Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 42 usuários online :: 0 registrados, 0 invisíveis e 42 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Problemas com Baidu - Notebook
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 14:27
Conforme havia falado anteriormente nesse tópico: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] , venho por meio deste novo tópico solicitar ajuda em outros computadores contra essa praga do baidu agora em meu notebook.
Segue abaixo o log do adwcleaner:
# AdwCleaner v3.210 - Relatório criado 19/05/2014 às 14:17:32
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : AUGUSTO - AUGUSTO-PC
# Executando de : C:\AdwCleaner 3.210\adwcleaner_3.210.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\APN PIP
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
*************************
AdwCleaner[R0].txt - [6753 octets] - [19/05/2014 13:18:46]
AdwCleaner[R1].txt - [1031 octets] - [19/05/2014 14:17:00]
AdwCleaner[S0].txt - [4205 octets] - [19/05/2014 13:19:17]
AdwCleaner[S1].txt - [899 octets] - [19/05/2014 14:17:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [958 octets] ##########
Segue abaixo o log do adwcleaner:
# AdwCleaner v3.210 - Relatório criado 19/05/2014 às 14:17:32
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuário : AUGUSTO - AUGUSTO-PC
# Executando de : C:\AdwCleaner 3.210\adwcleaner_3.210.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Users\AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\APN PIP
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Google Chrome v34.0.1847.131
*************************
AdwCleaner[R0].txt - [6753 octets] - [19/05/2014 13:18:46]
AdwCleaner[R1].txt - [1031 octets] - [19/05/2014 14:17:00]
AdwCleaner[S0].txt - [4205 octets] - [19/05/2014 13:19:17]
AdwCleaner[S1].txt - [899 octets] - [19/05/2014 14:17:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [958 octets] ##########
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 14:29
Olá.Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 19 maio 2014, 16:15, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 15:03
Segue o log do Zoek:
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by AUGUSTO on 19/05/2014 at 14:30:12,72.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\zoek_backup\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-19-163213.log 27497 bytes
C:\zoek-results2014-05-19-164216.log 17984 bytes
==== System Restore Info ======================
19/05/2014 14:31:45 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\AUGUSTO\AppData\Roaming\burnaware.ini deleted
==== Folders Found ======================
2014-05-19 16:19:18 2014-05-19 16:19:18 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu\Baidu Antivirus
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-19 17:02:23 2014-05-19 17:02:23 -------- d-----w- C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu
2013-11-13 02:02:39 2013-11-13 02:19:51 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security
2013-12-22 23:12:29 2013-12-22 23:12:29 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-22 23:12:29 2013-12-22 23:12:29 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-24 14:07:52 2014-03-24 14:07:52 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-24 14:07:52 2014-03-24 14:07:52 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-20 15:51:43 2013-12-20 15:51:43 -------- d-----w- C:\Users\AUGUSTO\Documents\Baidu Security
2014-03-13 19:46:59 2014-03-23 20:50:42 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-19 16:39:39 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-19 16:39:39 2014-05-19 16:39:40 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-19 16:39:41 2014-05-19 16:39:41 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-19 16:39:42 2014-05-19 16:39:42 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\zoek_backup\Excluir Baidu.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11911
Created time: 2014-05-19 16:36:09
Modified time: 2014-05-18 02:39:25
MD5: FBB534D7B827563700E08C8BC446D537
SHA1: 188E8B5F36EDA07401D60F29CB3CA13904670E62
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [29/01/2014 15:42]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[05/09/2013 11:04]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[05/09/2013 09:52]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[20/04/2014 08:37]
Comodo Drag&Drop Service - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Share Page Service - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
GBBD Banco do Brasil - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Google Wallet - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Adobe Acrobat - Create PDF - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Google Wallet - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\AUGUSTO\Desktop\AULA - Atalho.lnk - C:\Users\AUGUSTO\AULA
C:\Users\AUGUSTO\Desktop\PAUTAS 2014 - Atalho.lnk - C:\Users\AUGUSTO\AULA\DOCUMENTOS\PAUTAS 2014
==== shortcuts in Users Start Menu ======================
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSafe\PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSafe\Uninstall PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\7.5.1.116\installer\setup.exe --uninstall
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Uninstall.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Advanced Tag Editor.lnk - C:\Program Files (x86)\AIMP3\AIMP3ate.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Converter.lnk - C:\Program Files (x86)\AIMP3\AIMP3ac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Library.lnk - C:\Program Files (x86)\AIMP3\AIMP3lib.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Home Page.lnk - C:\Program Files (x86)\AIMP3\AIMP3.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3.lnk - C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\History.lnk - C:\Program Files (x86)\AIMP3\history.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\License.lnk - C:\Program Files (x86)\AIMP3\license.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\Uninstall.lnk - C:\Program Files (x86)\AIMP3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\BurnAware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\Desinstalar BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\Help.lnk - C:\Program Files (x86)\BurnAware Professional\burnaware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre8\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre8\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter64.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw64.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\x264vfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\xvidvfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag Help.lnk - C:\Program Files (x86)\Mp3tag\help\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag.lnk - C:\Program Files (x86)\Mp3tag\Mp3tag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Uninstall Mp3tag.lnk - C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Version history.lnk - C:\Program Files (x86)\Mp3tag\Mp3tagVersion.txt
==== shortcuts in Quick Launch ======================
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat XI Pro.lnk - C:\Windows\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\BurnAware.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CCleaner - Atalho.lnk - C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dicionário eletrônico Houaiss 3.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FastCopy.lnk - C:\Program Files (x86)\FastCopy\FastCopy.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GPBe - GUIA POSTAL BRASILEIRO ELETRÔNICO®.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LibreOffice.lnk - C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic DVD Copier.lnk - C:\Program Files (x86)\MagicDVDCopier\MagicDVDCopier.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic DVD Ripper.lnk - C:\Program Files (x86)\MagicDVDRipper\MagicDVDRipper.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MartView.lnk - C:\Program Files (x86)\MartView\MartView.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Burning ROM.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\trojankiller - Atalho.lnk - C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VirtualDub - Atalho.lnk - C:\VirtualDub-1.9.11\VirtualDub.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AIMP3.lnk - C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Intelligent Update.lnk - C:\Program Files (x86)\lg_swupdate\autoupdate.exe giljabi
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Network Manager.lnk - C:\Program Files (x86)\LG Software\LG Network Manager\LGLauncher.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Smart Share.lnk - C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe DMC
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Speed Manager.lnk - C:\Windows\Installer\{6DE1ED57-A361-40D1-9248-DE63AC9557E1}\_10CE1824F025DE93BB8D35.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Magic-i Visual Effects 2.lnk - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\System Restore.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WebCam Companion 4.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 4\uWebCam.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AUGUSTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AUGUSTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Cache emptied successfully
C:\Users\AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=421 folders=85 82292106 bytes)
==== Empty Temp Folders ======================
C:\Users\AUGUSTO\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\AUGUSTO\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 19/05/2014 at 14:40:34,82 ======================
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by AUGUSTO on 19/05/2014 at 14:30:12,72.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\zoek_backup\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-19-163213.log 27497 bytes
C:\zoek-results2014-05-19-164216.log 17984 bytes
==== System Restore Info ======================
19/05/2014 14:31:45 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\AUGUSTO\AppData\Roaming\burnaware.ini deleted
==== Folders Found ======================
2014-05-19 16:19:18 2014-05-19 16:19:18 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu\Baidu Antivirus
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-19 17:02:23 2014-05-19 17:02:23 -------- d-----w- C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu
2013-11-13 02:02:39 2013-11-13 02:19:51 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security
2013-12-22 23:12:29 2013-12-22 23:12:29 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-22 23:12:29 2013-12-22 23:12:29 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-24 14:07:52 2014-03-24 14:07:52 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-24 14:07:52 2014-03-24 14:07:52 -------- d-----w- C:\Users\AUGUSTO\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-20 15:51:43 2013-12-20 15:51:43 -------- d-----w- C:\Users\AUGUSTO\Documents\Baidu Security
2014-03-13 19:46:59 2014-03-23 20:50:42 -------- d-----w- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-19 16:39:39 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-19 16:39:39 2014-05-19 16:39:40 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-19 16:39:41 2014-05-19 16:39:41 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-19 16:39:42 2014-05-19 16:39:42 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
==== Files Found ======================
--- C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2012-04-10 09:30:26
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
--- C:\zoek_backup\Excluir Baidu.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11911
Created time: 2014-05-19 16:36:09
Modified time: 2014-05-18 02:39:25
MD5: FBB534D7B827563700E08C8BC446D537
SHA1: 188E8B5F36EDA07401D60F29CB3CA13904670E62
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [29/01/2014 15:42]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[05/09/2013 11:04]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[05/09/2013 09:52]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[20/04/2014 08:37]
Comodo Drag&Drop Service - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aneodkojaglhnkkdbbdnmmmgimlcaogo
Comodo Web Inspector - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bdngekjahnmlkinegnhdmmbcfnmbclnn
Comodo Share Page Service - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mcmdgbiocnkpnaccjkailibfgepaccgf
GBBD Banco do Brasil - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Google Wallet - AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Adobe Acrobat - Create PDF - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
Google Wallet - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Web Data was reset successfully
==== shortcuts on Users Desktops ======================
C:\Users\AUGUSTO\Desktop\AULA - Atalho.lnk - C:\Users\AUGUSTO\AULA
C:\Users\AUGUSTO\Desktop\PAUTAS 2014 - Atalho.lnk - C:\Users\AUGUSTO\AULA\DOCUMENTOS\PAUTAS 2014
==== shortcuts in Users Start Menu ======================
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSafe\PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PSafe\Uninstall PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\7.5.1.116\installer\setup.exe --uninstall
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Uninstaller PRO\Uninstall.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Advanced Tag Editor.lnk - C:\Program Files (x86)\AIMP3\AIMP3ate.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Converter.lnk - C:\Program Files (x86)\AIMP3\AIMP3ac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Audio Library.lnk - C:\Program Files (x86)\AIMP3\AIMP3lib.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3 Home Page.lnk - C:\Program Files (x86)\AIMP3\AIMP3.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\AIMP3.lnk - C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\History.lnk - C:\Program Files (x86)\AIMP3\history.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\License.lnk - C:\Program Files (x86)\AIMP3\license.rtf
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3\Uninstall.lnk - C:\Program Files (x86)\AIMP3\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\BurnAware.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\Desinstalar BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BurnAware Professional\Help.lnk - C:\Program Files (x86)\BurnAware Professional\burnaware.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre8\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre8\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter64.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\ff_vfw.dll",configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow64\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw64.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\x264vfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\xvidvfw.dll",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag Help.lnk - C:\Program Files (x86)\Mp3tag\help\index.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Mp3tag.lnk - C:\Program Files (x86)\Mp3tag\Mp3tag.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Uninstall Mp3tag.lnk - C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag\Version history.lnk - C:\Program Files (x86)\Mp3tag\Mp3tagVersion.txt
==== shortcuts in Quick Launch ======================
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Adobe Acrobat XI Pro.lnk - C:\Windows\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Advanced Uninstaller PRO 11.lnk - C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BurnAware Professional.lnk - C:\Program Files (x86)\BurnAware Professional\BurnAware.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\CCleaner - Atalho.lnk - C:\Program Files (x86)\CCleaner\CCleaner.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Dicionário eletrônico Houaiss 3.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FastCopy.lnk - C:\Program Files (x86)\FastCopy\FastCopy.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GPBe - GUIA POSTAL BRASILEIRO ELETRÔNICO®.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\LibreOffice.lnk - C:\Program Files (x86)\LibreOffice 4.0\program\soffice.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic DVD Copier.lnk - C:\Program Files (x86)\MagicDVDCopier\MagicDVDCopier.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Magic DVD Ripper.lnk - C:\Program Files (x86)\MagicDVDRipper\MagicDVDRipper.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MartView.lnk - C:\Program Files (x86)\MartView\MartView.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\xlicons.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pptico.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\pubs.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Burning ROM.lnk - C:\Windows\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\trojankiller - Atalho.lnk - C:\Program Files (x86)\GridinSoft Trojan Killer\trojankiller.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VirtualDub - Atalho.lnk - C:\VirtualDub-1.9.11\VirtualDub.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\AIMP3.lnk - C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Command Prompt.lnk - C:\Windows\system32\cmd.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Intelligent Update.lnk - C:\Program Files (x86)\lg_swupdate\autoupdate.exe giljabi
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Network Manager.lnk - C:\Program Files (x86)\LG Software\LG Network Manager\LGLauncher.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Smart Share.lnk - C:\Program Files (x86)\LG Software\LG Smart Share\SmartShareStart.exe DMC
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\LG Speed Manager.lnk - C:\Windows\Installer\{6DE1ED57-A361-40D1-9248-DE63AC9557E1}\_10CE1824F025DE93BB8D35.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Magic-i Visual Effects 2.lnk - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\oisicon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\System Restore.lnk -
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\WebCam Companion 4.lnk - C:\Program Files (x86)\ArcSoft\WebCam Companion 4\uWebCam.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Comodo Dragon.lnk - C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PSafe Web.lnk - C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AUGUSTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\AUGUSTO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\User Data\Default\Cache emptied successfully
C:\Users\AUGUSTO\AppData\Local\Comodo\Dragon\User Data\Default\Cache emptied successfully
C:\Users\AUGUSTO\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=421 folders=85 82292106 bytes)
==== Empty Temp Folders ======================
C:\Users\AUGUSTO\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\AUGUSTO\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 19/05/2014 at 14:40:34,82 ======================
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 15:49
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 19 maio 2014, 16:10, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:06
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by AUGUSTO on 19/05/2014 at 15:59:11,55.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\zoek_backup\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-19-163213.log 27497 bytes
C:\zoek-results2014-05-19-164216.log 17984 bytes
C:\zoek-results2014-05-19-174034.log 29028 bytes
==== System Restore Info ======================
19/05/2014 16:00:57 Zoek.exe System Restore Point Created Succesfully.
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
==== Deleting Files \ Folders ======================
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu deleted
C:\Users\AUGUSTO\AppData\Roaming\Baidu Security deleted
C:\Users\AUGUSTO\Documents\Baidu Security deleted
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Baidu Security deleted
==== Folders Found ======================
2014-05-19 16:19:18 2014-05-19 16:19:18 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu\Baidu Antivirus
2014-05-19 16:19:19 2014-05-19 16:19:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-19 16:39:39 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-19 19:01:17 2014-05-19 19:01:17 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_FreeTime_FormatFactory_FFModules_Package_BaiDu
2014-05-19 16:39:39 2014-05-19 16:39:40 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-19 16:39:41 2014-05-19 16:39:41 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-19 19:01:17 2014-05-19 19:01:18 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_Documents_Baidu Security
2014-05-19 16:39:42 2014-05-19 16:39:42 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-19 19:01:19 2014-05-19 19:01:19 -------- d---a-w- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Roaming_Baidu Security
2014-05-19 16:39:38 2014-05-19 16:39:39 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-19 19:01:18 2014-05-19 19:01:18 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-19 19:01:18 2014-05-19 19:01:18 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-19 19:01:18 2014-05-19 19:01:18 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-19 19:01:18 2014-05-19 19:01:18 -------- d---a-w- C:\zoek_backup\C_Users_AUGUSTO_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\Excluir Baidu.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 11911
Created time: 2014-05-19 16:36:09
Modified time: 2014-05-18 02:39:25
MD5: FBB534D7B827563700E08C8BC446D537
SHA1: 188E8B5F36EDA07401D60F29CB3CA13904670E62
--- C:\zoek_backup\C_Program Files (x86)_FreeTime_FormatFactory_FFModules_Package_BaiDu\Baidu-TB-ASBar.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1358792
Created time: 2014-05-19 19:01:17
Modified time: 2012-04-10 09:30:26
MD5: D848EF0636EA49D340F074F939DB817B
SHA1: 56A9D762D288AB173B7BFD42C9902E12B673BDB7
==== Registry Search Results for "Baidu" ======================
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"="Baidu"
"url"="^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/s\\\\?.+"
"ign"="^http(s)?\\:\\/\\/([\\w\\-]+\\.)*baidu\\.com\\/"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=488 folders=144 134086300 bytes)
==== EOF on 19/05/2014 at 16:02:25,17 ======================
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 16:09
Como está o PC? O Baidu ainda aparece?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:14
Sim. Entrei no regedit e solicitei a pesquisa. Ele ainda está lá.
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 16:16
Faça o download do SystemLook.exe no endereço abaixo e salve no seu Desktop (área de trabalho):[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*** Para usuários do usuários do Windows Vista ou Windows 7: Clique com o direito sobre o arquivo SystemLook.exe, depois clique em [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Após abrir o SystemLook.exe, selecione, copie todo este texto destacado em vermelho abaixo:
:filefind
baidu
:folderfind
baidu
:regfind
baidu
Cole o texto que você acabou de copiar na caixa de texto do SystemLook.
Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop.
Selecione, copie e cole o conteúdo deste log na sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:18
SystemLook 30.07.11 by jpshortstuff
Log created at 16:18 on 19/05/2014 by AUGUSTO
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [16:19 19/05/2014]
C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu d------ [16:19 19/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [16:19 19/05/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"="Baidu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/s\\?.+"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"="Baidu"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/s\\?.+"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu"
-= EOF =-
Log created at 16:18 on 19/05/2014 by AUGUSTO
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "baidu"
No files found.
========== folderfind ==========
Searching for "baidu"
C:\AdwCleaner\Quarantine\C\ProgramData\baidu d------ [16:19 19/05/2014]
C:\AdwCleaner\Quarantine\C\Users\AUGUSTO\AppData\Roaming\baidu d------ [16:19 19/05/2014]
C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu d------ [16:19 19/05/2014]
========== regfind ==========
Searching for "baidu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"="Baidu"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/s\\?.+"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"="Baidu"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/s\\?.+"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"="^http(s)?\:\/\/([\w\-]+\.)*baidu\.com\/"
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"="Computador\HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu"
-= EOF =-
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 16:25
Desative temporariamente seu antivírus para evitar conflitos.
* Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
* Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 19 maio 2014, 16:49, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:32
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by AUGUSTO on 19/05/2014 at 16:27:25,78.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\zoek_backup\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-19-163213.log 27497 bytes
C:\zoek-results2014-05-19-164216.log 17984 bytes
C:\zoek-results2014-05-19-174034.log 29028 bytes
C:\zoek-results2014-05-19-190225.log 6978 bytes
==== System Restore Info ======================
19/05/2014 16:29:36 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"=-
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"=-
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"=-
[-HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"display"=-
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"url"=-
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
"ign"=-
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit]
"LastKey"=-
==== Registry Search Results for "Baidu" ======================
[HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=488 folders=144 134086300 bytes)
==== EOF on 19/05/2014 at 16:30:10,36 ======================
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 16:43
Desative temporariamente seu antivírus para evitar conflitos.
* Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
* Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 19 maio 2014, 16:48, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:46
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by AUGUSTO on 19/05/2014 at 16:45:03,31.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\zoek_backup\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-19-163213.log 27497 bytes
C:\zoek-results2014-05-19-164216.log 17984 bytes
C:\zoek-results2014-05-19-174034.log 29028 bytes
C:\zoek-results2014-05-19-190225.log 6978 bytes
C:\zoek-results2014-05-19-193010.log 2249 bytes
==== System Restore Info ======================
19/05/2014 16:45:26 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-3017986429-1126910041-354602710-1000\Software\AppDataLow\Software\Against Intuition\WOT\search\baidu]
==== Registry Search Results for "Baidu" ======================
No instances of string "Baidu" found.
==== C:\zoek_backup content ======================
C:\zoek_backup (files=488 folders=144 134086300 bytes)
==== EOF on 19/05/2014 at 16:45:59,95 ======================
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 16:49
Entrei no regedit e ele continua 
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 16:52
Tem como você capturar a tela com o print screen e postar aqui para vermos?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 17:16
Vá no site abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Clique no botão azul (com a frase Download Now) para fazer o download do ZHPDiag. Depois disto execute o ZHPDiag seguindo as dicas do tutorial abaixo e depois poste o relatório dele para análise:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Clique no botão azul (com a frase Download Now) para fazer o download do ZHPDiag. Depois disto execute o ZHPDiag seguindo as dicas do tutorial abaixo e depois poste o relatório dele para análise:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 17:22
~ Relatório do ZHPDiag v2014.5.19.68 - Nicolas Coolman (19/05/2014)
~ Iniciado por AUGUSTO (19/05/2014 17:19:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.5.0216.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.06
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6043 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 566 GB (82%) free of 688 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AUGUSTO-PC
~ User Name: AUGUSTO
~ All Users Names: Convidado, AUGUSTO, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\AUGUSTO\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\AUGUSTO\AppData\Roaming\
~ %Desktop% : C:\Users\AUGUSTO\Desktop\
~ %Favorites% : C:\Users\AUGUSTO\Favorites\
~ %LocalAppData% : C:\Users\AUGUSTO\AppData\Local\
~ %StartMenu% : C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 566 Go of 688 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1351
~ Mes musiques (My Musics) : 1/6021
~ Mes Videos (My Videos) : 1/10331
~ Mes Favoris (My Favorites) : 1/230
~ Mes Documents (My Documents) : 1/157
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.6143D3A50EB088AFA5C901D17ADBF85A] - (.Innovative Solutions - Innovative Auto Stp.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\innostp.exe [1039824] [PID.2628]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4012]
[MD5.932985C87544E035AD5136E337F77278] - (...) -- C:\Program Files (x86)\Antirun\antirun.exe [649216] [PID.4048]
[MD5.F505FED2BE73AD26D2941A0CBCEF2DB5] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128] [PID.3384]
[MD5.B393D99763E79F71E732BD19EB272F28] - (.Motorola Solutions, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1832016] [PID.2832]
[MD5.CD7311264BF0653FF34754D93A3A3806] - (.PSafe - PSafeWeb.) -- C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe [2042568] [PID.3888]
[MD5.44784D4AC3DA254F54BFD2249AD2D2EB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7876096] [PID.3972]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.1012]
[MD5.EAC2FBBA92E0CD5C74EDF77AD4E201B2] - (...) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232] [PID.1828]
[MD5.D4A7FACFDF041069531DC0185879ECF6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144] [PID.2044]
[MD5.BD92C70F1914C57022407F359FDFF59F] - (.ArcSoft, Inc. - MgiSvr.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [110592] [PID.1168]
[MD5.C2535C4DE2FDE23B8AEF917BAF42909B] - (...) -- C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880] [PID.3140]
[MD5.BE421E3E33EE3BD63F0AA99E28CFE258] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.348]
[MD5.EE41A1785162D3C1DB7A574D9BC2019D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.3836]
[MD5.507E96F4BF60BBFBC7FFDC6E2F4A01C9] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.2552]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: (no name) [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Chave orfã
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [FB Checker] . (.No owner - FB Checker.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKCU\..\Run: [DriverMax] Chave orfã
O4 - HKCU\..\Run: [DriverMax_RESTART] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Antirun] . (...) -- C:\Program Files (x86)\Antirun\antirun.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [FB Checker] . (.No owner - FB Checker.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [DriverMax] Chave orfã
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [DriverMax_RESTART] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\ptb.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 14 Legitimates Filtered in 00mn 02s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /K:D *) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen
[MD5.FC0FB4284EC757E9137181847ECF13F4] [APT] [DelayStart] (...) -- C:\Program Files\LG Software\LG Speed Manager\DelayStart.exe [33280]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [346]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [346]
O39 - APT: - (..) -- C:\Windows\Tasks\Health-Check-deep.job [348]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-deep [348]
O39 - APT: APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [346] - (..) -- C:\Windows\Tasks\Health-Check.job [340]
O39 - APT: APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [346] - (..) -- C:\Windows\System32\Tasks\Health-Check [340]
O39 - APT: - (..) -- C:\Windows\Tasks\NeoSetup Updater.job [340]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\NeoSetup Updater [340]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: DDReader+ (desinstalar e apagar configurações) - (...) [HKCU][64Bits] -- DDReaderSettings
O42 - Logiciel: DDReader+ (somente desinstalar programa) - (...) [HKCU][64Bits] -- DDReader
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\SysDispatch]
[HKCU\Software\aScRozvrhy]
[HKCU\Software\aSc]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\mdr]
~ Key Software: 298 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/01/2014 - 15:03:49 - [] ----D C:\Program Files (x86)\Correios
O43 - CFD: 15/01/2013 - 20:09:42 - [] ----D C:\Program Files (x86)\FastCopy
O43 - CFD: 15/01/2013 - 18:04:11 - [] ----D C:\Program Files (x86)\Houaiss3
O43 - CFD: 15/01/2013 - 12:09:47 - [] ----D C:\Program Files (x86)\lg_swupdate
O43 - CFD: 15/01/2013 - 22:15:04 - [0] ----D C:\Program Files (x86)\LHSP
O43 - CFD: 15/01/2013 - 20:19:45 - [] ----D C:\Program Files (x86)\MagicDVDRipper
O43 - CFD: 15/01/2013 - 20:25:51 - [] ----D C:\Program Files (x86)\MartView
O43 - CFD: 07/10/2013 - 18:07:00 - [] ----D C:\ProgramData\lg_swupdate
O43 - CFD: 17/03/2014 - 16:37:04 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\DDReader2
O43 - CFD: 07/10/2013 - 18:08:31 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\FastCopy
O43 - CFD: 23/03/2014 - 17:41:34 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Houaiss3
O43 - CFD: 25/02/2014 - 14:45:42 - [] ----D C:\Users\AUGUSTO\AppData\Local\DDReader
O43 - CFD: 17/02/2013 - 19:22:48 - [] ----D C:\Users\AUGUSTO\AppData\Local\Martview
O43 - CFD: 08/02/2014 - 14:53:27 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aSc Timetables
O43 - CFD: 25/02/2014 - 14:45:48 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DDReader+
~ Program Folder: 196 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 06/05/2014 - 15:21:12 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.1363812D50F19B484B6C42F64D2ACA2E] - 14/05/2014 - 14:06:01 ---A- . (...) -- C:\Windows\vbaddin.ini [39]
O44 - LFC:[MD5.13198D3D9D650241FEB363E1DF22C252] - 19/05/2014 - 13:32:13 ---A- . (...) -- C:\zoek-results2014-05-19-163213.log [27497]
O44 - LFC:[MD5.DEEB1394E9CDCA96018EB1C845A2B7C5] - 19/05/2014 - 13:42:16 ---A- . (...) -- C:\zoek-results2014-05-19-164216.log [17984]
O44 - LFC:[MD5.90F8586FA9344A820353D9F9F35ADF77] - 19/05/2014 - 13:59:01 ---A- . (...) -- C:\JavaRa.log [64505]
O44 - LFC:[MD5.DDD11D768F92694D43F15CB90E553C09] - 19/05/2014 - 14:03:43 ---A- . (...) -- C:\Windows\System32\unrar64.dll [257624]
O44 - LFC:[MD5.EEC93106C344DDB63AA25DF39AD32E91] - 19/05/2014 - 14:03:44 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [703488]
O44 - LFC:[MD5.660FDD9552EEDE77ADE9502F391CE310] - 19/05/2014 - 14:03:44 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [258560]
O44 - LFC:[MD5.7476F68F36F7C3B333D0F9B38C9DDB8E] - 19/05/2014 - 14:03:44 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll [3554304]
O44 - LFC:[MD5.EE6407670B4CA47CCC9AF5ED41A19150] - 19/05/2014 - 14:03:45 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [148992]
O44 - LFC:[MD5.BEEA4526B70A4E38A205DD7D0B440675] - 19/05/2014 - 14:03:46 ---A- . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll [127488]
O44 - LFC:[MD5.B2DB7793F5067B7ECFE71D7469852767] - 19/05/2014 - 14:16:29 ---A- . (...) -- C:\PureRa.txt [9818]
O44 - LFC:[MD5.B5D241DB06D41BEB561D90C735E427A5] - 19/05/2014 - 14:40:34 ---A- . (...) -- C:\zoek-results2014-05-19-174034.log [29028]
O44 - LFC:[MD5.22D29C6E6C982E892615D80862577B5F] - 19/05/2014 - 16:02:25 ---A- . (...) -- C:\zoek-results2014-05-19-190225.log [6978]
O44 - LFC:[MD5.DEDB5F9E28EE2C9363E83A2A94BA83B9] - 19/05/2014 - 16:16:52 ---A- . (...) -- C:\SystemLook.exe [139264]
O44 - LFC:[MD5.91649FA9CDB6710BBAD2C48BB0452F55] - 19/05/2014 - 16:18:25 ---A- . (...) -- C:\SystemLook.txt [4456]
O44 - LFC:[MD5.503BAEB005CA66816F7EE981E55B38BE] - 19/05/2014 - 16:45:59 ---A- . (...) -- C:\zoek-results2014-05-19-194559.log [1196]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19/05/2014 - 16:54:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2C71C046CEB813E1639F08A096D75E7C] - 19/05/2014 - 17:01:54 ---A- . (...) -- C:\files.txt [487]
O44 - LFC:[MD5.BC9E106DE70BC041927EC5E33A290641] - 19/05/2014 - 17:03:06 ---A- . (...) -- C:\zoek-results.log [37277]
O44 - LFC:[MD5.3FFACA0426EB33CFD2770204ADC4E881] - 19/05/2014 - 17:07:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147800]
O44 - LFC:[MD5.9ADA414D206BDCF9A8EF45C5F886DC8E] - 19/05/2014 - 17:07:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705960]
~ Files: 67 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:09/09/2013 - 09:27:22 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16640]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:12/05/2014 - 16:12:35 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 67 Legitimates Filtered in 00mn 20s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 87 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.PSafe - PSafeWeb.) -- C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Comodo - Comodo Dragon.) -- C:\Program Files (x86)\Comodo\Dragon\dragon.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.PSafe - PSafeWeb.) -- C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.PSafe - PSafeWeb.) -- C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.3CBA9C9F16249B545078D78A2DA3BD72] [SPRF][29/01/2014] (...) -- C:\Users\AUGUSTO\AppData\Roaming\unins000.dat [18339]
[MD5.BDF9F1AA46A2914A6B69039F204E0192] [SPRF][13/11/2013] (...) -- C:\Users\AUGUSTO\AppData\Roaming\unins001.dat [16207]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/2012] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\126876.msi [573440] =>Toolbar.DeltaSearch
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 26/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 01/01/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 29/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand 20/01/2012 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/04/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Demand 15/04/2011 4180824 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Auto 17/03/2011 1193040 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 04/05/2011 783704 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SR - | Demand 01/01/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 18/01/2012 2439272 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 12/05/2014 1064880 | (InnovativeSolutions_monitor) . (...) - C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
SR - | Auto 07/03/2012 629984 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 28/03/2012 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 28/03/2012 165144 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 28/03/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 19/05/2009 110592 | (uCamMonitor) . (.ArcSoft, Inc..) - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
SR - | Auto 28/03/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\Installer\126876.msi =>Toolbar.DeltaSearch^
~ Additionnel Scan: 299130 Items scanned in 00mn 22s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ClaroSearch
~ MSI: 4 link(s) detected in 00mn 00s
~ 901 Legitimates filtered by white list
End of the scan (505 lines in 01mn 18s)(0)
~ Iniciado por AUGUSTO (19/05/2014 17:19:38)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Blog de análise de software : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v34.0.1847.137 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Microsoft Security Client v4.5.0216.0
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.06
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Java 7 Update 25
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 6043 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 566 GB (82%) free of 688 GB
---\\ Modo de conexão ao sistema
~ Computer Name: AUGUSTO-PC
~ User Name: AUGUSTO
~ All Users Names: Convidado, AUGUSTO, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\AUGUSTO\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\AUGUSTO\AppData\Roaming\
~ %Desktop% : C:\Users\AUGUSTO\Desktop\
~ %Favorites% : C:\Users\AUGUSTO\Favorites\
~ %LocalAppData% : C:\Users\AUGUSTO\AppData\Local\
~ %StartMenu% : C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 566 Go of 688 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1351
~ Mes musiques (My Musics) : 1/6021
~ Mes Videos (My Videos) : 1/10331
~ Mes Favoris (My Favorites) : 1/230
~ Mes Documents (My Documents) : 1/157
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.6143D3A50EB088AFA5C901D17ADBF85A] - (.Innovative Solutions - Innovative Auto Stp.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\innostp.exe [1039824] [PID.2628]
[MD5.6BA8D86746935498D64CB5CF6286F2EB] - (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608] [PID.4012]
[MD5.932985C87544E035AD5136E337F77278] - (...) -- C:\Program Files (x86)\Antirun\antirun.exe [649216] [PID.4048]
[MD5.F505FED2BE73AD26D2941A0CBCEF2DB5] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128] [PID.3384]
[MD5.B393D99763E79F71E732BD19EB272F28] - (.Motorola Solutions, Inc. - Bluetooth Media Player Controller.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe [1832016] [PID.2832]
[MD5.CD7311264BF0653FF34754D93A3A3806] - (.PSafe - PSafeWeb.) -- C:\Users\AUGUSTO\AppData\Local\360Chrome\Chrome\Application\psafeweb.exe [2042568] [PID.3888]
[MD5.44784D4AC3DA254F54BFD2249AD2D2EB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7876096] [PID.3972]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.1012]
[MD5.EAC2FBBA92E0CD5C74EDF77AD4E201B2] - (...) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232] [PID.1828]
[MD5.D4A7FACFDF041069531DC0185879ECF6] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host In.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165144] [PID.2044]
[MD5.BD92C70F1914C57022407F359FDFF59F] - (.ArcSoft, Inc. - MgiSvr.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [110592] [PID.1168]
[MD5.C2535C4DE2FDE23B8AEF917BAF42909B] - (...) -- C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe [1064880] [PID.3140]
[MD5.BE421E3E33EE3BD63F0AA99E28CFE258] - (...) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280] [PID.348]
[MD5.EE41A1785162D3C1DB7A574D9BC2019D] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [277784] [PID.3836]
[MD5.507E96F4BF60BBFBC7FFDC6E2F4A01C9] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [363800] [PID.2552]
~ Processes Running: Scanned in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@videolan.org/vlc,version=2.0.7] - (...) -- C:\Program Files\VideoLAN\VLC\npvlc.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\AUGUSTO\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:newtab
~ IE Browser: 23 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: (no name) [64Bits] - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} Chave orfã
~ BHO: 8 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: WOT - [HKLM]{71576546-354D-41c9-AAE8-31F2EC22BF0D} . (...) -- C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{71576546-354D-41C9-AAE8-31F2EC22BF0D} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKCU\..\Run: [FB Checker] . (.No owner - FB Checker.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKCU\..\Run: [DriverMax] Chave orfã
O4 - HKCU\..\Run: [DriverMax_RESTART] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [USB3MON] . (.Intel Corporation - Intel(R) USB 3.0 Monitor.) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
O4 - HKLM\..\Wow6432Node\Run: [Antirun] . (...) -- C:\Program Files (x86)\Antirun\antirun.exe
O4 - HKLM\..\Wow6432Node\Run: [AMD AVT] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\System32\Cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [FB Checker] . (.No owner - FB Checker.) -- C:\Program Files (x86)\Innovative Solutions\FB Checker\fbchecker.exe
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [DriverMax] Chave orfã
O4 - HKUS\S-1-5-21-3017986429-1126910041-354602710-1000\..\Run: [DriverMax_RESTART] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\ptb.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CCS\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CS1\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{7CB9497F-A5A9-4CE6-9F24-435B7E27AF18}: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpNameServer = 192.168.1.254 200.222.0.34 200.222.0.35
O17 - HKLM\System\CS2\Services\Tcpip\..\{F6521AC1-BAA2-49FD-90E0-C0D748EBFB8D}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.36.192.23 187.36.192.18 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wot [64Bits] - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} . (...) -- C:\Program Files\WOT\WOT.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 14 Legitimates Filtered in 00mn 02s
---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /K:D *) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.07605ABEB10FC533881C91F19DECF69A] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [1923584] =>Trojan.Keygen
[MD5.FC0FB4284EC757E9137181847ECF13F4] [APT] [DelayStart] (...) -- C:\Program Files\LG Software\LG Speed Manager\DelayStart.exe [33280]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [346]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [346]
O39 - APT: - (..) -- C:\Windows\Tasks\Health-Check-deep.job [348]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-deep [348]
O39 - APT: APT: - (..) -- C:\Windows\Tasks\Health-Check-auto.job [346] - (..) -- C:\Windows\Tasks\Health-Check.job [340]
O39 - APT: APT: - (..) -- C:\Windows\System32\Tasks\Health-Check-auto [346] - (..) -- C:\Windows\System32\Tasks\Health-Check [340]
O39 - APT: - (..) -- C:\Windows\Tasks\NeoSetup Updater.job [340]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\NeoSetup Updater [340]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 02s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
~ Drivers: 66 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: DDReader+ (desinstalar e apagar configurações) - (...) [HKCU][64Bits] -- DDReaderSettings
O42 - Logiciel: DDReader+ (somente desinstalar programa) - (...) [HKCU][64Bits] -- DDReader
~ Logic: 25 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\SysDispatch]
[HKCU\Software\aScRozvrhy]
[HKCU\Software\aSc]
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\mdr]
~ Key Software: 298 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/01/2014 - 15:03:49 - [] ----D C:\Program Files (x86)\Correios
O43 - CFD: 15/01/2013 - 20:09:42 - [] ----D C:\Program Files (x86)\FastCopy
O43 - CFD: 15/01/2013 - 18:04:11 - [] ----D C:\Program Files (x86)\Houaiss3
O43 - CFD: 15/01/2013 - 12:09:47 - [] ----D C:\Program Files (x86)\lg_swupdate
O43 - CFD: 15/01/2013 - 22:15:04 - [0] ----D C:\Program Files (x86)\LHSP
O43 - CFD: 15/01/2013 - 20:19:45 - [] ----D C:\Program Files (x86)\MagicDVDRipper
O43 - CFD: 15/01/2013 - 20:25:51 - [] ----D C:\Program Files (x86)\MartView
O43 - CFD: 07/10/2013 - 18:07:00 - [] ----D C:\ProgramData\lg_swupdate
O43 - CFD: 17/03/2014 - 16:37:04 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\DDReader2
O43 - CFD: 07/10/2013 - 18:08:31 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\FastCopy
O43 - CFD: 23/03/2014 - 17:41:34 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Houaiss3
O43 - CFD: 25/02/2014 - 14:45:42 - [] ----D C:\Users\AUGUSTO\AppData\Local\DDReader
O43 - CFD: 17/02/2013 - 19:22:48 - [] ----D C:\Users\AUGUSTO\AppData\Local\Martview
O43 - CFD: 08/02/2014 - 14:53:27 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\aSc Timetables
O43 - CFD: 25/02/2014 - 14:45:48 - [] ----D C:\Users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DDReader+
~ Program Folder: 196 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 06/05/2014 - 15:21:12 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.1363812D50F19B484B6C42F64D2ACA2E] - 14/05/2014 - 14:06:01 ---A- . (...) -- C:\Windows\vbaddin.ini [39]
O44 - LFC:[MD5.13198D3D9D650241FEB363E1DF22C252] - 19/05/2014 - 13:32:13 ---A- . (...) -- C:\zoek-results2014-05-19-163213.log [27497]
O44 - LFC:[MD5.DEEB1394E9CDCA96018EB1C845A2B7C5] - 19/05/2014 - 13:42:16 ---A- . (...) -- C:\zoek-results2014-05-19-164216.log [17984]
O44 - LFC:[MD5.90F8586FA9344A820353D9F9F35ADF77] - 19/05/2014 - 13:59:01 ---A- . (...) -- C:\JavaRa.log [64505]
O44 - LFC:[MD5.DDD11D768F92694D43F15CB90E553C09] - 19/05/2014 - 14:03:43 ---A- . (...) -- C:\Windows\System32\unrar64.dll [257624]
O44 - LFC:[MD5.EEC93106C344DDB63AA25DF39AD32E91] - 19/05/2014 - 14:03:44 ---A- . (...) -- C:\Windows\System32\xvidcore.dll [703488]
O44 - LFC:[MD5.660FDD9552EEDE77ADE9502F391CE310] - 19/05/2014 - 14:03:44 ---A- . (...) -- C:\Windows\System32\xvidvfw.dll [258560]
O44 - LFC:[MD5.7476F68F36F7C3B333D0F9B38C9DDB8E] - 19/05/2014 - 14:03:44 ---A- . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll [3554304]
O44 - LFC:[MD5.EE6407670B4CA47CCC9AF5ED41A19150] - 19/05/2014 - 14:03:45 ---A- . (.No owner - Lagarith.) -- C:\Windows\System32\lagarith.dll [148992]
O44 - LFC:[MD5.BEEA4526B70A4E38A205DD7D0B440675] - 19/05/2014 - 14:03:46 ---A- . (.No owner - ffdshow VFW.) -- C:\Windows\System32\ff_vfw.dll [127488]
O44 - LFC:[MD5.B2DB7793F5067B7ECFE71D7469852767] - 19/05/2014 - 14:16:29 ---A- . (...) -- C:\PureRa.txt [9818]
O44 - LFC:[MD5.B5D241DB06D41BEB561D90C735E427A5] - 19/05/2014 - 14:40:34 ---A- . (...) -- C:\zoek-results2014-05-19-174034.log [29028]
O44 - LFC:[MD5.22D29C6E6C982E892615D80862577B5F] - 19/05/2014 - 16:02:25 ---A- . (...) -- C:\zoek-results2014-05-19-190225.log [6978]
O44 - LFC:[MD5.DEDB5F9E28EE2C9363E83A2A94BA83B9] - 19/05/2014 - 16:16:52 ---A- . (...) -- C:\SystemLook.exe [139264]
O44 - LFC:[MD5.91649FA9CDB6710BBAD2C48BB0452F55] - 19/05/2014 - 16:18:25 ---A- . (...) -- C:\SystemLook.txt [4456]
O44 - LFC:[MD5.503BAEB005CA66816F7EE981E55B38BE] - 19/05/2014 - 16:45:59 ---A- . (...) -- C:\zoek-results2014-05-19-194559.log [1196]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 19/05/2014 - 16:54:04 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2C71C046CEB813E1639F08A096D75E7C] - 19/05/2014 - 17:01:54 ---A- . (...) -- C:\files.txt [487]
O44 - LFC:[MD5.BC9E106DE70BC041927EC5E33A290641] - 19/05/2014 - 17:03:06 ---A- . (...) -- C:\zoek-results.log [37277]
O44 - LFC:[MD5.3FFACA0426EB33CFD2770204ADC4E881] - 19/05/2014 - 17:07:33 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147800]
O44 - LFC:[MD5.9ADA414D206BDCF9A8EF45C5F886DC8E] - 19/05/2014 - 17:07:33 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705960]
~ Files: 67 Legitimates Filtered in 00mn 02s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Pesquisa de infeções nos drivers (HKLM)(TDSD) (O52)
O52 - TDSD: \Drivers32\"VIDC.X264"="x264vfw64.dll" . (.x264vfw project - x264vfw - H.264/MPEG-4 AVC codec.) -- C:\Windows\System32\x264vfw64.dll
~ TDSD: 12 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:09/09/2013 - 09:27:22 ---A- . (.Windows (R) Win 7 DDK provider - GridinSoft Trojan Killer Mini-Filter Driver.) -- C:\Windows\System32\Drivers\gtkdrv.sys [16640]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:12/05/2014 - 16:12:35 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 67 Legitimates Filtered in 00mn 20s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 87 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCR] {afdbddaa-5d3f-42ee-b79c-185a7020515b} - (Web Search) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.3CBA9C9F16249B545078D78A2DA3BD72] [SPRF][29/01/2014] (...) -- C:\Users\AUGUSTO\AppData\Roaming\unins000.dat [18339]
[MD5.BDF9F1AA46A2914A6B69039F204E0192] [SPRF][13/11/2013] (...) -- C:\Users\AUGUSTO\AppData\Roaming\unins001.dat [16207]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.35C918348CBB0877BCD5A3CF24C13761] [WIS][25/11/2012] (.DeltaInstaller - Delta Chrome Toolbar.) -- C:\Windows\Installer\126876.msi [573440] =>Toolbar.DeltaSearch
~ WIS: 1 Legitimates Filtered in 00mn 03s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 26/03/2012 276248 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 01/01/2011 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 29/01/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 29/01/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 18/07/2013 762192 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe
SS - | Demand 20/01/2012 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Demand 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 18/04/2012 235520 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Demand 15/04/2011 4180824 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Auto 17/03/2011 1193040 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 04/05/2011 783704 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 23/04/2014 2135232 | (DragonUpdater) . (...) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
SR - | Demand 01/01/2011 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 18/01/2012 2439272 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Demand 12/05/2014 1064880 | (InnovativeSolutions_monitor) . (...) - C:\Program Files (x86)\Common Files\Innovative Solutions\Advanced Uninstaller\InnovativeSolutions_monitor_Svr.exe
SR - | Auto 07/03/2012 629984 | (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 28/03/2012 128280 | (Intel(R) ME Service) . (...) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 28/03/2012 165144 | (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 28/03/2012 277784 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 11/03/2014 23808 | (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 19/05/2009 110592 | (uCamMonitor) . (.ArcSoft, Inc..) - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
SR - | Auto 28/03/2012 363800 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s
---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77] =>PUP.ClaroSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484] =>PUP.ClaroSearch
[HKLM\Software\Wow6432Node\360Safe] =>Trojan.Lozavita
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\Installer\126876.msi =>Toolbar.DeltaSearch^
~ Additionnel Scan: 299130 Items scanned in 00mn 22s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Lozavita
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.CertifiedToolbar
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.DeltaSearch
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.ClaroSearch
~ MSI: 4 link(s) detected in 00mn 00s
~ 901 Legitimates filtered by white list
End of the scan (505 lines in 01mn 18s)(0)
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Re: Problemas com Baidu - Notebook
por Power Max Seg 19 maio 2014, 17:41
Selecione e copie todo o texto destacado em vermelho que te passei._____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 19 maio 2014, 22:34, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 22:33
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by AUGUSTO at 19/05/2014 22:29:59
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}]
ELIMINÉ Driver Key: Bnbase
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {71576546-354D-41C9-AAE8-31F2EC22BF0D}
ELIMINÉ RunValue: DriverMax
ELIMINÉ RunValue: DriverMax_RESTART
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\users\augusto\appdata\local\360chrome\chrome\application\psafeweb.exe
ELIMINÉ: C:\Windows\Installer\126876.msi
ELIMINÉ Temporários windows (5) (38.735 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 19s
========== Caminho do ficheiro do relatório ==========
C:\Users\AUGUSTO\AppData\Roaming\ZHP\ZHPFix[R1].txt - 19/05/2014 22:30:03 [1840]
Fichier d'export Registre :
Run by AUGUSTO at 19/05/2014 22:29:59
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D}]
ELIMINÉ Driver Key: Bnbase
ELIMINÉ: HKLM\Software\Wow6432Node\360Safe
ELIMINÉ: SearchScopes :{afdbddaa-5d3f-42ee-b79c-185a7020515b}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5C8B5FB7CB5DD447A0BAAAF637FBD77
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF96568971BEAC14B8815883832BD484
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {71576546-354D-41C9-AAE8-31F2EC22BF0D}
ELIMINÉ RunValue: DriverMax
ELIMINÉ RunValue: DriverMax_RESTART
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINA REINICIAR: c:\users\augusto\appdata\local\360chrome\chrome\application\psafeweb.exe
ELIMINÉ: C:\Windows\Installer\126876.msi
ELIMINÉ Temporários windows (5) (38.735 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
6 : Chaves do Registo
9 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 19s
========== Caminho do ficheiro do relatório ==========
C:\Users\AUGUSTO\AppData\Roaming\ZHP\ZHPFix[R1].txt - 19/05/2014 22:30:03 [1840]
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Problemas com Baidu - Notebook
por Alfilosofia Seg 19 maio 2014, 22:42
Sim. No mesmo caminho do print que te mandei...
Alfilosofia- Membro
- Mensagens : 70
Reputação : 0
Data de inscrição : 16/05/2014
Página 1 de 2 • 1, 2
Tópicos semelhantes» Notebook com problemas
» Notebook lento e outros problemas
» Problemas em espelhar notebook na Smart TV via Wifi, não sai som
» Notebook após caso resolvido, mas com novos problemas
» Problemas com o Baidu.
» Notebook lento e outros problemas
» Problemas em espelhar notebook na Smart TV via Wifi, não sai som
» Notebook após caso resolvido, mas com novos problemas
» Problemas com o Baidu.
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|