Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Estou com problemas para remover o Baidu
3 participantes
Página 1 de 1
Estou com problemas para remover o Baidu
por Valdir junior Sáb 17 maio 2014, 01:13
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by valdir on 17/05/2014 at 1:04:37,72.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\valdir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17/05/2014 01:09:02 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus\web]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-01 04-06-52-0958-[12368].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-01 04-06-53-0008-[12371].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-04-01 04-06-58-0018-[12387].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\valdir\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 17/05/2014 at 1:11:23,73 ======================
Tool run by valdir on 17/05/2014 at 1:04:37,72.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\valdir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17/05/2014 01:09:02 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus\web]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-01 04-06-52-0958-[12368].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-01 04-06-53-0008-[12371].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-04-01 04-06-58-0018-[12387].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"DisplayName"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BAVSvc]
"Description"="Baidu Antivirus Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"DisplayName"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsSvc]
"Description"="Baidu Hips Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\valdir\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 17/05/2014 at 1:11:23,73 ======================
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Socorro, o BAIDU não sai
por Valdir junior Sáb 17 maio 2014, 08:37
Bom dia galera, já passei o adcleaner, o jrt, e o OLT, mas o bicho não sai.
Os logs afirmam que ele foi removido, mas o arquivo está lá na pasta, posso simplesmente marcar e deletar?
seguem os logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by valdir on 17/05/2014 at 2:39:16,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\baidu"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/05/2014 at 3:24:13,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 17/05/2014 02:38:03 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\valdir\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,73% Memory free
13,68 Gb Paging File | 12,45 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000d:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,47 Gb Free Space | 44,56% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 73,47 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Computer Name: VALDIR-PC | User Name: valdir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 180 Days
========== Processes (SafeList) ==========
PRC - [2014/05/16 23:27:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\valdir\Downloads\OTL.exe
PRC - [2014/05/13 14:39:37 | 000,494,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsav32.exe
PRC - [2014/05/12 23:02:06 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\ORSP Client\fsorsp.exe
PRC - [2014/05/12 22:06:27 | 001,078,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fssm32.exe
PRC - [2014/05/12 22:06:27 | 000,585,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\FSGK32.EXE
PRC - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2014/01/21 11:15:16 | 001,177,960 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/03 12:19:52 | 000,201,384 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSM32.EXE
PRC - [2012/04/03 12:19:52 | 000,189,096 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSMA32.EXE
PRC - [2012/04/03 12:19:52 | 000,090,792 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSHDLL32.EXE
PRC - [2012/04/03 12:19:08 | 000,221,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsgk32st.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/03 12:19:58 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSPC\fspcfsm.eng
MOD - [2012/04/03 12:19:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\strres.eng
MOD - [2012/04/03 12:19:18 | 000,553,640 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\gres.dll
MOD - [2012/04/03 12:19:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\flyerres.eng
MOD - [2012/04/03 12:19:16 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\fsavures.eng
MOD - [2012/04/03 12:19:14 | 000,443,048 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\about.dll
MOD - [2012/04/03 12:19:14 | 000,090,792 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\aboutres.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/15 09:04:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 23:02:06 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2014/05/12 17:58:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/03 12:19:52 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GVT\Protect\Common\FSMA32.EXE -- (FSMA)
SRV - [2012/04/03 12:19:32 | 000,847,016 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/04/03 12:19:08 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/14 02:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 02:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/12 22:09:07 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/01/21 11:14:50 | 000,034,624 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon)
DRV:64bit: - [2014/01/21 11:14:40 | 000,052,032 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter)
DRV:64bit: - [2014/01/21 07:01:36 | 000,128,992 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect)
DRV:64bit: - [2012/04/03 12:19:32 | 000,094,312 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012/04/03 12:19:30 | 000,046,664 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012/03/01 03:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 03:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/04 10:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/27 04:47:56 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/18 07:07:44 | 001,423,872 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA706_x64.sys -- (AVerA706_x64)
DRV:64bit: - [2009/07/21 04:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/12 22:06:39 | 000,202,176 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013/09/25 09:00:20 | 000,047,192 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\GbpKm.sys -- (GbpKm)
DRV - [2012/04/03 12:19:46 | 000,060,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GVT\Protect\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/04/03 12:19:08 | 000,016,880 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{1AF8BDC5-CDCA-B626-1C80-372C5CB3F294}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | M] (Conexant Systems, Inc.)
IE - HKCU\..\SearchScopes\{E5740C9C-CAE7-4838-9A9E-C30064F443A3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes\Web: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web"
FF - prefs.js..browser.search.selectedEngine: "Web"
FF - prefs.js..browser.startup.homepage: "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..extensions.enabledItems: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.796.11
FF - prefs.js..keyword.URL: "http://br.yhs4.search.yahoo.com/yhs/search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\valdir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\valdir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\GVT\Protect\NRS\litmus-ff@f-secure.com [2014/05/12 23:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/15 22:02:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014/05/07 22:59:52 | 000,000,000 | ---D | M]
[2013/03/12 21:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdir\AppData\Roaming\mozilla\Extensions
[2014/05/16 21:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions
[2014/03/24 17:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/03/27 21:58:14 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions\{D4C24D33-A12C-B239-72E6-32719329EC63}
[2014/03/09 10:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/05/12 17:58:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/07 22:59:52 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\VALDIR\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
========== Chrome ==========
CHR - homepage:
CHR - homepage:
O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~2\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehabn.dll (Banco Real)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\PROGRA~2\GbPlugin\gbiehscd.dll (Sicredi)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GVT\Protect\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (IHelper.Assistent) - {D679C0AF-F079-4F24-8953-82DECA3F2E94} - C:\Windows\SysWOW64\jbfh_plugin.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GVT\Protect\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GVT\Protect\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GVT\Protect\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB6094F-E551-46D7-B037-3441ADE6A26C}: DhcpNameServer = 192.168.25.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\PROGRA~2\GbPlugin\gbiehAbn.dll) - C:\PROGRA~2\GbPlugin\gbiehAbn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\PROGRA~2\GbPlugin\gbiehCef.dll) - C:\PROGRA~2\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginIsg: DllName - (C:\PROGRA~2\GbPlugin\gbiehIsg.dll) - C:\PROGRA~2\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)
O20 - Winlogon\Notify\ GbPluginScd: DllName - (C:\PROGRA~2\GbPlugin\gbiehScd.dll) - C:\PROGRA~2\GbPlugin\gbiehScd.dll (Sicredi)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\PROGRA~2\GbPlugin\gbiehUni.dll) - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRA~2\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\PROGRA~2\GbPlugin\gbiehabn.dll (Banco Real)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\PROGRA~2\GbPlugin\gbiehscd.dll (Sicredi)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 180 Days ==========
[2014/05/17 02:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/17 01:58:32 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\ElevatedDiagnostics
[2014/05/17 01:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/05/17 01:03:59 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/05/16 22:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/16 21:34:20 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/16 21:33:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/13 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/13 18:01:20 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/13 18:01:08 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/13 18:01:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/13 18:01:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/12 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protect Total
[2014/05/12 21:59:58 | 000,046,664 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys
[2014/05/12 21:59:54 | 000,094,312 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsdfw.sys
[2014/05/12 21:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GVT
[2014/05/12 21:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2014/05/12 21:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2014/05/09 15:55:16 | 000,043,520 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/05/09 15:55:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2014/04/29 22:01:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/24 07:39:23 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Visan
[2014/04/24 07:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/04/09 19:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
[2014/04/09 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Programas RFB
[2014/04/01 01:40:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/01 01:29:03 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\AVG2014
[2014/04/01 01:26:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/04/01 01:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/31 18:52:32 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/31 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\Avg2014
[2014/03/25 21:41:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2014/03/25 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
[2014/03/25 21:41:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2014/03/12 08:26:12 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\EncryptStick
[2014/03/09 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/03/05 10:44:50 | 000,000,000 | ---D | C] -- C:\Windows\qqsupdate
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\QQSNPlayer
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QQS
[2014/03/05 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QQS
[2014/02/02 17:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
[2014/02/02 17:33:52 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2014/02/02 17:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2014/02/02 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/02/02 14:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DigiDesign
[2014/02/02 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2014/02/02 14:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2014/02/02 14:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
[2014/02/02 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\valdir\Downloads
[2014/02/02 14:18:03 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\CrashRpt
[2014/01/15 21:42:40 | 000,608,032 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2014/01/15 02:15:14 | 000,167,784 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
[2014/01/06 19:43:34 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\Musica
[2014/01/06 09:06:29 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\MusicNet
[2014/01/06 09:06:22 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\My Received Files
[2014/01/06 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Log
[2014/01/06 08:56:52 | 000,128,992 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bprotect.sys
[2014/01/06 08:56:50 | 000,034,624 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfmon.sys
[2014/01/06 08:56:47 | 000,052,032 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfilter.sys
[2014/01/06 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security
[2014/01/03 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\Macromedia
[2013/12/25 16:18:33 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\GoPro
[2013/12/25 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/12/25 10:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/12/25 10:22:19 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\GoPro
[2013/12/25 10:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm
[2013/12/25 10:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/12/25 09:39:35 | 000,000,000 | ---D | C] -- D:\Users\valdir\Desktop\Natal
[2013/12/25 09:37:48 | 000,000,000 | ---D | C] -- D:\Users\valdir\Desktop\Formatura
[2013/12/04 22:30:32 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\Recibos on-line
[2013/11/21 16:35:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 180 Days ==========
[2014/05/17 02:24:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 02:24:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 02:22:02 | 001,547,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 02:22:02 | 000,673,976 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2014/05/17 02:22:02 | 000,626,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 02:22:02 | 000,132,322 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2014/05/17 02:22:02 | 000,110,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 02:17:26 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2014/05/17 02:17:26 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2014/05/17 02:17:26 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2014/05/17 02:17:26 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2014/05/17 02:17:26 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer
[2014/05/17 02:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/17 02:17:15 | 000,446,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/17 02:16:11 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/17 02:04:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/16 23:28:03 | 000,001,387 | ---- | M] () -- D:\Users\valdir\Desktop\OTL.exe - Atalho.lnk
[2014/05/16 23:25:43 | 000,001,514 | ---- | M] () -- D:\Users\valdir\Desktop\adwcleaner_3.208.exe - Atalho.lnk
[2014/05/16 23:25:32 | 000,001,387 | ---- | M] () -- D:\Users\valdir\Desktop\JRT.exe - Atalho.lnk
[2014/05/16 19:16:02 | 008,804,731 | ---- | M] () -- C:\Users\Public\Desktop\fsdiag.tar.gz
[2014/05/15 09:04:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/15 09:04:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 18:01:02 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/13 18:01:00 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/13 18:01:00 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/13 18:00:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/12 22:09:07 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/05/12 22:03:22 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Protect Total.lnk
[2014/05/12 22:00:00 | 001,559,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/08 02:40:47 | 000,043,520 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/04/26 16:02:37 | 000,000,995 | ---- | M] () -- D:\Users\valdir\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
[2014/04/24 07:33:10 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/04/23 21:56:40 | 001,182,780 | ---- | M] () -- D:\Users\valdir\Desktop\obraspublicas.PDF
[2014/04/15 22:55:25 | 000,005,340 | ---- | M] () -- D:\Users\valdir\Documents\rela engenharia.odt
[2014/04/09 19:55:52 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Receitanet 1.04 .lnk
[2014/04/09 19:55:39 | 000,000,176 | ---- | M] () -- C:\Windows\REC-NET.INI
[2014/03/31 18:38:04 | 000,000,123 | ---- | M] () -- C:\Users\valdir\AppData\Roaming\WB.CFG
[2014/03/28 20:19:32 | 000,008,976 | ---- | M] () -- D:\Users\valdir\Desktop\comprovntederendimentos.pdf
[2014/03/25 21:41:30 | 000,001,622 | ---- | M] () -- D:\Users\valdir\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2014/03/09 10:24:57 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/13 17:15:31 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/02 17:42:47 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\config.ini
[2014/02/02 17:33:03 | 000,460,999 | ---- | M] () -- D:\Users\valdir\Desktop\ASIO4ALL_2_10_Portuguese.exe
[2014/02/02 14:39:17 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 14:12:35 | 203,840,835 | ---- | M] () -- D:\Users\valdir\Desktop\AmpliTube_3_3.0.2.zip
[2014/01/31 22:53:02 | 000,247,439 | ---- | M] () -- D:\Users\valdir\Documents\Sem Título.wma
[2014/01/31 22:52:42 | 002,330,799 | ---- | M] () -- D:\Users\valdir\Documents\Steste som.wma
[2014/01/21 11:14:50 | 000,034,624 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfmon.sys
[2014/01/21 11:14:40 | 000,052,032 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfilter.sys
[2014/01/21 07:01:36 | 000,128,992 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bprotect.sys
[2014/01/15 21:42:40 | 000,608,032 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2014/01/15 02:15:14 | 000,167,784 | ---- | M] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
========== Files Created - No Company Name ==========
[2014/05/17 02:17:06 | 000,446,096 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/17 01:49:21 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/05/16 23:28:03 | 000,001,387 | ---- | C] () -- D:\Users\valdir\Desktop\OTL.exe - Atalho.lnk
[2014/05/16 23:25:43 | 000,001,514 | ---- | C] () -- D:\Users\valdir\Desktop\adwcleaner_3.208.exe - Atalho.lnk
[2014/05/16 23:25:32 | 000,001,387 | ---- | C] () -- D:\Users\valdir\Desktop\JRT.exe - Atalho.lnk
[2014/05/16 19:16:02 | 008,804,731 | ---- | C] () -- C:\Users\Public\Desktop\fsdiag.tar.gz
[2014/05/12 22:09:07 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/05/12 22:03:22 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Protect Total.lnk
[2014/04/24 07:33:15 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/04/23 21:56:39 | 001,182,780 | ---- | C] () -- D:\Users\valdir\Desktop\obraspublicas.PDF
[2014/04/15 22:55:20 | 000,005,340 | ---- | C] () -- D:\Users\valdir\Documents\rela engenharia.odt
[2014/04/09 19:55:52 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Receitanet 1.04 .lnk
[2014/04/09 19:55:39 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2014/03/28 20:19:31 | 000,008,976 | ---- | C] () -- D:\Users\valdir\Desktop\comprovntederendimentos.pdf
[2014/03/25 21:41:30 | 000,001,622 | ---- | C] () -- D:\Users\valdir\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2014/03/09 10:24:57 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/09 10:24:57 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/02 17:33:52 | 000,000,995 | ---- | C] () -- D:\Users\valdir\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
[2014/02/02 17:33:03 | 000,460,999 | ---- | C] () -- D:\Users\valdir\Desktop\ASIO4ALL_2_10_Portuguese.exe
[2014/02/02 14:39:17 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 14:32:20 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmpliTube 3.lnk
[2014/02/02 14:12:35 | 203,840,835 | ---- | C] () -- D:\Users\valdir\Desktop\AmpliTube_3_3.0.2.zip
[2014/01/31 22:52:42 | 002,330,799 | ---- | C] () -- D:\Users\valdir\Documents\Steste som.wma
[2014/01/31 22:29:59 | 000,247,439 | ---- | C] () -- D:\Users\valdir\Documents\Sem Título.wma
[2014/01/06 08:56:46 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2014/01/03 08:30:45 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/19 18:38:01 | 000,000,123 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\WB.CFG
[2013/11/07 19:06:34 | 000,720,082 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\unins000.exe
[2013/09/03 22:39:25 | 000,032,865 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\unins000.dat
[2013/06/22 17:24:40 | 000,000,027 | ---- | C] () -- C:\ProgramData\SDGLYBMPWPP.SYS
[2013/01/19 07:58:07 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/11/08 08:40:16 | 000,000,083 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2012/09/22 00:34:01 | 000,000,002 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\idx
[2012/07/29 21:11:11 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\info.sys
[2012/07/11 09:00:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2012/07/07 09:50:40 | 000,007,597 | ---- | C] () -- C:\Users\valdir\AppData\Local\Resmon.ResmonCfg
[2012/04/12 17:07:36 | 000,001,692 | -H-- | C] () -- C:\Users\valdir\AppData\Roaming\config29029.dat
[2012/04/12 14:11:21 | 000,001,719 | -H-- | C] () -- C:\Users\valdir\AppData\Roaming\config8085.dat
[2012/04/01 09:54:10 | 000,031,744 | ---- | C] () -- C:\Users\valdir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/29 19:13:09 | 000,198,502 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_steal4.gif
[2012/03/27 01:41:40 | 000,198,495 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_steal3.gif
[2012/03/25 20:49:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\12naneejuniorKUTvaldirrsj@gmail.com
[2012/03/02 23:38:26 | 000,000,036 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\id
[2012/02/13 22:41:42 | 000,433,604 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_stdp1.gif
[2012/01/27 13:08:40 | 000,001,024 | ---- | C] () -- C:\Users\valdir\.rnd
========== ZeroAccess Check ==========
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/04/20 15:53:09 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\0B1T1L2V1T1J1L
[2012/03/18 15:35:44 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AnvSoft
[2014/01/31 22:24:26 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Audacity
[2013/02/04 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG
[2013/08/07 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG2013
[2014/04/01 01:29:03 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG2014
[2013/05/05 12:06:43 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Baidu Security
[2014/03/12 08:26:12 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\EncryptStick
[2012/05/16 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\EPSON
[2013/03/12 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Free Audio Editor
[2013/12/25 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\GoPro
[2014/01/06 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\MusicNet
[2012/11/08 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\PDFConverterPackages
[2013/05/30 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\QuickScan
[2013/01/22 03:36:25 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\TuneUp Software
[2013/02/28 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\uTorrent
[2014/04/24 07:39:23 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Visan
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/19 12:31:14 | 105,044,098 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ḼŸ
[2013/11/19 12:31:14 | 105,044,098 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ḼŸ
[2013/11/15 13:49:35 | 104,401,821 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\栥捛Ḽ•
[2013/11/15 13:49:35 | 104,401,821 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\栥捛Ḽ•
[2013/09/24 21:32:06 | 097,613,522 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\﮽㔛ḼŒ
[2013/09/24 15:32:30 | 097,613,522 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\﮽㔛ḼŒ
========== Alternate Data Streams ==========
@Alternate Data Stream - 416 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:054203E4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:51E9F892
< End of report >
Os logs afirmam que ele foi removido, mas o arquivo está lá na pasta, posso simplesmente marcar e deletar?
seguem os logs
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by valdir on 17/05/2014 at 2:39:16,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\baidu"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/05/2014 at 3:24:13,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 17/05/2014 02:38:03 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\valdir\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
1,97 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 59,73% Memory free
13,68 Gb Paging File | 12,45 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000d:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 43,47 Gb Free Space | 44,56% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 73,47 Gb Free Space | 36,66% Space Free | Partition Type: NTFS
Computer Name: VALDIR-PC | User Name: valdir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 180 Days
========== Processes (SafeList) ==========
PRC - [2014/05/16 23:27:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\valdir\Downloads\OTL.exe
PRC - [2014/05/13 14:39:37 | 000,494,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsav32.exe
PRC - [2014/05/12 23:02:06 | 000,060,352 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\ORSP Client\fsorsp.exe
PRC - [2014/05/12 22:06:27 | 001,078,312 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fssm32.exe
PRC - [2014/05/12 22:06:27 | 000,585,256 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\FSGK32.EXE
PRC - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) -- C:\PROGRA~2\GbPlugin\GbpSv.exe
PRC - [2014/01/21 11:15:16 | 001,177,960 | ---- | M] (Baidu, Inc.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
PRC - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/03 12:19:52 | 000,201,384 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSM32.EXE
PRC - [2012/04/03 12:19:52 | 000,189,096 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSMA32.EXE
PRC - [2012/04/03 12:19:52 | 000,090,792 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Common\FSHDLL32.EXE
PRC - [2012/04/03 12:19:08 | 000,221,864 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsgk32st.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/03 12:19:58 | 000,001,536 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSPC\fspcfsm.eng
MOD - [2012/04/03 12:19:20 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\strres.eng
MOD - [2012/04/03 12:19:18 | 000,553,640 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\gres.dll
MOD - [2012/04/03 12:19:16 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\flyerres.eng
MOD - [2012/04/03 12:19:16 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\fsavures.eng
MOD - [2012/04/03 12:19:14 | 000,443,048 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\about.dll
MOD - [2012/04/03 12:19:14 | 000,090,792 | ---- | M] () -- C:\Program Files (x86)\GVT\Protect\FSGUI\aboutres.dll
========== Services (SafeList) ==========
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/15 09:04:17 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 23:02:06 | 000,060,352 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2014/05/12 17:58:13 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/26 16:28:30 | 000,520,520 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\PROGRA~2\GbPlugin\GbpSv.exe -- (GbpSv)
SRV - [2013/12/21 03:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/03 12:19:52 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GVT\Protect\Common\FSMA32.EXE -- (FSMA)
SRV - [2012/04/03 12:19:32 | 000,847,016 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2012/04/03 12:19:08 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2010/09/21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/14 02:00:00 | 000,166,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV - [2009/09/14 02:00:00 | 000,128,512 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Arquivos de Programas\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/05/12 22:09:07 | 000,056,016 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fsbts.sys -- (fsbts)
DRV:64bit: - [2014/01/21 11:14:50 | 000,034,624 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfmon.sys -- (Bfmon)
DRV:64bit: - [2014/01/21 11:14:40 | 000,052,032 | ---- | M] (Baidu, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\Bfilter.sys -- (Bfilter)
DRV:64bit: - [2014/01/21 07:01:36 | 000,128,992 | ---- | M] (Baidu, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Bprotect.sys -- (Bprotect)
DRV:64bit: - [2012/04/03 12:19:32 | 000,094,312 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2012/04/03 12:19:30 | 000,046,664 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2012/03/01 03:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 03:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/04 10:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/11/27 04:47:56 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/11/18 07:07:44 | 001,423,872 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerA706_x64.sys -- (AVerA706_x64)
DRV:64bit: - [2009/07/21 04:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 18:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 18:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 18:01:11 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTBS26.SYS -- (SrvHsfPCI)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/12 22:06:39 | 000,202,176 | ---- | M] (F-Secure Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2013/09/25 09:00:20 | 000,047,192 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\GbpKm.sys -- (GbpKm)
DRV - [2012/04/03 12:19:46 | 000,060,040 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\GVT\Protect\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2012/04/03 12:19:08 | 000,016,880 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\GVT\Protect\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\..\SearchScopes\{1AF8BDC5-CDCA-B626-1C80-372C5CB3F294}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] | M] (Conexant Systems, Inc.)
IE - HKCU\..\SearchScopes\{E5740C9C-CAE7-4838-9A9E-C30064F443A3}: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\..\SearchScopes\Web: "URL" = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web"
FF - prefs.js..browser.search.selectedEngine: "Web"
FF - prefs.js..browser.startup.homepage: "http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.22
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..extensions.enabledItems: {b64982b1-d112-42b5-b1e4-d3867c4533f8}:2.3.796.11
FF - prefs.js..keyword.URL: "http://br.yhs4.search.yahoo.com/yhs/search"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\valdir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\valdir\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\GVT\Protect\NRS\litmus-ff@f-secure.com [2014/05/12 23:02:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/15 22:02:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014/05/07 22:59:52 | 000,000,000 | ---D | M]
[2013/03/12 21:19:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdir\AppData\Roaming\mozilla\Extensions
[2014/05/16 21:40:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions
[2014/03/24 17:42:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/03/27 21:58:14 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\valdir\AppData\Roaming\mozilla\Firefox\Profiles\bgpmrc4f.default\extensions\{D4C24D33-A12C-B239-72E6-32719329EC63}
[2014/03/09 10:24:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/05/12 17:58:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/07 22:59:52 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\VALDIR\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
========== Chrome ==========
CHR - homepage:
CHR - homepage:
O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de Programas\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de Programas\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRA~2\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\PROGRA~2\GbPlugin\gbiehabn.dll (Banco Real)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540011} - C:\PROGRA~2\GbPlugin\gbiehscd.dll (Sicredi)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\GVT\Protect\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O2 - BHO: (IHelper.Assistent) - {D679C0AF-F079-4F24-8953-82DECA3F2E94} - C:\Windows\SysWOW64\jbfh_plugin.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\GVT\Protect\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Baidu Antivirus] C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe (Baidu, Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\GVT\Protect\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\GVT\Protect\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Arquivos de Programas\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] * in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.25.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CB6094F-E551-46D7-B037-3441ADE6A26C}: DhcpNameServer = 192.168.25.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ GbPluginAbn: DllName - (C:\PROGRA~2\GbPlugin\gbiehAbn.dll) - C:\PROGRA~2\GbPlugin\gbiehAbn.dll (Banco Real)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginCef: DllName - (C:\PROGRA~2\GbPlugin\gbiehCef.dll) - C:\PROGRA~2\GbPlugin\gbiehCef.dll (Caixa Economica Federal)
O20 - Winlogon\Notify\ GbPluginIsg: DllName - (C:\PROGRA~2\GbPlugin\gbiehIsg.dll) - C:\PROGRA~2\GbPlugin\gbiehIsg.dll (Infoseg - Senasp)
O20 - Winlogon\Notify\ GbPluginScd: DllName - (C:\PROGRA~2\GbPlugin\gbiehScd.dll) - C:\PROGRA~2\GbPlugin\gbiehScd.dll (Sicredi)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\PROGRA~2\GbPlugin\gbiehUni.dll) - C:\PROGRA~2\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\PROGRA~2\GbPlugin\gbiehcef.dll (Caixa Economica Federal)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\PROGRA~2\GbPlugin\gbiehabn.dll (Banco Real)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~2\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399011} - C:\PROGRA~2\GbPlugin\gbiehscd.dll (Sicredi)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399015} - C:\PROGRA~2\GbPlugin\gbiehisg.dll (Infoseg - Senasp)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 180 Days ==========
[2014/05/17 02:05:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2014/05/17 01:58:32 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\ElevatedDiagnostics
[2014/05/17 01:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Baidu
[2014/05/17 01:03:59 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2014/05/16 22:00:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/16 21:34:20 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/16 21:33:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/13 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/05/13 18:01:20 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/13 18:01:08 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/13 18:01:08 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/13 18:01:08 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/12 22:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protect Total
[2014/05/12 21:59:58 | 000,046,664 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fses.sys
[2014/05/12 21:59:54 | 000,094,312 | ---- | C] (F-Secure Corporation) -- C:\Windows\SysNative\drivers\fsdfw.sys
[2014/05/12 21:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GVT
[2014/05/12 21:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2014/05/12 21:55:24 | 000,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2014/05/09 15:55:16 | 000,043,520 | ---- | C] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/05/09 15:55:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2014/04/29 22:01:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/24 07:39:23 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Visan
[2014/04/24 07:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2014/04/09 19:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB
[2014/04/09 19:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Programas RFB
[2014/04/01 01:40:22 | 000,000,000 | -HSD | C] -- C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
[2014/04/01 01:29:03 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\AVG2014
[2014/04/01 01:26:43 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/04/01 01:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
[2014/03/31 18:52:32 | 000,000,000 | ---D | C] -- C:\temp
[2014/03/31 18:51:07 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\Avg2014
[2014/03/25 21:41:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2014/03/25 21:41:27 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
[2014/03/25 21:41:26 | 000,000,000 | ---D | C] -- C:\Arquivos de Programas RFB
[2014/03/12 08:26:12 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\EncryptStick
[2014/03/09 10:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/03/05 10:44:50 | 000,000,000 | ---D | C] -- C:\Windows\qqsupdate
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\QQSNPlayer
[2014/03/05 10:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QQS
[2014/03/05 10:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QQS
[2014/02/02 17:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
[2014/02/02 17:33:52 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
[2014/02/02 17:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASIO4ALL v2
[2014/02/02 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2014/02/02 14:31:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DigiDesign
[2014/02/02 14:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2014/02/02 14:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
[2014/02/02 14:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IK Multimedia
[2014/02/02 14:22:31 | 000,000,000 | ---D | C] -- C:\Users\valdir\Downloads
[2014/02/02 14:18:03 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\CrashRpt
[2014/01/15 21:42:40 | 000,608,032 | ---- | C] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2014/01/15 02:15:14 | 000,167,784 | ---- | C] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
[2014/01/06 19:43:34 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\Musica
[2014/01/06 09:06:29 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\MusicNet
[2014/01/06 09:06:22 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\My Received Files
[2014/01/06 08:57:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Log
[2014/01/06 08:56:52 | 000,128,992 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bprotect.sys
[2014/01/06 08:56:50 | 000,034,624 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfmon.sys
[2014/01/06 08:56:47 | 000,052,032 | ---- | C] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfilter.sys
[2014/01/06 08:55:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Baidu Security
[2014/01/03 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\Macromedia
[2013/12/25 16:18:33 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Local\GoPro
[2013/12/25 10:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2013/12/25 10:27:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2013/12/25 10:22:19 | 000,000,000 | ---D | C] -- C:\Users\valdir\AppData\Roaming\GoPro
[2013/12/25 10:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CineForm
[2013/12/25 10:20:35 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013/12/25 09:39:35 | 000,000,000 | ---D | C] -- D:\Users\valdir\Desktop\Natal
[2013/12/25 09:37:48 | 000,000,000 | ---D | C] -- D:\Users\valdir\Desktop\Formatura
[2013/12/04 22:30:32 | 000,000,000 | ---D | C] -- D:\Users\valdir\Documents\Recibos on-line
[2013/11/21 16:35:22 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
========== Files - Modified Within 180 Days ==========
[2014/05/17 02:24:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 02:24:38 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/17 02:22:02 | 001,547,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/17 02:22:02 | 000,673,976 | ---- | M] () -- C:\Windows\SysNative\prfh0416.dat
[2014/05/17 02:22:02 | 000,626,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/17 02:22:02 | 000,132,322 | ---- | M] () -- C:\Windows\SysNative\prfc0416.dat
[2014/05/17 02:22:02 | 000,110,616 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/17 02:17:26 | 000,031,088 | ---- | M] (GbPlugin NDIS Device Driver) -- C:\Windows\SysWow64\drivers\gbpndisrd.sys
[2014/05/17 02:17:26 | 000,010,266 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.cat
[2014/05/17 02:17:26 | 000,003,641 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd.inf
[2014/05/17 02:17:26 | 000,001,814 | ---- | M] () -- C:\Windows\SysWow64\drivers\ndisrd_m.inf
[2014/05/17 02:17:26 | 000,001,402 | ---- | M] () -- C:\Windows\SysWow64\drivers\gas.cer
[2014/05/17 02:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/17 02:17:15 | 000,446,096 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/17 02:16:11 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/05/17 02:04:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/16 23:28:03 | 000,001,387 | ---- | M] () -- D:\Users\valdir\Desktop\OTL.exe - Atalho.lnk
[2014/05/16 23:25:43 | 000,001,514 | ---- | M] () -- D:\Users\valdir\Desktop\adwcleaner_3.208.exe - Atalho.lnk
[2014/05/16 23:25:32 | 000,001,387 | ---- | M] () -- D:\Users\valdir\Desktop\JRT.exe - Atalho.lnk
[2014/05/16 19:16:02 | 008,804,731 | ---- | M] () -- C:\Users\Public\Desktop\fsdiag.tar.gz
[2014/05/15 09:04:16 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/15 09:04:16 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/13 18:01:02 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014/05/13 18:01:00 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014/05/13 18:01:00 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014/05/13 18:00:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014/05/12 22:09:07 | 000,056,016 | ---- | M] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/05/12 22:03:22 | 000,002,224 | ---- | M] () -- C:\Users\Public\Desktop\Protect Total.lnk
[2014/05/12 22:00:00 | 001,559,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/08 02:40:47 | 000,043,520 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys
[2014/04/26 16:02:37 | 000,000,995 | ---- | M] () -- D:\Users\valdir\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
[2014/04/24 07:33:10 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2014/04/23 21:56:40 | 001,182,780 | ---- | M] () -- D:\Users\valdir\Desktop\obraspublicas.PDF
[2014/04/15 22:55:25 | 000,005,340 | ---- | M] () -- D:\Users\valdir\Documents\rela engenharia.odt
[2014/04/09 19:55:52 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Receitanet 1.04 .lnk
[2014/04/09 19:55:39 | 000,000,176 | ---- | M] () -- C:\Windows\REC-NET.INI
[2014/03/31 18:38:04 | 000,000,123 | ---- | M] () -- C:\Users\valdir\AppData\Roaming\WB.CFG
[2014/03/28 20:19:32 | 000,008,976 | ---- | M] () -- D:\Users\valdir\Desktop\comprovntederendimentos.pdf
[2014/03/25 21:41:30 | 000,001,622 | ---- | M] () -- D:\Users\valdir\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2014/03/09 10:24:57 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/13 17:15:31 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/02/02 17:42:47 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\config.ini
[2014/02/02 17:33:03 | 000,460,999 | ---- | M] () -- D:\Users\valdir\Desktop\ASIO4ALL_2_10_Portuguese.exe
[2014/02/02 14:39:17 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 14:12:35 | 203,840,835 | ---- | M] () -- D:\Users\valdir\Desktop\AmpliTube_3_3.0.2.zip
[2014/01/31 22:53:02 | 000,247,439 | ---- | M] () -- D:\Users\valdir\Documents\Sem Título.wma
[2014/01/31 22:52:42 | 002,330,799 | ---- | M] () -- D:\Users\valdir\Documents\Steste som.wma
[2014/01/21 11:14:50 | 000,034,624 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfmon.sys
[2014/01/21 11:14:40 | 000,052,032 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bfilter.sys
[2014/01/21 07:01:36 | 000,128,992 | ---- | M] (Baidu, Inc.) -- C:\Windows\SysNative\drivers\Bprotect.sys
[2014/01/15 21:42:40 | 000,608,032 | ---- | M] (McAfee, Inc.) -- C:\SecurityScanner.dll
[2014/01/15 02:15:14 | 000,167,784 | ---- | M] (Baidu, Inc.) -- C:\ProgramData\FileSplitUpLoad.dll
========== Files Created - No Company Name ==========
[2014/05/17 02:17:06 | 000,446,096 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/17 01:49:21 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/05/16 23:28:03 | 000,001,387 | ---- | C] () -- D:\Users\valdir\Desktop\OTL.exe - Atalho.lnk
[2014/05/16 23:25:43 | 000,001,514 | ---- | C] () -- D:\Users\valdir\Desktop\adwcleaner_3.208.exe - Atalho.lnk
[2014/05/16 23:25:32 | 000,001,387 | ---- | C] () -- D:\Users\valdir\Desktop\JRT.exe - Atalho.lnk
[2014/05/16 19:16:02 | 008,804,731 | ---- | C] () -- C:\Users\Public\Desktop\fsdiag.tar.gz
[2014/05/12 22:09:07 | 000,056,016 | ---- | C] () -- C:\Windows\SysNative\drivers\fsbts.sys
[2014/05/12 22:03:22 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Protect Total.lnk
[2014/04/24 07:33:15 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/04/23 21:56:39 | 001,182,780 | ---- | C] () -- D:\Users\valdir\Desktop\obraspublicas.PDF
[2014/04/15 22:55:20 | 000,005,340 | ---- | C] () -- D:\Users\valdir\Documents\rela engenharia.odt
[2014/04/09 19:55:52 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Receitanet 1.04 .lnk
[2014/04/09 19:55:39 | 000,000,176 | ---- | C] () -- C:\Windows\REC-NET.INI
[2014/03/28 20:19:31 | 000,008,976 | ---- | C] () -- D:\Users\valdir\Desktop\comprovntederendimentos.pdf
[2014/03/25 21:41:30 | 000,001,622 | ---- | C] () -- D:\Users\valdir\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk
[2014/03/09 10:24:57 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/03/09 10:24:57 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/02/02 17:33:52 | 000,000,995 | ---- | C] () -- D:\Users\valdir\Desktop\ASIO4ALL v2 - Manual de Instruções.lnk
[2014/02/02 17:33:03 | 000,460,999 | ---- | C] () -- D:\Users\valdir\Desktop\ASIO4ALL_2_10_Portuguese.exe
[2014/02/02 14:39:17 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2014/02/02 14:32:20 | 000,002,041 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AmpliTube 3.lnk
[2014/02/02 14:12:35 | 203,840,835 | ---- | C] () -- D:\Users\valdir\Desktop\AmpliTube_3_3.0.2.zip
[2014/01/31 22:52:42 | 002,330,799 | ---- | C] () -- D:\Users\valdir\Documents\Steste som.wma
[2014/01/31 22:29:59 | 000,247,439 | ---- | C] () -- D:\Users\valdir\Documents\Sem Título.wma
[2014/01/06 08:56:46 | 000,000,029 | ---- | C] () -- C:\Windows\SysWow64\config.ini
[2014/01/03 08:30:45 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/19 18:38:01 | 000,000,123 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\WB.CFG
[2013/11/07 19:06:34 | 000,720,082 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\unins000.exe
[2013/09/03 22:39:25 | 000,032,865 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\unins000.dat
[2013/06/22 17:24:40 | 000,000,027 | ---- | C] () -- C:\ProgramData\SDGLYBMPWPP.SYS
[2013/01/19 07:58:07 | 000,000,043 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/11/08 08:40:16 | 000,000,083 | ---- | C] () -- C:\Windows\winDecrypt.INI
[2012/09/22 00:34:01 | 000,000,002 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\idx
[2012/07/29 21:11:11 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\info.sys
[2012/07/11 09:00:19 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2012/07/07 09:50:40 | 000,007,597 | ---- | C] () -- C:\Users\valdir\AppData\Local\Resmon.ResmonCfg
[2012/04/12 17:07:36 | 000,001,692 | -H-- | C] () -- C:\Users\valdir\AppData\Roaming\config29029.dat
[2012/04/12 14:11:21 | 000,001,719 | -H-- | C] () -- C:\Users\valdir\AppData\Roaming\config8085.dat
[2012/04/01 09:54:10 | 000,031,744 | ---- | C] () -- C:\Users\valdir\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/29 19:13:09 | 000,198,502 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_steal4.gif
[2012/03/27 01:41:40 | 000,198,495 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_steal3.gif
[2012/03/25 20:49:24 | 000,000,000 | ---- | C] () -- C:\ProgramData\12naneejuniorKUTvaldirrsj@gmail.com
[2012/03/02 23:38:26 | 000,000,036 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\id
[2012/02/13 22:41:42 | 000,433,604 | ---- | C] () -- C:\Users\valdir\AppData\Roaming\m_stdp1.gif
[2012/01/27 13:08:40 | 000,001,024 | ---- | C] () -- C:\Users\valdir\.rnd
========== ZeroAccess Check ==========
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 02:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 01:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 22:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/04/20 15:53:09 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\0B1T1L2V1T1J1L
[2012/03/18 15:35:44 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AnvSoft
[2014/01/31 22:24:26 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Audacity
[2013/02/04 17:49:32 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG
[2013/08/07 22:51:26 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG2013
[2014/04/01 01:29:03 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\AVG2014
[2013/05/05 12:06:43 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Baidu Security
[2014/03/12 08:26:12 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\EncryptStick
[2012/05/16 23:26:12 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\EPSON
[2013/03/12 10:06:16 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Free Audio Editor
[2013/12/25 10:45:10 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\GoPro
[2014/01/06 09:06:29 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\MusicNet
[2012/11/08 09:58:55 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\PDFConverterPackages
[2013/05/30 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\QuickScan
[2013/01/22 03:36:25 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\TuneUp Software
[2013/02/28 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\uTorrent
[2014/04/24 07:39:23 | 000,000,000 | ---D | M] -- C:\Users\valdir\AppData\Roaming\Visan
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/19 12:31:14 | 105,044,098 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ḼŸ
[2013/11/19 12:31:14 | 105,044,098 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ḼŸ
[2013/11/15 13:49:35 | 104,401,821 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\栥捛Ḽ•
[2013/11/15 13:49:35 | 104,401,821 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\栥捛Ḽ•
[2013/09/24 21:32:06 | 097,613,522 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\﮽㔛ḼŒ
[2013/09/24 15:32:30 | 097,613,522 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\﮽㔛ḼŒ
========== Alternate Data Streams ==========
@Alternate Data Stream - 416 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:054203E4
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FB1B13D8
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:51E9F892
< End of report >
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
também passei o zoek
por Valdir junior Sáb 17 maio 2014, 08:58
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by valdir on 17/05/2014 at 8:45:03,80.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\valdir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-17-041123.log 14966 bytes
==== System Restore Info ======================
17/05/2014 08:51:47 Zoek.exe System Restore Point Created Succesfully.
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1390067357-484763869-1801674531-1003\Software\Baidu Security\Antivirus\web]
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-01 04-06-52-0958-[12368].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-01 04-06-53-0008-[12371].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-04-01 04-06-58-0018-[12387].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\valdir\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 17/05/2014 at 8:53:36,14 ======================
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Re: Estou com problemas para remover o Baidu
por Power Max Sáb 17 maio 2014, 09:25
Olá Valdir. Seja bem vindo ao Fórum PC Brasil.Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Passei o adcleaner
por Valdir junior Sáb 17 maio 2014, 10:39
VLW, passei o adcleaner e ele não visualizou a pasta do BAIDU executei a limpeza mesmo assim,
porém a pasta do baidu está lá e o CCleaner acusa o baidu
# AdwCleaner v3.208 - Relatório criado 17/05/2014 às 10:30:32
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[R1].txt - [1075 octets] - [16/05/2014 21:48:43]
AdwCleaner[R2].txt - [1196 octets] - [17/05/2014 00:37:48]
AdwCleaner[R3].txt - [1316 octets] - [17/05/2014 01:28:19]
AdwCleaner[R4].txt - [1437 octets] - [17/05/2014 02:38:21]
AdwCleaner[R5].txt - [1362 octets] - [17/05/2014 10:29:14]
AdwCleaner[S0].txt - [42528 octets] - [16/05/2014 21:39:35]
AdwCleaner[S1].txt - [1120 octets] - [16/05/2014 21:50:09]
AdwCleaner[S2].txt - [1241 octets] - [17/05/2014 00:38:33]
AdwCleaner[S3].txt - [1361 octets] - [17/05/2014 01:33:12]
AdwCleaner[S4].txt - [1269 octets] - [17/05/2014 10:30:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1329 octets] ##########
Esse é o relatório de log que fiz mais cedo, ele acusa que deletou a pasta mas ela está lá...
# AdwCleaner v3.208 - Relatório criado 17/05/2014 às 01:33:12
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
-\\ Google Chrome v
[ Arquivo : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[R1].txt - [1075 octets] - [16/05/2014 21:48:43]
AdwCleaner[R2].txt - [1196 octets] - [17/05/2014 00:37:48]
AdwCleaner[R3].txt - [1316 octets] - [17/05/2014 01:28:19]
AdwCleaner[S0].txt - [42528 octets] - [16/05/2014 21:39:35]
AdwCleaner[S1].txt - [1120 octets] - [16/05/2014 21:50:09]
AdwCleaner[S2].txt - [1241 octets] - [17/05/2014 00:38:33]
AdwCleaner[S3].txt - [1221 octets] - [17/05/2014 01:33:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1281 octets] ##########
porém a pasta do baidu está lá e o CCleaner acusa o baidu
# AdwCleaner v3.208 - Relatório criado 17/05/2014 às 10:30:32
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[R1].txt - [1075 octets] - [16/05/2014 21:48:43]
AdwCleaner[R2].txt - [1196 octets] - [17/05/2014 00:37:48]
AdwCleaner[R3].txt - [1316 octets] - [17/05/2014 01:28:19]
AdwCleaner[R4].txt - [1437 octets] - [17/05/2014 02:38:21]
AdwCleaner[R5].txt - [1362 octets] - [17/05/2014 10:29:14]
AdwCleaner[S0].txt - [42528 octets] - [16/05/2014 21:39:35]
AdwCleaner[S1].txt - [1120 octets] - [16/05/2014 21:50:09]
AdwCleaner[S2].txt - [1241 octets] - [17/05/2014 00:38:33]
AdwCleaner[S3].txt - [1361 octets] - [17/05/2014 01:33:12]
AdwCleaner[S4].txt - [1269 octets] - [17/05/2014 10:30:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1329 octets] ##########
Esse é o relatório de log que fiz mais cedo, ele acusa que deletou a pasta mas ela está lá...
# AdwCleaner v3.208 - Relatório criado 17/05/2014 às 01:33:12
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
-\\ Google Chrome v
[ Arquivo : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[R1].txt - [1075 octets] - [16/05/2014 21:48:43]
AdwCleaner[R2].txt - [1196 octets] - [17/05/2014 00:37:48]
AdwCleaner[R3].txt - [1316 octets] - [17/05/2014 01:28:19]
AdwCleaner[S0].txt - [42528 octets] - [16/05/2014 21:39:35]
AdwCleaner[S1].txt - [1120 octets] - [16/05/2014 21:50:09]
AdwCleaner[S2].txt - [1241 octets] - [17/05/2014 00:38:33]
AdwCleaner[S3].txt - [1221 octets] - [17/05/2014 01:33:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1281 octets] ##########
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Re: Estou com problemas para remover o Baidu
por Power Max Sáb 17 maio 2014, 10:41
Poste o relatório que está neste arquivo abaixo por gentileza:
C:\AdwCleaner\AdwCleaner[S0].txt
C:\AdwCleaner\AdwCleaner[S0].txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
AdwCleaner [S0]
por Valdir junior Sáb 17 maio 2014, 10:46
# AdwCleaner v3.208 - Relatório criado 16/05/2014 às 21:39:35
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : iSafeService
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DataMngr
Pasta Deletada : C:\ProgramData\DealPlyLive
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\wincert
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Betcat
Pasta Deletada : C:\Program Files (x86)\BrowserCompanion
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\DealPly
Pasta Deletada : C:\Program Files (x86)\DealPlyLive
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\Music Toolbar
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\WebCake
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\D'Accord_Music_Software_BR
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Users\valdir\AppData\Local\apn
Pasta Deletada : C:\Users\valdir\AppData\Local\Conduit
Pasta Deletada : C:\Users\valdir\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\valdir\AppData\Local\lollipop
Pasta Deletada : C:\Users\valdir\AppData\Local\PackageAware
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\bbrs_002.tb
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Funmoods
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Ironsource
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\D'Accord_Music_Software_BR
Pasta Deletada : C:\Users\valdir\AppData\Roaming\337Games
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\valdir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Betcat
Pasta Deletada : C:\Users\valdir\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Iminent
Pasta Deletada : C:\Users\valdir\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\valdir\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Web Cake
Pasta Deletada : C:\Users\valdir\AppData\Roaming\WebCake
Pasta Deletada : C:\Users\valdir\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\Extensions\quick_start@gmail.com
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Users\valdir\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\valdir\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\invalidprefs.js
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\user.js
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\System32\Tasks\RunAsStdUser
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKCU\Software\0c604f8212a3c41df1b32d80c297ae3e
Chave Deletedo : HKCU\Software\5353de8be738ba15
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3282722
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amplitube_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amplitube_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_amplitube_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_amplitube_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_asio4all_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_asio4all_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (1)_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (1)_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (2)_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (2)_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_guitar-guru_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_guitar-guru_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{570BB279-51F9-4984-B200-FFC9D8EB83EC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3383527A-F9E4-49BC-93F3-408FD3D80CAC}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{282B0E54-8981-49EB-9193-5910A1F6FD33}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\BrowserCompanion
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\Imesh
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\findlyrics
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BrowserCompanion
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\Funmoods
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\nationzoomSoftware
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\D'Accord_Music_Software_BR Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", "20");
Linha deletada : user_pref("extensions.BabylonToolbar.cntry", "BR");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dpkLst", "");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hdrMd5", "D1FD280235D775003821922B904A2F8A");
Linha deletada : user_pref("extensions.BabylonToolbar.id", "8e0bc4fd0000000000006c626df79dae");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15815");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.11.1015:40:17");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.pnu_uninst", "{\"newVrsn\":\"14\",\"lastVrsn\":\"14\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.sg", "tzb");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=8e0bc4fd0000000000006c626df79dae&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1015:40:17");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849&tt=180413_ctrl");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Linha deletada : user_pref("extentions.webcake.installId", "3cd71d56-3a1b-4b13-aaa1-ea939213cd99");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1376095570156");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1376094745386");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1376093422307");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1376093857365");
-\\ Google Chrome v
[ Arquivo : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : jmhhdaimhfblnamlcdijbaakkifakade
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[S0].txt - [42066 octets] - [16/05/2014 21:39:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42127 octets] ##########
# Atualizado 11/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (64 bits)
# Usuário : valdir - VALDIR-PC
# Executando de : D:\Users\valdir\Downloads\adwcleaner_3.208.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : iSafeService
Serviço Deletada : Wpm
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\DataMngr
Pasta Deletada : C:\ProgramData\DealPlyLive
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\Tarma Installer
Pasta Deletada : C:\ProgramData\wincert
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Pasta Deletada : C:\Program Files (x86)\Betcat
Pasta Deletada : C:\Program Files (x86)\BrowserCompanion
Pasta Deletada : C:\Program Files (x86)\Conduit
Pasta Deletada : C:\Program Files (x86)\DealPly
Pasta Deletada : C:\Program Files (x86)\DealPlyLive
Pasta Deletada : C:\Program Files (x86)\Desk 365
Pasta Deletada : C:\Program Files (x86)\Music Toolbar
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\WebCake
Pasta Deletada : C:\Program Files (x86)\WinZipper
Pasta Deletada : C:\Program Files (x86)\D'Accord_Music_Software_BR
Pasta Deletada : C:\Program Files (x86)\Common Files\337
Pasta Deletada : C:\Users\valdir\AppData\Local\apn
Pasta Deletada : C:\Users\valdir\AppData\Local\Conduit
Pasta Deletada : C:\Users\valdir\AppData\Local\DealPlyLive
Pasta Deletada : C:\Users\valdir\AppData\Local\lollipop
Pasta Deletada : C:\Users\valdir\AppData\Local\PackageAware
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\bbrs_002.tb
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Funmoods
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\Ironsource
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\valdir\AppData\LocalLow\D'Accord_Music_Software_BR
Pasta Deletada : C:\Users\valdir\AppData\Roaming\337Games
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\valdir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Betcat
Pasta Deletada : C:\Users\valdir\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Desk 365
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Funmoods
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Iminent
Pasta Deletada : C:\Users\valdir\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\valdir\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Web Cake
Pasta Deletada : C:\Users\valdir\AppData\Roaming\WebCake
Pasta Deletada : C:\Users\valdir\AppData\Roaming\WinZipper
Pasta Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\Extensions\quick_start@gmail.com
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Windows\SysWOW64\SecureAssist.dll
Arquivo Deletada : C:\Windows\System32\roboot64.exe
Arquivo Deletada : C:\Windows\System32\SecureAssist64.dll
Arquivo Deletada : C:\Users\valdir\AppData\Local\funmoods.crx
Arquivo Deletada : C:\Users\valdir\AppData\Local\funmoods-speeddial_sf.crx
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\invalidprefs.js
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\delta-homes.xml
Arquivo Deletada : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\user.js
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage
Arquivo Deletada : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods
Arquivo Deletada : C:\Windows\System32\Tasks\RunAsStdUser
***** [ Atalhos ] *****
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk
Atalho Desinfectada : C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registro ] *****
Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ejnmnhkgiphcaeefbaooconkceehicfi
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WebCakeIEClient.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Chave Deletedo : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData
Chave Deletedo : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO
Chave Deletedo : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FindLyrics_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup{2_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Chave Deletedo : HKCU\Software\0c604f8212a3c41df1b32d80c297ae3e
Chave Deletedo : HKCU\Software\5353de8be738ba15
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2851643
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT3282722
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amplitube_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_amplitube_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_amplitube_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_amplitube_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_asio4all_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_asio4all_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (1)_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (1)_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (2)_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory (2)_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_format-factory_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_guitar-guru_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_guitar-guru_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{282B0E54-8981-49EB-9193-5910A1F6FD33}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{570BB279-51F9-4984-B200-FFC9D8EB83EC}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3383527A-F9E4-49BC-93F3-408FD3D80CAC}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{282B0E54-8981-49EB-9193-5910A1F6FD33}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C6684BB3-D1CE-4C5E-BE04-62E5EC0D85AD}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Deletedo : HKCU\Software\Blabbers
Chave Deletedo : HKCU\Software\BrowserCompanion
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DealPlyLive
Chave Deletedo : HKCU\Software\Funmoods
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\Imesh
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKCU\Software\AppDataLow\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chave Deletedo : HKCU\Software\AppDataLow\Software\findlyrics
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\Rr Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKCU\Software\AppDataLow\Software\Supra Savings
Chave Deletedo : HKCU\Software\AppDataLow\Software\Toolbar
Chave Deletedo : HKCU\Software\AppDataLow\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKLM\Software\AVG Secure Search
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BrowserCompanion
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Desksvc
Chave Deletedo : HKLM\Software\Funmoods
Chave Deletedo : HKLM\Software\hdcode
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\nationzoomSoftware
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Uniblue
Chave Deletedo : HKLM\Software\D'Accord_Music_Software_BR
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrowserCompanion
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\D'Accord_Music_Software_BR Toolbar
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Tarma Installer
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16421
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
-\\ Mozilla Firefox v29.0.1 (pt-BR)
[ Arquivo : C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js ]
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.bbDpng", "20");
Linha deletada : user_pref("extensions.BabylonToolbar.cntry", "BR");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.dpkLst", "");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.BabylonToolbar.hdrMd5", "D1FD280235D775003821922B904A2F8A");
Linha deletada : user_pref("extensions.BabylonToolbar.id", "8e0bc4fd0000000000006c626df79dae");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15815");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.11.1015:40:17");
Linha deletada : user_pref("extensions.BabylonToolbar.newTab", false);
Linha deletada : user_pref("extensions.BabylonToolbar.pnu_uninst", "{\"newVrsn\":\"14\",\"lastVrsn\":\"14\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.rvrt", "false");
Linha deletada : user_pref("extensions.BabylonToolbar.sg", "tzb");
Linha deletada : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=8e0bc4fd0000000000006c626df79dae&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1015:40:17");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babExt", "");
Linha deletada : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849&tt=180413_ctrl");
Linha deletada : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Linha deletada : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Linha deletada : user_pref("extentions.webcake.installId", "3cd71d56-3a1b-4b13-aaa1-ea939213cd99");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.SOFTONICREFRESHRATE", "140000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1376095570156");
Linha deletada : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1376094745386");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.SOFTONICREFRESHRATE", "140000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1376093422307");
Linha deletada : user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent134", "1376093857365");
-\\ Google Chrome v
[ Arquivo : C:\Users\valdir\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Extension] : jmhhdaimhfblnamlcdijbaakkifakade
*************************
AdwCleaner[R0].txt - [46193 octets] - [16/05/2014 21:33:48]
AdwCleaner[S0].txt - [42066 octets] - [16/05/2014 21:39:35]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [42127 octets] ##########
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Re: Estou com problemas para remover o Baidu
por Power Max Sáb 17 maio 2014, 10:48
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Sáb 17 maio 2014, 20:50, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
zoek-results
por Valdir junior Sáb 17 maio 2014, 11:17
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by valdir on 17/05/2014 at 10:54:30,23.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\valdir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-17-041123.log 14966 bytes
C:\zoek-results2014-05-17-115336.log 11787 bytes
C:\zoek-results2014-05-17-130305.log 34460 bytes
==== System Restore Info ======================
17/05/2014 10:55:26 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.useDBForOrder", true);
Added to C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Folders Found ======================
2014-05-17 00:39:39 2014-05-17 00:39:39 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-05-05 15:12:03 2014-05-08 01:59:25 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-06 11:56:13 2014-05-17 05:15:00 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2013-05-05 15:12:17 2014-01-06 11:57:17 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 20:42:38 2014-03-09 12:48:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-05-05 15:12:17 2014-01-06 11:57:17 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-02 20:42:38 2014-03-09 12:48:09 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2014-01-06 11:55:55 2014-01-06 12:02:24 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2013-05-05 15:06:43 2013-05-05 15:06:43 -------- d-----w- C:\Users\valdir\AppData\Roaming\Baidu Security
2014-01-06 19:51:24 2014-01-06 19:51:24 -------- d-----w- C:\Users\valdir\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-01-06 19:51:24 2014-01-06 19:51:24 -------- d-----w- C:\Users\valdir\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-02-02 20:42:38
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
--- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-02-02 20:42:38
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
--- C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-05-17 00:22:51
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-01 04-06-52-0958-[12368].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-01 04-06-53-0008-[12371].tmp"=""
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-04-01 04-06-58-0018-[12387].tmp"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BavTray.exe\" -auto"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"="Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Bav.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"="\"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"="http://antivirus.baidu.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"="Baidu, Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"
[HKEY_USERS\.DEFAULT\Software\Baidu]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\valdir\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001
[HKEY_USERS\S-1-5-18\Software\Baidu]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"litmus-ff@f-secure.com"="C:\Program Files (x86)\GVT\Protect\NRS\litmus-ff@f-secure.com" [12/05/2014 23:02]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [07/05/2014 22:59]
==== Firefox Extensions ======================
ProfilePath: C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Ask New Tabs - %ProfilePath%\extensions\{D4C24D33-A12C-B239-72E6-32719329EC63}
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\valdir\AppData\Roaming\Mozilla\Firefox\Profiles\bgpmrc4f.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
4DC48F347E212C32BACCEC6FE3532300 - C:\Users\valdir\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=sol&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E5740C9C-CAE7-4838-9A9E-C30064F443A3} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
==== Reset Google Chrome ======================
Nothing found to reset
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\Compre suprimentos - HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\hpqDTSS.exe
C:\Users\Public\Desktop\CyberLink PowerDVD 9.lnk - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVDLaunchPolicy.exe
C:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPQuicker.exe
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe
C:\Users\Public\Desktop\Guia da Epson Stylus TX123_125.lnk - C:\Program Files (x86)\epson\guide\tx125_p\index.html
C:\Users\Public\Desktop\HP Deskjet 1000 J110 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 1000 J110 series\Bin\HP Deskjet 1000 J110 series.exe
C:\Users\Public\Desktop\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\Protect Total.lnk - C:\Program Files (x86)\GVT\Protect\FSGUI\fscuif.exe --trigger @Triggers\Windows:show_main_window --assign page 0
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\TuxGuitar.lnk - C:\Program Files (x86)\TuxGuitar\tuxguitar.exe
==== shortcuts in Users Start Menu ======================
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 - Desinstalar.lnk - C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\ASIO4ALL v2 - Manual de Instruções.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2\Web Site do ASIO4ALL.lnk - C:\Program Files (x86)\ASIO4ALL v2\ASIO4ALL Web Site.url
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protect Total\Ajuda.lnk - C:\Program Files (x86)\GVT\Protect\Localization\ptb\help\help.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protect Total\Ferramenta de suporte.lnk - C:\Program Files (x86)\GVT\Protect\FSGUI\FsDiagUi.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Protect Total\Protect Total.lnk - C:\Program Files (x86)\GVT\Protect\FSGUI\fscuif.exe --trigger @Triggers\Windows:show_main_window --assign page 0
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk - C:\Windows\Installer\{8DC42D05-680B-41B0-8878-6C14D24602DB}\QTPlayer.ico
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\valdir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\valdir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\valdir\AppData\Local\Mozilla\Firefox\Profiles\bgpmrc4f.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=29 folders=6 3665060 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\valdir\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\valdir\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\valdir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on 17/05/2014 at 11:13:50,06 ======================
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Alô Power Max!!!
por Valdir junior Sáb 17 maio 2014, 12:41
Blz, agradeço pela atenção. O meu caso é muito sério?
Enviei o relatório certo? Desde já obrigado!!!
Enviei o relatório certo? Desde já obrigado!!!
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Re: Estou com problemas para remover o Baidu
por Power Max Sáb 17 maio 2014, 13:21
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Sáb 17 maio 2014, 20:49, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Resolvido Vcs são D+!!! Muito obrigado!!!!
por Valdir junior Sáb 17 maio 2014, 20:44
Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by valdir on 17/05/2014 at 20:31:57,17.
Microsoft Windows 7 Ultimate 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\valdir\Downloads\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-05-17-041123.log 14966 bytes
C:\zoek-results2014-05-17-115336.log 11787 bytes
C:\zoek-results2014-05-17-130305.log 34460 bytes
C:\zoek-results2014-05-17-141350.log 29836 bytes
==== System Restore Info ======================
17/05/2014 20:33:37 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-01 04-06-52-0958-[12368].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-01 04-06-53-0008-[12371].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PcfTray-2014-04-01 04-06-58-0018-[12387].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu Antivirus"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"DisplayIcon"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"URLInfoAbout"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Baidu_Scan]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\Baidu_Scan]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\PC Faster\Setup]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\valdir\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-27752-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\042614-29109-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130430117807596408.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
==== Deleting Files \ Folders ======================
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Users\valdir\AppData\Roaming\Baidu Security deleted
"C:\Users\valdir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Baidu Antivirus.lnk" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavIPC.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Communication.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\DirectUI.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect\Plugin_USBProtect.dll" deleted
"C:\Program Files (x86)\Baidu Security" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins" not deleted
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Plugins\Plugin_USBProtect" not deleted
==== Folders Found ======================
2014-05-17 00:39:39 2014-05-17 00:39:39 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-05-05 15:12:03 2014-05-08 01:59:25 -------- d-----w- C:\Program Files (x86)\Baidu Security
2014-01-06 11:56:13 2014-05-17 23:35:50 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2014-05-17 23:35:13 2014-05-17 23:35:13 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-17 23:35:18 2014-05-17 23:35:19 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-17 23:35:19 2014-05-17 23:35:33 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-17 23:35:34 2014-05-17 23:35:34 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-17 23:35:34 2014-05-17 23:35:44 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-17 23:35:44 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Baidu Security
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-17 23:35:13 2014-05-17 23:35:18 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-17 23:35:45 2014-05-17 23:35:45 -------- d---a-w- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
==== Files Found ======================
--- C:\zoek_backup\C_Users_valdir_AppData_Roaming_Microsoft_Internet Explorer_Quick Launch_User Pinned_StartMenu_Baidu Antivirus.lnk.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-05-17 23:35:45
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
--- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-05-17 23:35:34
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
--- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus\Baidu Antivirus.lnk ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1216
Created time: 2014-05-17 23:35:45
Modified time: 2014-02-02 20:42:38
MD5: F140AA2C70E77F253BB7F0364F0A71BE
SHA1: C7FED4A307D036746F8DE7926B667CC9F6D648B5
==== Registry Search Results for "Baidu" ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-21-3191047974-839445982-446460419-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
==== C:\zoek_backup content ======================
C:\zoek_backup (files=651 folders=124 885228200 bytes)
==== After Reboot ======================
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus\log\BavTray.log" not found
"C:\Program Files (x86)\Baidu Security" not found
"C:\Program Files (x86)\Baidu Security\Baidu Antivirus" not found
==== EOF on 17/05/2014 at 20:39:28,67 ======================
Valdir junior- Iniciante
- Mensagens : 8
Reputação : 0
Data de inscrição : 17/05/2014
Re: Estou com problemas para remover o Baidu
por Power Max Sáb 17 maio 2014, 20:49
Ainda tem mais alguns problemas em seu PC.
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek:
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Desative temporariamente seu antivírus para evitar conflitos.
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Selecione e copie todo este texto destacado em vermelho abaixo que te passei e cole-o no espaço em branco do Zoek:
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Estou com problemas para remover o Baidu
por Danii Ter 03 Jun 2014, 11:30
TÓPICO ARQUIVADO
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Como o autor não respondeu por mais de 15 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Danii- Membro Pleno
- Mensagens : 571
Reputação : 80
Data de inscrição : 04/04/2014
Localização : Brasil
Tópicos semelhantes» Nao estou conseguindo remover o Baidu
» Como faço para remover o Baidu?
» Nao estou conseguindo remover Baidu antivirus
» Problemas para remover YoUiTuAdBelOccKer
» Fiz o processo descrito para o colega para remover o relopix e o resultado do relatorio postei aqui para que por favor possam me ajudar
» Como faço para remover o Baidu?
» Nao estou conseguindo remover Baidu antivirus
» Problemas para remover YoUiTuAdBelOccKer
» Fiz o processo descrito para o colega para remover o relopix e o resultado do relatorio postei aqui para que por favor possam me ajudar
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|