000 ____D () C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Menu Iniciar\Programas
2014-05-10 21:55 - 2013-07-20 12:57 - 00000000 ___HD () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos
2014-05-10 21:49 - 2014-05-10 21:48 - 01316991 _____ () C:\Documents and Settings\CASA\Desktop\AdwCleaner.exe
2014-05-10 21:15 - 2013-07-27 21:36 - 00000000 ____D () C:\Arquivos de programas\Steam
2014-05-10 21:03 - 2014-05-10 21:03 - 00000786 _____ () C:\Documents and Settings\CASA\Desktop\sXe Injected.lnk
2014-05-10 21:03 - 2014-05-10 21:03 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\sXe Injected
2014-05-10 17:56 - 2013-07-20 22:55 - 00000000 ____D () C:\Arquivos de programas\Mozilla Maintenance Service
2014-05-10 17:40 - 2013-08-08 22:48 - 00000322 _____ () C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-10 16:08 - 2014-05-10 16:07 - 00000000 ____D () C:\Arquivos de programas\Mozilla Firefox
2014-05-09 11:20 - 2013-10-25 17:00 - 00000116 ____C () C:\WINDOWS\NeroDigital.ini
2014-05-08 22:53 - 2013-08-07 15:38 - 00000300 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-05-06 20:28 - 2001-10-28 12:07 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-06 04:46 - 2014-05-08 22:47 - 398244969 _____ () C:\Documents and Settings\CASA\Desktop\Caçadores.de.Obras.Primas.2014.Dublado-TOM.rmvb
2014-05-05 12:23 - 2014-05-09 21:17 - 450985947 _____ () C:\Documents and Settings\CASA\Desktop\O.Espetacular.Homem.Aranha.2.A.Ameaça.de.Electro.2014.TS.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-05-04 21:02 - 2013-07-31 23:08 - 00847872 ___SH () C:\Documents and Settings\CASA\Desktop\Thumbs.db
2014-05-04 00:04 - 2013-07-20 23:59 - 00000992 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job
2014-05-03 14:57 - 2014-04-29 10:29 - 00007507 _____ () C:\WINDOWS\setupapi.log
2014-05-03 07:12 - 2014-05-10 15:03 - 339940504 _____ () C:\Documents and Settings\CASA\Desktop\Jogos.Medievais.2014.BDRip.XviD.Dual.Audio-MAXi RMVB.rmvb
2014-04-30 21:12 - 2014-04-30 21:12 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-03.dmp
2014-04-30 21:12 - 2014-01-26 15:33 - 00000000 ____D () C:\WINDOWS\Minidump
2014-04-30 12:27 - 2014-04-30 12:27 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-02.dmp
2014-04-30 10:47 - 2014-04-30 10:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini043014-01.dmp
2014-04-27 15:57 - 2013-07-20 12:48 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-27 15:22 - 2013-12-21 13:35 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\SoftorinoUpdates
2014-04-27 14:41 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Plex Media Server
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\CASA\Configurações locais
2014-04-27 14:27 - 2014-04-27 14:27 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Plex Media Server
2014-04-27 14:26 - 2014-04-27 14:26 - 00000000 ____D () C:\Arquivos de programas\Plex
2014-04-26 16:22 - 2013-09-06 17:32 - 00002347 _____ () C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Reader XI.lnk
2014-04-25 22:48 - 2013-08-08 22:48 - 00000340 _____ () C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job
2014-04-25 20:41 - 2013-07-20 12:56 - 00000210 __SHC () C:\Documents and Settings\LocalService\ntuser.ini
2014-04-25 20:35 - 2013-12-20 23:34 - 00741624 _____ () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos\FontCache3.0.0.0.dat
2014-04-25 20:35 - 2013-07-20 12:56 - 00000000 ___HD () C:\Documents and Settings\LocalService\Configurações locais\Dados de aplicativos
2014-04-22 21:33 - 2014-04-22 21:33 - 00126664 _____ () C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\GDIPFONTCACHEV1.DAT
2014-04-22 10:37 - 2014-04-22 10:37 - 00090112 _____ () C:\WINDOWS\Minidump\Mini042214-01.dmp
2014-04-18 15:17 - 2014-04-27 14:32 - 278071812 _____ () C:\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 15:17 - 2014-04-20 18:59 - 278071812 _____ () C:\Documents and Settings\CASA\Desktop\O.Herdeiro.do.Diabo.BDRip.Xvid.Dual.Áudio-Coveiro RMVB.rmvb
2014-04-18 14:40 - 2014-04-18 14:40 - 00000080 _____ () C:\WINDOWS\DirectX.log
2014-04-18 12:47 - 2013-09-03 21:24 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2014-04-17 22:05 - 2014-04-17 21:46 - 00000000 ____D () C:\Arquivos de programas\Counter Strike 1.6
2014-04-17 21:53 - 2014-04-17 21:53 - 00376056 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-17 21:49 - 2014-04-17 21:49 - 00001770 _____ () C:\Documents and Settings\CASA\Desktop\Dedicated Server.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00001738 _____ () C:\Documents and Settings\CASA\Desktop\Counter Strike 1.6.lnk
2014-04-17 21:49 - 2014-04-17 21:49 - 00000000 ____D () C:\Documents and Settings\CASA\Menu Iniciar\Programas\Counter Strike 1.6 - 2013
2014-04-17 21:37 - 2014-04-17 21:37 - 00000973 _____ () C:\Documents and Settings\CASA\Desktop\Revo Uninstaller.lnk
2014-04-17 21:37 - 2014-04-17 21:37 - 00000000 ____D () C:\Arquivos de programas\VS Revo Group
2014-04-12 21:54 - 2013-07-20 12:57 - 00000000 ___RD () C:\Documents and Settings\CASA\Meus documentos\Minhas imagens

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 1035776 ____A (Microsoft Corporation) 064ec7ff5f58b928c3e119402977fa6d

C:\WINDOWS\system32\winlogon.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0509952 ____A (Microsoft Corporation) 71d440f79b711627b12b567fb2eadb42

C:\WINDOWS\system32\svchost.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0014336 ____A (Microsoft Corporation) ed2d69cd4b0ebe37efe11d4dc4abc68f

C:\WINDOWS\system32\services.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0109056 ____A (Microsoft Corporation) ee7999baaca84cfaa03726e677ee2a33

C:\WINDOWS\system32\User32.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0579072 ____A (Microsoft Corporation) 54907db28872a7a6d3ee2b4747a23828

C:\WINDOWS\system32\userinit.exe
[2004-08-03 21:45] - [2008-04-13 19:21] - 0026112 ____A (Microsoft Corporation) a7ea40f680163808d96f89b4ff991876

C:\WINDOWS\system32\rpcss.dll
[2004-08-03 21:45] - [2008-04-13 19:20] - 0399360 ____A (Microsoft Corporation) e34a1b6160a90c7cb90bf2ee8d6ad921

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\WINDOWS\system32\Drivers\volsnap.sys
[2004-08-03 21:37] - [2008-04-13 18:53] - 0053248 ____A (Microsoft Corporation) eb6b1e2c984d84470ff4fe7ef98cd44a


==================== End Of Log ============================
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 14:22

Additional scan result of Farbar Recovery Scan Tool (x86) Version:11-05-2014
Ran by CASA at 2014-05-11 14:16:58
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30446 - BitTorrent Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
ClPhpEd(remove only) (HKLM\...\ClPhpEd) (Version:  - )
Counter Strike 1.6 - 2013 (HKLM\...\Counter Strike 1.6 - 2013) (Version:  - )
Counter-Strike (HKLM\...\Steam App 10) (Version:  - Valve)
Defraggler (HKLM\...\Defraggler) (Version: 2.17 - Piriform)
Desinstalar impressora EPSON TX220 Series (HKLM\...\EPSON TX220 Series) (Version:  - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EVEREST Ultimate Edition v5.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - FinalWire Ltd.)
Exedb Anti Malware Scanner (HKLM\...\Exedb Anti Malware Scanner) (Version: 1.6 - File Info)
Facebook Video Calling 2.0.0.447 (HKLM\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
FormatFactory 3.2.0.1 (HKLM\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Gerenciador de Downloads (HKCU\...\a54e16f5d00985b6) (Version: 0.9.3.106 - Level Up! Gerenciador)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Horizon v2.7.6.2 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.6.2 - Daring Development Inc.)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
LG United Mobile Driver (HKLM\...\{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}) (Version: 3.7.2.0 - LG Electronics)
Magicka (HKLM\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Memory Optimizer version 1.2.0 (HKLM\...\{223235FD-A039-4A37-9115-4776E93EEA8B}_is1) (Version: 1.2.0 - Softorino)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB (HKLM\...\{3F31F3B5-C1FF-3708-8611-869DE39C0CB6}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB (HKLM\...\{B1FA73D8-AB79-3A2E-81AC-DBBAC155B2FE}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - ptb (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended PTB Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60831.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (Portuguese (Brazil)) 12 (Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
MiPony 2.0.2 (HKLM\...\MiPony) (Version: 2.0.2 - )
Movier 1.0.19 (HKLM\...\Movier) (Version: 1.0.19 - )
Mozilla Firefox 29.0.1 (x86 pt-BR) (HKLM\...\Mozilla Firefox 29.0.1 (x86 pt-BR)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
MyEpson Portal (Version: 1.0.0.0 - SEIKO EPSON CORPORATION) Hidden
Mz Game Accelerator (HKLM\...\MzGameAccelerator_is1) (Version: 1.1.0 - Mz Game Accelerator)
Nero 7 Ultra Edition (HKLM\...\{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1046}) (Version: 7.02.2780 - Nero AG)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.1 - Notepad++ Team)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - ptb) (Version:  - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Client Profile PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil) (HKLM\...\Microsoft .NET Framework 4 Extended PTB Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
PaintTool SAI (HKLM\...\PaintTool SAI1.1.0) (Version: 1.1.0 - Eddie Sekiguchi Softwares)
PhotoScape (HKLM\...\PhotoScape) (Version:  - )
Pid  (HKLM\...\Steam App 218740) (Version:  - Might and Delight)
Platform (Version: 1.21 - VIA Technologies, Inc.) Hidden
Plex Media Server (HKLM\...\{e9921c42-812d-4b39-9c02-612724349e82}) (Version: 0.9.907 - Plex, Inc.)
Plex Media Server (Version: 0.9.907 - Plex, Inc.) Hidden
RealDownloader (Version: 1.3.2 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.2 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SnapPea (HKLM\...\Wandoujia2) (Version:  - Wandou Labs)
Songr (HKCU\...\Songr) (Version: 2.0.2111 - Xamasoft)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
sXe Injected (HKLM\...\sXe Injected) (Version: 15.1.1.0 - Alejandro Cortés)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
UltraISO Premium V9.6 (HKLM\...\UltraISO_is1) (Version:  - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.21 - VIA Technologies, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 7 (HKLM\...\ie7) (Version: 20070813.185237 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080413.144515 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.91 (HKLM\...\Wise Registry Cleaner_is1) (Version: 7.91 - WiseCleaner.com, Inc.)
XML Paper Specification Shared Components Language Pack 1.0 (Version:  - Microsoft Corporation) Hidden
ZHPDiag 2014 (HKLM\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)

==================== Restore Points  =========================

05-04-2014 10:48:15 Ponto de verificação do sistema
05-04-2014 18:54:44 Ponto de verificação do sistema
07-04-2014 14:58:38 Ponto de verificação do sistema
18-04-2014 00:39:35 Revo Uninstaller's restore point - Counter Strike 1.6 - 2013
20-04-2014 16:53:10 Ponto de verificação do sistema
27-04-2014 13:51:35 Ponto de verificação do sistema
27-04-2014 14:36:19 Plex Media Server
27-04-2014 17:25:41 Plex Media Server
29-04-2014 02:20:55 Ponto de verificação do sistema
30-04-2014 15:28:15 avast! antivirus system restore point
03-05-2014 22:35:14 Ponto de verificação do sistema
05-05-2014 23:08:03 Ponto de verificação do sistema
08-05-2014 23:58:26 Ponto de verificação do sistema
10-05-2014 19:24:26 Ponto de verificação do sistema
10-05-2014 21:04:20 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:05:22 Revo Uninstaller's restore point - Baidu Antivirus
10-05-2014 21:06:10 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:32:17 Revo Uninstaller's restore point - Baidu PC Faster
10-05-2014 21:37:24 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:45:10 Revo Uninstaller's restore point - sXe Injected
10-05-2014 23:50:08 Revo Uninstaller's restore point - sXe Injected
11-05-2014 04:39:33 zoek.exe restore point
11-05-2014 14:46:58 zoek.exe restore point
11-05-2014 15:12:42 zoek.exe restore point
11-05-2014 16:38:57 ZHPFix Restore System Point
11-05-2014 17:15:21 ZHPFix Restore System Point

==================== Hosts content: ==========================

2001-10-28 12:06 - 2014-05-11 01:39 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Arquivos de programas\Alwil Software\Avast5\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003Core.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1935655697-1326574676-682003330-1003UA.job => C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\recordingmanager.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\RealNetworks\RealDownloader\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1935655697-1326574676-682003330-1003.job => C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2013-07-20 14:58 - 2006-07-24 23:33 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2012-06-18 12:24 - 2012-06-18 12:24 - 00260096 _____ () C:\Arquivos de programas\Notepad++\NppShell_05.dll
2014-05-11 11:41 - 2014-05-11 03:04 - 02253312 _____ () C:\Arquivos de programas\Alwil Software\Avast5\defs\14051100\algo.dll
2014-01-13 16:44 - 2014-01-13 16:44 - 19336120 _____ () C:\Arquivos de programas\Alwil Software\Avast5\libcef.dll
2013-04-16 03:07 - 2013-04-16 03:07 - 00039056 _____ () C:\Arquivos de programas\RealNetworks\RealDownloader\rndlresolversvc.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^CASA^Menu Iniciar^Programas^Inicializar^wandoujia_helper.lnk => C:\WINDOWS\pss\wandoujia_helper.lnkStartup
MSCONFIG\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: EEventManager => "C:\Arquivos de programas\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPSON TX220 Series => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGDL.EXE /FU "C:\WINDOWS\TEMP\E_S15.tmp" /EF "HKCU"
MSCONFIG\startupreg: Facebook Update => "C:\Documents and Settings\CASA\Configurações locais\Dados de aplicativos\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: MSMSGS => "C:\Arquivos de programas\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: NeroFilterCheck => C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NvMediaCenter => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MSCONFIG\startupreg: nwiz => nwiz.exe /install
MSCONFIG\startupreg: Skype => "C:\Arquivos de programas\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: TkBellExe => "C:\Arquivos de programas\Real\RealPlayer\update\realsched.exe"  -osboot

==================== Faulty Device Manager Devices =============

Name: USB Device
Description: USB Device
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2014 10:12:02 PM) (Source: SecurityCenter) (User: ) (EventID: 1802)
Description: O Serviço da Central de Segurança do Windows não pôde estabelecer consultas de evento com o WMI para monitorar Firewall e Antivírus de terceiros.

Error: (04/21/2014 10:12:02 PM) (Source: WinMgmt) (User: ) (EventID: 28)
Description: O WinMgmt não pôde inicializar as partes principais. Isso pode ter ocorrido devido a uma versão mal instalada do WinMgmt, a falha de atualização do respositório do WinMgmt ou a memória insuficiente.

Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2006)
Description: Não foi possível ler dados de desempenho da fila do servidor a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é DWORD 2.

Error: (02/08/2014 00:50:31 PM) (Source: PerfNet) (User: ) (EventID: 2005)
Description: Não foi possível ler dados de desempenho a partir do serviço do servidor.
Nenhum dado de desempenho do servidor será retornado nesse exemplo.
O código de erro retornado está no dado DWORD 0, IOSB.Status é o DWORD 1 e
a IOSB.Information é o DWORD 2.


System errors:
=============
Error: (05/11/2014 11:48:04 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BPROTECT\0000 desapareceu do sistema sem ser preparado para remoção.

Error: (05/11/2014 11:47:59 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BNDEF\0000 desapareceu do sistema sem ser preparado para remoção.

Error: (05/11/2014 11:47:48 AM) (Source: PlugPlayManager) (User: ) (EventID: 11)
Description: O dispositivo Root\LEGACY_BHBASE\0000 desapareceu do sistema sem ser preparado para remoção.

Error: (05/11/2014 11:39:56 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2

Error: (05/11/2014 02:15:25 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2

Error: (05/11/2014 02:15:24 AM) (Source: Print) (User: AUTORIDADE NT) (EventID: 19)
Description: Falha ao compartilhar impressora: + 1722; impressora EPSON TX220 Series, nome de compartilhamento EPSONTX2.

Error: (05/11/2014 01:23:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403

Error: (05/11/2014 01:18:00 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At2.job falhou ao iniciar devido ao seguinte erro:
%%2147942403

Error: (05/11/2014 00:56:08 AM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Não foi possível iniciar o serviço aswFsBlk devido ao seguinte erro:
%%2

Error: (05/11/2014 00:23:19 AM) (Source: Schedule) (User: ) (EventID: 7901)
Description: O comando At3.job falhou ao iniciar devido ao seguinte erro:
%%2147942403


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 1534.42 MB
Available physical RAM: 1042.34 MB
Total Pagefile: 3430.64 MB
Available Pagefile: 3100.39 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.08 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:10.12 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 75 GB) (Disk ID: 0BA80BA8)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 14:47

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 15:08

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:11-05-2014 01
Ran by CASA at 2014-05-11 15:03:14 Run:1
Running from C:\Documents and Settings\CASA\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
Startup: C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk
ShortcutTarget: PC App Store Uninstall 3.14.9.3480.lnk -> C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchKeyword: websearch
CHR DefaultSearchProvider: WebSearch
CHR DefaultSearchURL: [Você precisa estar registrado e conectado para ver este link.]
CHR DefaultNewTabURL:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
AlternateDataStreams: C:\Documents and Settings\All Users\Dados de aplicativos\TEMP:373E1720
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61}
end
*****************

C:\Documents and Settings\CASA\Menu Iniciar\Programas\Inicializar\PC App Store Uninstall 3.14.9.3480.lnk => Moved successfully.
C:\Documents and Settings\CASA\Dados de aplicativos\Baidu Security\PC App Store\3.14.9.3480\Uninstall\PC App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstall" -ini "OpenUrl.ini not found.
C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR DefaultSearchKeyword: websearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: WebSearch ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: [Você precisa estar registrado e conectado para ver este link.] ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Documents and Settings\All Users\Dados de aplicativos\TEMP => ":373E1720" ADS removed successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\BavSvc => Key deleted successfully.
AV: Baidu Antivirus (Disabled - Up to date) {4B1BC635-7555-4a6b-8503-768A266DCA61} => The item is protected. Make sure the software is uninstalled and its services are removed.


The system needed a reboot.

==== End of Fixlog ====
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Power Max em Dom 11 Maio 2014, 15:16

Reinicie o PC para que o Farbar complete a limpeza.

Depois disto abra o Google Chrome > clique nas três linhas no canto superior direito da tela dele e clique em Configurações > Clique em Mostrar configurações avançadas > Veja tudo que esteja configurado relativo a websearch e configure de volta para os valores corretos. Depois disto desça até o fim da página e clique em Redefinir configurações do navegador.

Depois disto nos diga como está o Chrome e o PC como um todo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Preciso de ajuda para remover o Baidu por completo

Mensagem por guijorge em Dom 11 Maio 2014, 16:30

Tudo OK. Eu não conseguia mais mexer no Chrome, porque ele estava travando muito e cheio de coisas instaladas nele, por isso estava usando o FireFox, agora está tudo ok.
O Computador melhorou bastante e já consigo usar os programas que davam problema por causa do Baidu.

achei que ia ter que formatar meu pc, sorte que achei esse forum, VLW!!
avatar
guijorge
Iniciante
Iniciante

Mensagens : 14
Reputação : 0
Data de inscrição : 10/05/2014

Voltar ao Topo Ir em baixo

Re: Preciso de ajuda para remover o Baidu por completo

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum