Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.

Implementa recursos de segurança e limpeza ao computador!

Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14810 usuários registrados
O último membro registrado é Josevinil

Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por joram Seg 01 Abr 2024, 06:35

Quem está conectado?
15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 

Rechercher Pesquisa avançada

Top dos mais postadores
Power Max
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
joram
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Wings [In Memoriam]
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
caedurodrigues
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Amigo Brasileiro
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
luizvilarinho
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Danii
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Admin
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Danilo Marsaro
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 
Andreata
Remoção Baidu Vote_lcapRemoção Baidu Voting_barRemoção Baidu Vote_rcap 

abril 2024
SegTerQuaQuiSexSábDom
1234567
891011121314
15161718192021
22232425262728
2930     

Calendário Calendário

Palavras-chaves

vídeos  virus  deletar  notebook  excluir  teclado  impressora  player  desinstalar  adobe  PARA  windows  SISPNCD  mcafee  2013  áudio  popup  placa  video  instalação  2015  pessoas  2025  SOFTWARE  flash  game  


Remoção Baidu

3 participantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

Página 1 de 2 1, 2  Seguinte

Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:02

Boa noite!!

Preciso de ajuda para remover o Baidu virus do meu notebook, pois não estou conseguindo instalar o antivirus kapersky.
Antes de postar aqui no forum, baixei e executei o zoek. Anexei o resultado a esta minha postagem porque a mensagem está ficando com largura não aceita.

Por favor me ajudem!!

==
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Seg 19 maio 2014, 20:04

Remoção Baidu 648673379  Olá Julio.

* Poste o log (relatório) do Zoek que está em C:\zoek-results.txt em sua próxima resposta anexando o relatório como mostra este tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remover o BAidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:15

Power Max escreveu:Remoção Baidu 648673379  Olá Julio.

* Poste o log (relatório) do Zoek que está em C:\zoek-results.txt em sua próxima resposta anexando o relatório como mostra este tutorial:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

O arquivo está muito grande, mesmo comactado é maior que o permitido.
Postar a resposta também excede. Como devo proceder?
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Seg 19 maio 2014, 20:16

Reparta ele em várias partes e poste uma parte de cada vez.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty arquivo zoek

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:18



Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Idarlene Marques on 19/05/2014 at 18:18:59,70.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Idarlene Marques\Documents\atlantica\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19/05/2014 18:22:39 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselive deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\savesenselivem deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\APNMCP deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default

user.js not found
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossriderapp2258.adsOldValue", -1);
---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.enabledItems", "linkfilter@kaspersky.ru:9.1.0.124,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{CAFEEFAC-0016-0000-0022-ABCDEFFE
---- FireFox user.js and prefs.js backups ----

prefs_052014_1835_.backup

ProfilePath: C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default

---- Lines BabylonToolbar removed from prefs.js ----
user_pref("extensions.BabylonToolbar.bbDpng", 21);
user_pref("extensions.BabylonToolbar.firstRun", false);
user_pref("extensions.BabylonToolbar.lastActv", "21");
user_pref("extensions.BabylonToolbar.lastDP", 21);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.31.222:04:31");
---- Lines BabylonToolbar removed from user.js ----

user_pref("extensions.BabylonToolbar_i.id", "2ca52690000000000000001fe1d58bd4");
user_pref("extensions.BabylonToolbar_i.hardId", "2ca52690000000000000001fe1d58bd4");
user_pref("extensions.BabylonToolbar_i.instlDay", "15483");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1722:47:40");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

---- Lines funmoods removed from prefs.js ----
user_pref("browser.search.defaultenginename", "Funmoods");
---- Lines funmoods removed from user.js ----

user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtC0DyDzz0B0DyEtByCzytDtN0D0Tzu0CtBzyzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=74036643");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtC0DyDzz0B0DyEtByCzytDtN0D0Tzu0CtBzyzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=74036643");
user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtC0DyDzz0B0DyEtByCzytDtN0D0Tzu0CtBzyzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=74036643&q=");
user_pref("extensions.funmoods.id", "001FE1D58BD42690");
user_pref("extensions.funmoods.instlDay", "15638");
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:20:1");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "ironpub");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "ironpub");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty arquivo zoek 1

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:19

---- Lines CT1750559 removed from prefs.js ----
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2905346,CT1750559");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1302787538\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"634394076199470000\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT1750559/CT1750559", "\"1302853976\"");
user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2905346,CT1750559,CT2849856");
user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2905346,CT1750559,CT2849856");
user_pref("CT1750559..clientLogIsEnabled", false);
user_pref("CT1750559..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1750559..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1750559.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1750559.alertChannelId", "31130");
user_pref("CT1750559.AppTrackingLastCheckTime", "Tue Apr 26 2011 13:04:35 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.backendstorage.http://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT1750559.CTID", "CT1750559");
user_pref("CT1750559.CurrentServerDate", "26-4-2011");
user_pref("CT1750559.DialogsAlignMode", "LTR");
user_pref("CT1750559.DialogsGetterLastCheckTime", "Sun Apr 03 2011 20:16:16 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.DownloadReferralCookieData", "");
user_pref("CT1750559.FirstServerDate", "4-4-2011");
user_pref("CT1750559.FirstTime", true);
user_pref("CT1750559.FirstTimeFF3", true);
user_pref("CT1750559.FixPageNotFoundErrors", true);
user_pref("CT1750559.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrl
user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 13:04:18 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.GroupingServerCheckInterval", 1440);
user_pref("CT1750559.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT1750559.HasUserGlobalKeys", true);
user_pref("CT1750559.Initialize", true);
user_pref("CT1750559.InitializeCommonPrefs", true);
user_pref("CT1750559.InstallationAndCookieDataSentCount", 3);
user_pref("CT1750559.InstallationType", "UnknownIntegration");
user_pref("CT1750559.InstalledDate", "Sun Apr 03 2011 20:16:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.InvalidateCache", false);
user_pref("CT1750559.isAppTrackingManagerOn", true);
user_pref("CT1750559.IsGrouping", false);
user_pref("CT1750559.IsMulticommunity", false);
user_pref("CT1750559.IsOpenThankYouPage", true);
user_pref("CT1750559.IsOpenUninstallPage", true);
user_pref("CT1750559.LanguagePackLastCheckTime", "Tue Apr 26 2011 13:04:16 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1750559.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT1750559.LastLogin_3.3.3.2", "Tue Apr 26 2011 13:04:16 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.LatestVersion", "3.3.3.2");
user_pref("CT1750559.Locale", "en-us");
user_pref("CT1750559.MCDetectTooltipHeight", "83");
user_pref("CT1750559.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1750559.MCDetectTooltipWidth", "295");
user_pref("CT1750559.myStuffEnabled", true);
user_pref("CT1750559.myStuffPublihserMinWidth", 400);
user_pref("CT1750559.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
user_pref("CT1750559.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT1750559.oldAppsList", "128515954179600320,128520273115419467,128799492822006721,128799492222006997,128799492477944433,128799493365913112,
user_pref("CT1750559.RadioIsPodcast", false);
user_pref("CT1750559.RadioLastCheckTime", "Tue Apr 26 2011 13:04:25 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.RadioLastUpdateIPServer", "3");
user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1750559.RadioMediaID", "11237206");
user_pref("CT1750559.RadioMediaType", "Media Player");
user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT1750559_RECENT11237206");
user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
user_pref("CT1750559.RadioStationURL", "http://dance.1.fm/energydance128k?MSWMExt=.asf");
user_pref("CT1750559.SavedHomepage", "http://search.conduit.com/?ctid=CT2905346&SearchSource=13");
user_pref("CT1750559.SearchEngine", "Images||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&SearchType=SearchImages&ctid=CT1750559&octid=EB_
user_pref("CT1750559.SearchFromAddressBarIsInit", true);
user_pref("CT1750559.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
user_pref("CT1750559.SearchInNewTabEnabled", true);
user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
user_pref("CT1750559.SearchInNewTabLastCheckTime", "Tue Apr 26 2011 13:04:08 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1750559.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT1750559.ServiceMapLastCheckTime", "Tue Apr 26 2011 13:04:08 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.SettingsLastCheckTime", "Tue Apr 26 2011 13:04:06 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.SettingsLastUpdate", "1302853976");
user_pref("CT1750559.testingCtid", "");
user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Tue Apr 26 2011 13:04:05 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1246790578");
user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Tue Apr 26 2011 13:04:16 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Sun Apr 03 2011 20:16:28 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.TrusteLinkUrl", "http://trust.conduit.com/CT1750559");
user_pref("CT1750559.usagesFlag", 2);
user_pref("CT1750559.UserID", "UN71656128320598921");
user_pref("CT1750559.ValidationData_Toolbar", 2);
user_pref("CT1750559.WeatherNetwork", "");
user_pref("CT1750559.WeatherPollDate", "Tue Apr 26 2011 13:04:35 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT1750559.WeatherUnit", "C");
---- Lines CT2849856 removed from prefs.js ----
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849856&SearchSource=3&q={searchTerms}");
user_pref("CommunityToolbar.EngineOwner", "CT2849856");
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2849856", "\"0\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2849856/CT2849856", "\"1301829146\"");
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2849856");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2849856");
user_pref("CT2849856..clientLogIsEnabled", true);
user_pref("CT2849856..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2849856..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2849856.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2849856.alertChannelId", "1241897");
user_pref("CT2849856.backendstorage.enableinj", "");
user_pref("CT2849856.CTID", "CT2849856");
user_pref("CT2849856.CurrentServerDate", "26-4-2011");
user_pref("CT2849856.DialogsAlignMode", "LTR");
user_pref("CT2849856.DialogsGetterLastCheckTime", "Sun Apr 03 2011 20:16:22 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.DownloadReferralCookieData", "");
user_pref("CT2849856.EMailNotifierPollDate", "Tue Apr 26 2011 13:03:51 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedLastCount129349797097937702", 259);
user_pref("CT2849856.FeedPollDate129313974171006416", "Tue Apr 26 2011 13:04:12 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313975698350231", "Tue Apr 26 2011 13:04:13 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313976370850190", "Tue Apr 26 2011 13:04:13 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313976648818968", "Tue Apr 26 2011 13:04:13 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313977444757117", "Tue Apr 26 2011 13:04:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313980389131455", "Tue Apr 26 2011 13:04:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313980655381977", "Tue Apr 26 2011 13:04:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313980886163259", "Tue Apr 26 2011 13:04:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313981234756535", "Tue Apr 26 2011 13:04:14 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313983226631720", "Tue Apr 26 2011 13:04:15 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedPollDate129313983607725691", "Tue Apr 26 2011 13:04:15 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.FeedTTL129313974171006416", 10);
user_pref("CT2849856.FeedTTL129313977444757117", 15);
user_pref("CT2849856.FeedTTL129313980655381977", 5);
user_pref("CT2849856.FeedTTL129313981234756535", 5);
user_pref("CT2849856.FirstServerDate", "4-4-2011");
user_pref("CT2849856.FirstTime", true);
user_pref("CT2849856.FirstTimeFF3", true);
user_pref("CT2849856.FixPageNotFoundErrors", true);
user_pref("CT2849856.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrl
user_pref("CT2849856.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 13:04:03 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.GroupingServerCheckInterval", 1440);
user_pref("CT2849856.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2849856.HasUserGlobalKeys", true);
user_pref("CT2849856.Initialize", true);
user_pref("CT2849856.InitializeCommonPrefs", true);
user_pref("CT2849856.InstallationAndCookieDataSentCount", 3);
user_pref("CT2849856.InstallationType", "UnknownIntegration");
user_pref("CT2849856.InstalledDate", "Sun Apr 03 2011 20:16:16 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.isAppTrackingManagerOn", true);
user_pref("CT2849856.IsGrouping", false);
user_pref("CT2849856.IsMulticommunity", false);
user_pref("CT2849856.IsOpenThankYouPage", true);
user_pref("CT2849856.IsOpenUninstallPage", true);
user_pref("CT2849856.LanguagePackLastCheckTime", "Tue Apr 26 2011 13:03:58 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2849856.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2849856.LastLogin_3.3.3.2", "Tue Apr 26 2011 13:03:59 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.LatestVersion", "3.3.3.2");
user_pref("CT2849856.Locale", "pt");
user_pref("CT2849856.MCDetectTooltipHeight", "83");
user_pref("CT2849856.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2849856.MCDetectTooltipWidth", "295");
user_pref("CT2849856.myStuffEnabled", true);
user_pref("CT2849856.myStuffPublihserMinWidth", 400);
user_pref("CT2849856.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2849856.myStuffServiceIntervalMM", 1440);
user_pref("CT2849856.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2849856.SearchFromAddressBarIsInit", true);
user_pref("CT2849856.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2849856&q=");
user_pref("CT2849856.SearchInNewTabEnabled", true);
user_pref("CT2849856.SearchInNewTabIntervalMM", 1440);
user_pref("CT2849856.SearchInNewTabLastCheckTime", "Tue Apr 26 2011 13:03:55 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2849856.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2849856.ServiceMapLastCheckTime", "Tue Apr 26 2011 13:03:46 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.SettingsLastCheckTime", "Tue Apr 26 2011 13:03:41 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.SettingsLastUpdate", "1301829146");
user_pref("CT2849856.testingCtid", "");
user_pref("CT2849856.ThirdPartyComponentsInterval", 504);
user_pref("CT2849856.ThirdPartyComponentsLastCheck", "Tue Apr 26 2011 13:03:39 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.ThirdPartyComponentsLastUpdate", "1256047550");
user_pref("CT2849856.toolbarAppMetaDataLastCheckTime", "Tue Apr 26 2011 13:03:58 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.toolbarContextMenuLastCheckTime", "Sun Apr 03 2011 20:16:29 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.TrusteLinkUrl", "http://trust.conduit.com/CT2849856");
user_pref("CT2849856.usagesFlag", 1);
user_pref("CT2849856.UserID", "UN07509601827389345");
user_pref("CT2849856.ValidationData_Toolbar", 0);
user_pref("CT2849856.WeatherNetwork", "");
user_pref("CT2849856.WeatherPollDate", "Tue Apr 26 2011 13:04:15 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2849856.WeatherUnit", "C");
---- Lines CT2905346 removed from prefs.js ----
user_pref("CommunityToolbar.ETag.http://appsmetadata.toolbar.conduit-services.com/?ctid=CT2905346", "\"1303712728\"");
user_pref("CommunityToolbar.ETag.http://settings.toolbar.search.conduit.com/root/CT2905346/CT2905346", "\"1303712768\"");
user_pref("CT2905346..clientLogIsEnabled", false);
user_pref("CT2905346..clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2905346..uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2905346.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT2905346.alertChannelId", "1297271");
user_pref("CT2905346.backendstorage._fb_dailyactivity", "31333031383732363035313934");
user_pref("CT2905346.backendstorage._fb_lifetimesent", "54525545");
user_pref("CT2905346.backendstorage.ct2905346sdate", "2D31");
user_pref("CT2905346.backendstorage.facebook_ctid_connect_send", "73656E646564");
user_pref("CT2905346.backendstorage.http://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT2905346.backendstorage.http://www_blabbers_com/app/conduit.bbrs_affid", "42525F4E6577");
user_pref("CT2905346.backendstorage.http://www_blabbers_com/app/conduit.bbrs_bguid", "42525F4E65772D37323833334636312D343736352D334236342D433834312D41
user_pref("CT2905346.backendstorage.http://www_blabbers_com/app/conduit.bbrs_lba", "3231373330353634");
user_pref("CT2905346.backendstorage.http://www_blabbers_com/app/conduit.bbrs_lba1", "323031312D342D3236");
user_pref("CT2905346.CTID", "CT2905346");
user_pref("CT2905346.CurrentServerDate", "26-4-2011");
user_pref("CT2905346.DialogsAlignMode", "LTR");
user_pref("CT2905346.DialogsGetterLastCheckTime", "Sun Apr 03 2011 20:16:24 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.DownloadReferralCookieData", "");
user_pref("CT2905346.FirstServerDate", "4-4-2011");
user_pref("CT2905346.FirstTime", true);
user_pref("CT2905346.FirstTimeFF3", true);
user_pref("CT2905346.FixPageNotFoundErrors", true);
user_pref("CT2905346.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrl
user_pref("CT2905346.globalFirstTimeInfoLastCheckTime", "Tue Apr 26 2011 13:04:07 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.GroupingServerCheckInterval", 1440);
user_pref("CT2905346.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT2905346.HasUserGlobalKeys", true);
user_pref("CT2905346.Initialize", true);
user_pref("CT2905346.InitializeCommonPrefs", true);
user_pref("CT2905346.InstallationAndCookieDataSentCount", 2);
user_pref("CT2905346.InstallationId", "Messenger_Plus_BR.exe");
user_pref("CT2905346.InstallationType", "ConduitIntegration");
user_pref("CT2905346.InstalledDate", "Sun Apr 03 2011 20:16:13 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.InvalidateCache", false);
user_pref("CT2905346.isAppTrackingManagerOn", true);
user_pref("CT2905346.IsGrouping", false);
user_pref("CT2905346.IsMulticommunity", false);
user_pref("CT2905346.IsOpenThankYouPage", false);
user_pref("CT2905346.IsOpenUninstallPage", true);
user_pref("CT2905346.LanguagePackLastCheckTime", "Tue Apr 26 2011 13:04:04 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2905346.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT2905346.LastLogin_3.3.3.2", "Tue Apr 26 2011 13:04:07 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.LatestVersion", "3.3.3.2");
user_pref("CT2905346.Locale", "pt-br");
user_pref("CT2905346.MCDetectTooltipHeight", "83");
user_pref("CT2905346.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2905346.MCDetectTooltipWidth", "295");
user_pref("CT2905346.myStuffEnabled", true);
user_pref("CT2905346.myStuffPublihserMinWidth", 400);
user_pref("CT2905346.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"
user_pref("CT2905346.myStuffServiceIntervalMM", 1440);
user_pref("CT2905346.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUF
user_pref("CT2905346.RadioIsPodcast", false);
user_pref("CT2905346.RadioLastCheckTime", "Tue Apr 26 2011 13:04:23 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.RadioLastUpdateIPServer", "3");
user_pref("CT2905346.RadioLastUpdateServer", "129430458341500000");
user_pref("CT2905346.RadioMediaID", "21796068");
user_pref("CT2905346.RadioMediaType", "Media Player");
user_pref("CT2905346.RadioMenuSelectedID", "EBRadioMenu_CT290534621796068");
user_pref("CT2905346.RadioStationName", "Radio%20Maria%20Brazil");
user_pref("CT2905346.RadioStationURL", "http://www.radiomaria.org/media/brazil.asx");
user_pref("CT2905346.SavedHomepage", "http://search.conduit.com/?ctid=&SearchSource=13");
user_pref("CT2905346.SearchFromAddressBarIsInit", true);
user_pref("CT2905346.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT2905346&SearchSource=2&q=");
user_pref("CT2905346.SearchInNewTabEnabled", true);
user_pref("CT2905346.SearchInNewTabIntervalMM", 1440);
user_pref("CT2905346.SearchInNewTabLastCheckTime", "Tue Apr 26 2011 13:04:02 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2905346.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2905346.ServiceMapLastCheckTime", "Tue Apr 26 2011 13:04:03 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.SettingsLastCheckTime", "Tue Apr 26 2011 13:04:00 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.SettingsLastUpdate", "1303712768");
user_pref("CT2905346.testingCtid", "");
user_pref("CT2905346.ThirdPartyComponentsInterval", 504);
user_pref("CT2905346.ThirdPartyComponentsLastCheck", "Tue Apr 26 2011 13:03:59 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.ThirdPartyComponentsLastUpdate", "1256047550");
user_pref("CT2905346.toolbarAppMetaDataLastCheckTime", "Tue Apr 26 2011 13:04:04 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.toolbarContextMenuLastCheckTime", "Sun Apr 03 2011 20:16:27 GMT-0300 (Hora oficial do Brasil)");
user_pref("CT2905346.TrusteLinkUrl", "http://trust.conduit.com/CT2905346");
user_pref("CT2905346.UserID", "UN28759214883430538");
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty arquivo zoek 2

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:20

---- Lines conduit removed from prefs.js ----
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1241897/1237570/BR", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/1297271/1292942/BR", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/31130/30609/BR", "\"0\"");
user_pref("CommunityToolbar.ETag.http://alerts.conduit-services.com/root/909619/905414/BR", "\"0\"");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "L+tncv4eqt6Qm5T3dzChdA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=pt-br", "L+tncv4eqt6Qm5T3dzChdA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=pt", "72ejouhEVeqM5hq+R8EBVA==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=pt-br", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=pt", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=pt-br", "vhn7+CbsuZW4CUI+g++Cug==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=pt", "QmycQXJXVyFVAzIiNllWhQ==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=pt-br", "1IwYFg/vMxZ8VpFB/n+cRw==");
user_pref("CommunityToolbar.ETag.http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=pt", "1IwYFg/vMxZ8VpFB/n+cRw==");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"01ffa8b1cc6cb1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.5.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"80ee9485875dcc1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.5.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.http://servicemap.conduit-services.com/toolbar/", "\"634394076199470000\"");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Funky/minimize.gif", "\"80feeded4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Funky/play.gif", "\"09586ee4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Funky/stop.gif", "\"09586ee4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Funky/stopped.GIF", "\"09586ee4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://storage.conduit.com/BankImages/RadioSkins/Funky/vol.gif", "\"09586ee4e19c81:0\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=en-us", "\"634351849102130000\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=pt-br", "\"634351849102130000\"");
user_pref("CommunityToolbar.ETag.http://translation.toolbar.conduit-services.com/?locale=pt", "\"634351849102130000\"");
user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun Aug 21 2011 22:29:51 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.CTID", "ConduitEngine");
user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Aug 21 2011 22:29:40 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.engineLocale", "pt-BR");
user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sun Aug 21 2011 22:29:41 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.FirstServerDate", "03/25/2011 02");
user_pref("ConduitEngine.FirstTime", true);
user_pref("ConduitEngine.FirstTimeFF3", true);
user_pref("ConduitEngine.FixPageNotFoundErrors", false);
user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sun Aug 21 2011 22:29:39 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.HasUserGlobalKeys", true);
user_pref("ConduitEngine.initDone", true);
user_pref("ConduitEngine.Initialize", true);
user_pref("ConduitEngine.InitializeCommonPrefs", true);
user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
user_pref("ConduitEngine.InstalledDate", "Thu Mar 24 2011 20:02:22 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.isAppTrackingManagerOn", true);
user_pref("ConduitEngine.IsMulticommunity", false);
user_pref("ConduitEngine.IsOpenThankYouPage", false);
user_pref("ConduitEngine.IsOpenUninstallPage", false);
user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sun Aug 21 2011 22:29:39 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 24 2011 20:02:30 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sun Aug 21 2011 22:29:39 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.PublisherContainerWidth", 0);
user_pref("ConduitEngine.SavedHomepage", "http://www.plusnetwork.com");
user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
user_pref("ConduitEngine.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CTXXXX&q=");
user_pref("ConduitEngine.SettingsLastCheckTime", "Sun Aug 21 2011 22:29:39 GMT-0300 (Hora oficial do Brasil)");
user_pref("ConduitEngine.UserID", "UN53853622258075246");
---- Lines conduit modified from prefs.js ----

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,linkfilter@kaspersky.ru:9.1.0.124,{CAFEEFAC-0016-0000-0022-ABCDEFFEDC
---- Lines Search removed from prefs.js ----
user_pref("browser.search.order.1", "Search the web (Babylon)");
---- Lines Web Search removed from prefs.js ----
user_pref("browser.search.defaultthis.engineName", "BittorrentBar_PT Customized Web Search");
---- Lines CommunityToolbar removed from prefs.js ----
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Apr 03 2011 20:16:11 GMT-0300 (Hora oficial do Brasil)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Aug 21 2011 22:29:50 GMT-0300 (Hora oficial do Brasil)");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Aug 21 2011 22:29:38 GMT-0300 (Hora oficial do Brasil)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "258b4564-5483-4c9f-9df9-767d4c29e43b");
user_pref("CommunityToolbar.EngineOwnerGuid", "{29acf17c-1713-4286-8f40-bfd05f1e70c8}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "bittorrentbar_pt");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Apr 26 2011 13:03:56 GMT-0300 (Hora oficial do Brasil)");
user_pref("CommunityToolbar.globalUserId", "3f36ce9b-e120-4f72-8bca-1bcf36a6878d");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{29acf17c-1713-4286-8f40-bfd05f1e70c8}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "bittorrentbar_pt");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
---- Lines crossrider removed from prefs.js ----
user_pref("extensions.crossriderapp2258.adsOldValue", -1);
---- Lines mybrowserbar modified from prefs.js ----

user_pref("extensions.enabledItems", "{20a82645-c095-46ed-80e3-08825760534b}:1.1,linkfilter@kaspersky.ru:9.1.0.124,{CAFEEFAC-0016-0000-0022-ABCDEFFEDC
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----

user_052014_1835_.backup
prefs_052014_1835_.backup

==== Deleting Files \ Folders ======================

C:\Users\Idarlene Marques\daemonprocess.txt deleted
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml deleted
C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com deleted
C:\Program Files\Application Updater deleted
C:\Program Files\BonanzaDeals deleted
C:\Program Files\BonanzaDealsLive deleted
C:\Program Files\SaveSense deleted
C:\Program Files\SimilarSites deleted
C:\Program Files\Funmoods deleted
C:\Program Files\ConduitEngine deleted
C:\Program Files\Common Files\Spigot deleted
C:\Users\Idarlene Marques\AppData\Roaming\SimilarSites deleted
C:\Users\Idarlene Marques\AppData\Roaming\speedanalysis.ico deleted
C:\Users\Idarlene Marques\AppData\Roaming\SaveSense deleted
C:\Users\Idarlene Marques\AppData\Roaming\zulagames deleted
C:\Users\Idarlene Marques\AppData\Roaming\SpeedAnalysis2 deleted
C:\Users\Idarlene Marques\AppData\Roaming\StartNow Toolbar deleted
C:\Users\Idarlene Marques\AppData\Roaming\Funmoods deleted
C:\Users\Idarlene Marques\AppData\Roaming\Babylon deleted
C:\Users\Idarlene Marques\AppData\Roaming\PerformerSoft deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\AB22.tmp deleted
C:\Windows\system32\config\systemprofile\AppData\Roaming\ACC8.tmp deleted
C:\Users\Idarlene Marques\Mvnwiwzd32.dll deleted
C:\Users\Idarlene Marques\Mvnwiwzd64.dll deleted
C:\Users\Idarlene Marques\slp32.dll deleted
C:\Users\Idarlene Marques\slp64.dll deleted
C:\PROGRA~2\AskPartnerNetwork deleted
C:\PROGRA~2\APN deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\PROGRA~2\BonanzaDealsLive deleted
C:\PROGRA~2\IBUpdaterService deleted
C:\PROGRA~2\baidu deleted
C:\PROGRA~2\Babylon deleted
C:\PROGRA~2\BabylonUpdater deleted
C:\Users\Idarlene Marques\AppData\Local\funmoods-speeddial.crx deleted
C:\Users\Idarlene Marques\AppData\Local\funmoods-speeddial_sf.crx deleted
C:\Users\Idarlene Marques\AppData\Local\funmoods.crx deleted
C:\Users\Idarlene Marques\AppData\Local\funmoods_2.3.1.crx deleted
C:\Users\Idarlene Marques\AppData\Local\BonanzaDealsLive deleted
C:\Users\Idarlene Marques\AppData\Local\SaveSenseLive deleted
C:\Users\Idarlene Marques\AppData\Local\Mobogenie deleted
C:\Users\Idarlene Marques\AppData\Local\cache deleted
C:\Users\Idarlene Marques\AppData\Local\Conduit deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly deleted
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense deleted
C:\Users\Convidado\AppData\LocalLow\BS_Player deleted
C:\Users\Convidado\AppData\LocalLow\Search Settings deleted
C:\Users\Convidado\AppData\LocalLow\BittorrentBar_PT deleted
C:\Users\Convidado\AppData\LocalLow\facemoods.com deleted
C:\Users\Convidado\AppData\LocalLow\PriceGong deleted
C:\Users\Convidado\AppData\LocalLow\Conduit deleted
C:\Users\Convidado\AppData\LocalLow\ConduitEngine deleted
C:\Users\Idarlene Marques\AppData\LocalLow\Search Settings deleted
C:\Users\Idarlene Marques\AppData\LocalLow\BabylonToolbar deleted
C:\Users\Idarlene Marques\AppData\LocalLow\PriceGong deleted
C:\Users\Idarlene Marques\AppData\LocalLow\Conduit deleted
C:\Users\Idarlene Marques\AppData\LocalLow\ConduitEngine deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\wininit.ini deleted
C:\Windows\system32\tasks\SaveSense deleted
C:\Windows\system32\tasks\SaveSenseLiveUpdateTaskMachineCore deleted
C:\Windows\system32\tasks\SaveSenseLiveUpdateTaskMachineUA deleted
C:\Windows\tasks\SaveSense.job deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineCore.job deleted
C:\Windows\tasks\SaveSenseLiveUpdateTaskMachineUA.job deleted
C:\Windows\system32\tasks\Funmoods deleted
C:\user.js deleted
C:\Windows\system32\roboot.exe deleted
C:\Windows\System32\InstallUtil.InstallLog deleted
C:\Windows\System32\lMMLDeleteUserData42107612FX.tmp deleted
C:\Users\Idarlene Marques\Documents\Mobogenie deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\searchplugins\SearchTheWeb.xml deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\ffxtlbr@babylon.com deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\staged deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\CT1750559 deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\CT2849856 deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\CT2905346 deleted
C:\Users\Idarlene Marques\HpSetup.exe deleted
C:\Users\Idarlene Marques\M1130MFP_M1210MFP.exe deleted
C:\Users\Idarlene Marques\MvDocLaunch.exe deleted
C:\Users\Idarlene Marques\mvhtmlcfg.exe deleted
C:\Users\Idarlene Marques\mvhtmlcfg64.exe deleted
C:\Users\Idarlene Marques\ProductInst64.exe deleted
C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default\extensions\crossriderapp2258@crossrider.com deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\crossriderapp2258@crossrider.com deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\engine@conduit.com deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\zulagames@ZulaGames.com deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28} deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8} deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\conduit deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\ConduitEngine deleted
"C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\searchplugins\Funmoods.xml" deleted
"C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\searchplugins\conduit.xml" deleted
"C:\Program Files\SaveSenseLive\Update\SaveSenseLive.exe" deleted
"C:\Program Files\SaveSenseLive\Update\1.3.23.0\goopdate.dll" deleted
"C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" deleted
"C:\PROGRA~2\SaveSenseLive\Update\Log\SaveSenseLive.log" not deleted
"C:\Users\Idarlene Marques\AppData\Roaming\SysWin" deleted
"C:\Program Files\SaveSenseLive" not deleted
"C:\Program Files\AskPartnerNetwork" deleted
"C:\PROGRA~2\SaveSenseLive" not deleted
"C:\Program Files\SaveSenseLive\Update" not deleted
"C:\Program Files\SaveSenseLive\Update\1.3.23.0" not deleted
"C:\Program Files\AskPartnerNetwork\Toolbar" deleted
"C:\Program Files\AskPartnerNetwork\Toolbar\Updater" deleted
"C:\PROGRA~2\SaveSenseLive\Update" not deleted
"C:\PROGRA~2\SaveSenseLive\Update\Log" not deleted
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty arquivo zoek 3

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:21

==== Folders Found ======================

2014-02-16 18:56:40 2014-02-20 01:37:08 -------- d-----w- C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$R6IYXE2\Baidu Antivirus
2014-02-16 18:58:46 2014-02-16 18:58:46 -------- d-----w- C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$RQB4ZRY\Baidu Antivirus
2014-02-02 20:48:53 2014-02-16 20:13:05 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 20:48:53 2014-02-16 20:13:05 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-16 20:13:34 2014-02-16 20:13:34 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security
2014-02-20 01:06:12 2014-02-20 01:06:12 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-20 01:06:15 2014-02-20 01:06:15 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 20:49:33 2014-02-16 20:20:15 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-05-19 21:36:29 2014-05-19 21:36:29 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu

==== Files Found ======================


--- C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2014-05-19 19:57:36
Modified time: 2014-05-19 19:57:36
MD5: 8DCB3155836DFFE8964EAB2A29477BE4
SHA1: FC2C4AC485712704153835437A135B7A0C877D4C


--- C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage-journal ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3608
Created time: 2014-05-19 19:57:36
Modified time: 2014-05-19 19:57:36
MD5: 2FDC8D76ADA32B49A2C7180E02D7368B
SHA1: 66E91B93C33012B1736B40B79E09A1F1EB5D2976


--- C:\Users\Idarlene Marques\AppData\Local\temp\{0758B06E-B2E3-462A-B6BA-F7D4516199DA}\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-19 19:47:01
Modified time: 2014-05-16 18:48:28
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634(1)-2014-02-16 02-12-19-0248-[9571].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-16 02-13-03-0518-[9715].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-16 02-14-03-0562-[9911].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-19 02-39-51-0232-[22947].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-19 02-44-05-0588-[23777].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Idarlene Marques\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1108.exe"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/04/2014 22:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default
- Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
- Microsoft .NET Framework Assistant - C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Dealio Toolbar - C:\Program Files\Dealio Toolbar\FF
- Undetermined - C:\Program Files\Common Files\Spigot\wtxpcom
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default
- Undetermined - C:\Program Files\Common Files\Spigot\wtxpcom
- Dealio Toolbar - C:\Program Files\Dealio Toolbar\FF
- Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\engine@conduit.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\ffxtlbr@babylon.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\ffxtlbr@Facemoods.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}
- Microsoft .NET Framework Assistant - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
- SaveSense - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- SaveSense - %ProfilePath%\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
7EDD991C076F76CDF7C10B0487DEF155 - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Deleted Firefox Extensions ======================

C:\Program Files\Dealio Toolbar\FF deleted
C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx[]
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\IDARLE~1\AppData\Local\funmoods_2.3.1.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\IDARLE~1\AppData\Local\funmoods-speeddial.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[26/03/2013 13:08]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
gflandjopdloblmlcoiidmncpinmmacn - C:\Users\Idarlene Marques\AppData\Roaming\zulagames\zulagames.crx[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[26/03/2013 13:08]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[15/10/2013 22:16]
ieadcoanfjloocmfafkebdnfefmohngj - C:\Program Files\BonanzaDeals\BonanzaDeals.crx[]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[15/10/2013 22:16]
kejpcolehiecjkanilhmblkbndaomhpc - C:\Users\IDARLE~1\AppData\Local\Temp\crxF09A.tmp[]
lpadbdkobbgjgonnfnipfngifldcdfin - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[26/03/2013 13:08]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\IDARLE~1\AppData\Local\funmoods_2.3.1.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\IDARLE~1\AppData\Local\funmoods-speeddial.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
incfcgceegpikennjoplhfghaaikdgei - C:\Users\Idarlene Marques\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx[]

Ask Toolbar - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
Funmoods Chat - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Funmoods - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Kaspersky URL Advisor - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Zula Games - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Safe Money - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
StartNow - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
Virtual Keyboard - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Google Wallet - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
WebSite Recommendation - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Anti-Banner - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=sft_pay_hp_01_hao123_br"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtC0DyDzz0B0DyEtByCzytDtN0D0Tzu0CtBzyzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=74036643"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{ABD93EAF-D775-BC54-E63B-2804F22FD156}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1A4CA3D7-B782-4A52-BF0E-AAD944572954} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{39B332C8-C1E5-731B-ECF7-5D788FCDDFE9} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{afdbddaa-5d3f-42ee-b79c-185a7020515b} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Convidado\Desktop\Dirf 2011.LNK - G:\Arquivos programaRFB\IRPF2011\Dirf2011\Dirf2011.exe
C:\Users\Convidado\Desktop\Hao123.lnk - C:\Users\Idarlene Marques\AppData\Roaming\Baidu\hao123-br\hao123.1.0.0.1108.exe
C:\Users\Convidado\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Convidado\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Convidado\Desktop\MailNavigator.lnk - C:\Program Files\MailNavigator\MailNavigator.exe
C:\Users\Convidado\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Convidado\Desktop\Some PDF to Word Converterr.lnk - C:\Program Files\SomePDF\Some PDF to Word Converter\PDF2Word.exe
C:\Users\Idarlene Marques\Desktop\Carnê-Leão 2012.lnk -
C:\Users\Idarlene Marques\Desktop\Dirf 2011.LNK - G:\Arquivos programaRFB\IRPF2011\Dirf2011\Dirf2011.exe
C:\Users\Idarlene Marques\Desktop\Google Chrome.lnk - C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Idarlene Marques\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -
C:\Users\Idarlene Marques\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Idarlene Marques\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Idarlene Marques\Desktop\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Guia Vivo Internet.lnk - C:\Program Files\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Receitanet BX 1.4.2.lnk - C:\Program Files\Programas RFB\Receitanet BX\ReceitanetBX.EXE
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Idarlene Marques\AppData\Roaming\Baidu\hao123-br\hao123.1.0.0.1108.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Some PDF to Word Converter.lnk - C:\Program Files\SomePDF\Some PDF to Word Converter\PDF2Word.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="192.168.254.251:3128"
"ProxyOverride"=";192.168.*.*"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kejpcolehiecjkanilhmblkbndaomhpc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpadbdkobbgjgonnfnipfngifldcdfin deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully

==== Empty IE Cache ======================

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Convidado\AppData\Local\Mozilla\Firefox\Profiles\vvmdo9dk.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2138 folders=569 90326652 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\IDARLE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\SaveSenseLive\Update\Log\SaveSenseLive.log" deleted
"C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\SaveSenseLive" not found
"C:\PROGRA~2\SaveSenseLive" deleted

==== EOF on 19/05/2014 at 18:55:57,40 ======================
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty arquivo zoek 3

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:24

==== Folders Found ======================

2014-02-16 18:56:40 2014-02-20 01:37:08 -------- d-----w- C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$R6IYXE2\Baidu Antivirus
2014-02-16 18:58:46 2014-02-16 18:58:46 -------- d-----w- C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$RQB4ZRY\Baidu Antivirus
2014-02-02 20:48:53 2014-02-16 20:13:05 -------- d-----w- C:\ProgramData\Baidu Security
2014-02-02 20:48:53 2014-02-16 20:13:05 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-16 20:13:34 2014-02-16 20:13:34 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security
2014-02-20 01:06:12 2014-02-20 01:06:12 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-02-20 01:06:15 2014-02-20 01:06:15 -------- d-----w- C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-02-02 20:49:33 2014-02-16 20:20:15 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-05-19 21:36:29 2014-05-19 21:36:29 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu

==== Files Found ======================


--- C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2014-05-19 19:57:36
Modified time: 2014-05-19 19:57:36
MD5: 8DCB3155836DFFE8964EAB2A29477BE4
SHA1: FC2C4AC485712704153835437A135B7A0C877D4C


--- C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage-journal ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3608
Created time: 2014-05-19 19:57:36
Modified time: 2014-05-19 19:57:36
MD5: 2FDC8D76ADA32B49A2C7180E02D7368B
SHA1: 66E91B93C33012B1736B40B79E09A1F1EB5D2976


--- C:\Users\Idarlene Marques\AppData\Local\temp\{0758B06E-B2E3-462A-B6BA-F7D4516199DA}\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-19 19:47:01
Modified time: 2014-05-16 18:48:28
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634(1)-2014-02-16 02-12-19-0248-[9571].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-16 02-13-03-0518-[9715].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-16 02-14-03-0562-[9911].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-19 02-39-51-0232-[22947].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-19 02-44-05-0588-[23777].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\Baidu Antivirus\\BdCameraProtect.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"="C:\\Users\\Idarlene Marques\\AppData\\Roaming\\baidu\\hao123-br\\hao123.1.0.0.1108.exe"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/04/2014 22:22]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CONVID~1\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default
- Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
- Microsoft .NET Framework Assistant - C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Dealio Toolbar - C:\Program Files\Dealio Toolbar\FF
- Undetermined - C:\Program Files\Common Files\Spigot\wtxpcom
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

ProfilePath: C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default
- Undetermined - C:\Program Files\Common Files\Spigot\wtxpcom
- Dealio Toolbar - C:\Program Files\Dealio Toolbar\FF
- Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\engine@conduit.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\ffxtlbr@babylon.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\ffxtlbr@Facemoods.com
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{1d80d668-2160-46a2-b3a7-e166795b0b28}
- Microsoft .NET Framework Assistant - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{29acf17c-1713-4286-8f40-bfd05f1e70c8}
- Undetermined - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
- SaveSense - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- SaveSense - %ProfilePath%\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36}
- DealPly - %ProfilePath%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

AppDir: C:\Program Files\Mozilla Firefox
- Kaspersky URL Advisor - %AppDir%\extensions\linkfilter@kaspersky.ru
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
0A1FF0B674E2F268799442A434A63BB3 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Windows Live? Photo Gallery
24E990B1E6D55428001843CF7217DD81 - C:\Program Files\Microsoft\Office Live\npOLW.dll - Microsoft Office Live Plug-in for Firefox / Microsoft Office Live Plug-in for Firefox
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
99F97C9FE748C37528C338A423577FCB - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll - Microsoft® Windows Media Player Firefox Plugin
7EDD991C076F76CDF7C10B0487DEF155 - C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
AE84791D996D1F05A2446B0C447D937A - C:\Program Files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat


==== Deleted Firefox Extensions ======================

C:\Program Files\Dealio Toolbar\FF deleted
C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{8b337819-d1e8-48d3-8178-168ae8c99c36} deleted
C:\Users\IDARLE~1\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} deleted

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
aaaajpkhjdkhhnkmgfjodbkfpbmibkkk - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx[]
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\IDARLE~1\AppData\Local\funmoods_2.3.1.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\IDARLE~1\AppData\Local\funmoods-speeddial.crx[]
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[26/03/2013 13:08]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
gflandjopdloblmlcoiidmncpinmmacn - C:\Users\Idarlene Marques\AppData\Roaming\zulagames\zulagames.crx[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[26/03/2013 13:08]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[15/10/2013 22:16]
ieadcoanfjloocmfafkebdnfefmohngj - C:\Program Files\BonanzaDeals\BonanzaDeals.crx[]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[15/10/2013 22:16]
kejpcolehiecjkanilhmblkbndaomhpc - C:\Users\IDARLE~1\AppData\Local\Temp\crxF09A.tmp[]
lpadbdkobbgjgonnfnipfngifldcdfin - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7-SAT\CRX\ToolbarCR.crx[]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[26/03/2013 13:08]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\IDARLE~1\AppData\Local\funmoods_2.3.1.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\IDARLE~1\AppData\Local\funmoods-speeddial.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
incfcgceegpikennjoplhfghaaikdgei - C:\Users\Idarlene Marques\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx[]

Ask Toolbar - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk
Funmoods Chat - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Funmoods - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Kaspersky URL Advisor - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Zula Games - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn
Safe Money - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
StartNow - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei
Virtual Keyboard - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Google Wallet - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
WebSite Recommendation - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\olakgnkoldmagdblaalodobkmeokmgjj
Anti-Banner - Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman

==== Chrome Fix ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.babylon.com_0.localstorage-journal deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflandjopdloblmlcoiidmncpinmmacn deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage deleted successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_incfcgceegpikennjoplhfghaaikdgei_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=sft_pay_hp_01_hao123_br"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtDtC0F0EtC0DyDzz0B0DyEtByCzytDtN0D0Tzu0CtBzyzytN1L2XzutBtFtBtFtDtFtAyEyE&cr=74036643"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{ABD93EAF-D775-BC54-E63B-2804F22FD156}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABD93EAF-D775-BC54-E63B-2804F22FD156}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{1A4CA3D7-B782-4A52-BF0E-AAD944572954} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{39B332C8-C1E5-731B-ECF7-5D788FCDDFE9} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{afdbddaa-5d3f-42ee-b79c-185a7020515b} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f21b1e5-5afc-43c9-9c66-515046e92ec2} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Convidado\Desktop\Dirf 2011.LNK - G:\Arquivos programaRFB\IRPF2011\Dirf2011\Dirf2011.exe
C:\Users\Convidado\Desktop\Hao123.lnk - C:\Users\Idarlene Marques\AppData\Roaming\Baidu\hao123-br\hao123.1.0.0.1108.exe
C:\Users\Convidado\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -  
C:\Users\Convidado\Desktop\IRPF2010 - Declaração de Ajuste Anual e Final de Espólio.lnk -  
C:\Users\Convidado\Desktop\MailNavigator.lnk - C:\Program Files\MailNavigator\MailNavigator.exe
C:\Users\Convidado\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Convidado\Desktop\Some PDF to Word Converterr.lnk - C:\Program Files\SomePDF\Some PDF to Word Converter\PDF2Word.exe
C:\Users\Idarlene Marques\Desktop\Carnê-Leão 2012.lnk -  
C:\Users\Idarlene Marques\Desktop\Dirf 2011.LNK - G:\Arquivos programaRFB\IRPF2011\Dirf2011\Dirf2011.exe
C:\Users\Idarlene Marques\Desktop\Google Chrome.lnk - C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Idarlene Marques\Desktop\IRPF2009 - Declaração de Ajuste Anual e Final de Espólio.lnk -  
C:\Users\Idarlene Marques\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\Idarlene Marques\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\Idarlene Marques\Desktop\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Guia Vivo Internet.lnk - C:\Program Files\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Receitanet BX 1.4.2.lnk - C:\Program Files\Programas RFB\Receitanet BX\ReceitanetBX.EXE
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -  
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -  
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -  

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  

==== shortcuts in Quick Launch ======================

C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Hao123.lnk - C:\Users\Idarlene Marques\AppData\Roaming\Baidu\hao123-br\hao123.1.0.0.1108.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Some PDF to Word Converter.lnk - C:\Program Files\SomePDF\Some PDF to Word Converter\PDF2Word.exe
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Idarlene Marques\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="192.168.254.251:3128"
"ProxyOverride"=";192.168.*.*"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gflandjopdloblmlcoiidmncpinmmacn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kejpcolehiecjkanilhmblkbndaomhpc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\lpadbdkobbgjgonnfnipfngifldcdfin deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\incfcgceegpikennjoplhfghaaikdgei deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine deleted successfully

==== Empty IE Cache ======================

C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Convidado\AppData\Local\Mozilla\Firefox\Profiles\vvmdo9dk.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2138 folders=569 90326652 bytes)

==== Empty Temp Folders ======================

C:\Users\Convidado\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Idarlene Marques\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\IDARLE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\SaveSenseLive\Update\Log\SaveSenseLive.log"  deleted
"C:\Users\Idarlene Marques\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Program Files\SaveSenseLive"  not found
"C:\PROGRA~2\SaveSenseLive"  deleted

==== EOF on 19/05/2014 at 18:55:57,40 ======================
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 20:26

Enviado o log. aguardo orientação.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Seg 19 maio 2014, 21:08

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Seg 19 maio 2014, 23:26, editado 1 vez(es)
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 23:09

OK. Vou executar o procedimento.
Obrigado desde já.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 23:22

Julio Bresciane escreveu:OK. Vou executar o procedimento.
Obrigado desde já.


Procedimento executado.
segue o arquivo:

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Idarlene Marques on 19/05/2014 at 23:06:25,27.
Microsoft® Windows Vista™ Home Basic  6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Idarlene Marques\Documents\atlantica\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-19-215557.log 85770 bytes

==== System Restore Info ======================

19/05/2014 23:09:31 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Baidu_Secure_SystemUp_4.0.1.56634(1)-2014-02-16 02-12-19-0248-[9571].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-16 02-13-03-0518-[9715].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-16 02-14-03-0562-[9911].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-19 02-39-51-0232-[22947].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-19 02-44-05-0588-[23777].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
"ToyPath"=-
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130313325326610318.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini092113-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini101113-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\Mini121213-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130313325326610318.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini092113-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini101113-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\Mini121213-01.dmp]

==== Deleting Files \ Folders ======================

C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$R6IYXE2\Baidu Antivirus not found
C:\$RECYCLE.BIN\S-1-5-21-2228158541-2569622677-3298490597-1000\$RQB4ZRY\Baidu Antivirus not found
"C:\Users\Idarlene Marques\AppData\Local\temp\{0758B06E-B2E3-462A-B6BA-F7D4516199DA}\Cleaner\baidu_av_4_0_3_57478.ini" not found
C:\ProgramData\Baidu Security deleted
C:\Users\Idarlene Marques\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
"C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage" deleted
"C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_forum.antivirus.baidu.com_0.localstorage-journal" deleted

==== Folders Found ======================

2014-05-20 02:11:45 2014-05-20 02:11:46 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-19 21:36:29 2014-05-19 21:36:29 -------- d---a-w- C:\zoek_backup\C_PROGRA~2_baidu
2014-05-20 02:11:46 2014-05-20 02:11:46 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-20 02:11:46 2014-05-20 02:11:47 -------- d---a-w- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Roaming_Baidu Security
2014-05-20 02:11:47 2014-05-20 02:11:47 -------- d---a-w- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-20 02:11:47 2014-05-20 02:11:47 -------- d---a-w- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-20 02:11:48 2014-05-20 02:11:48 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-20 02:11:47 2014-05-20 02:11:47 -------- d---a-w- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-20 02:11:47 2014-05-20 02:11:47 -------- d---a-w- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_forum.antivirus.baidu.com_0.localstorage-journal.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3608
Created time: 2014-05-20 02:11:48
Modified time: 2014-05-19 19:57:36
MD5: 2FDC8D76ADA32B49A2C7180E02D7368B
SHA1: 66E91B93C33012B1736B40B79E09A1F1EB5D2976


--- C:\zoek_backup\C_Users_Idarlene Marques_AppData_Local_Google_Chrome_User Data_Default_Local Storage_http_forum.antivirus.baidu.com_0.localstorage.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3072
Created time: 2014-05-20 02:11:48
Modified time: 2014-05-19 19:57:36
MD5: 8DCB3155836DFFE8964EAB2A29477BE4
SHA1: FC2C4AC485712704153835437A135B7A0C877D4C


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2189 folders=609 110912675 bytes)

==== EOF on 19/05/2014 at 23:18:35,56 ======================
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Seg 19 maio 2014, 23:25

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Ter 20 maio 2014, 00:09, editado 1 vez(es)
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Seg 19 maio 2014, 23:30

Power Max escreveu:Desative temporariamente seu antivírus para evitar conflitos.

Ok. vamos pra execução do procedimento


*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:



*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Seg 19 maio 2014, 23:33

você só citou minha resposta, mas não postou o log do Zoek.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:03

Valeuuuuuu!!!


Removido!!!


Obrigada.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:07

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Idarlene Marques on 19/05/2014 at 23:29:52,26.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Idarlene Marques\Documents\atlantica\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-19-215557.log 85770 bytes
C:\zoek-results2014-05-20-021835.log 20979 bytes

==== System Restore Info ======================

19/05/2014 23:30:45 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2189 folders=609 110912675 bytes)

==== EOF on 19/05/2014 at 23:34:20,16 ======================
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Ter 20 maio 2014, 00:08

Fico feliz que o Baidu tenha sido removido, mas ainda há outros adwares no seu PC.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:10

Valeu.. Baidu removido.

Resultado Zoek:

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Idarlene Marques on 19/05/2014 at 23:29:52,26.
Microsoft® Windows Vista™ Home Basic 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Idarlene Marques\Documents\atlantica\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-19-215557.log 85770 bytes
C:\zoek-results2014-05-20-021835.log 20979 bytes

==== System Restore Info ======================

19/05/2014 23:30:45 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-2228158541-2569622677-3298490597-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2189 folders=609 110912675 bytes)

==== EOF on 19/05/2014 at 23:34:20,16 ======================
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Power Max Ter 20 maio 2014, 00:14

O Baidu foi removido, mas ainda há outros adwares. Sugiro que use o Adwcleaner como lhe passei na resposta anterior e poste o relatório dele.
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:27

vamos lá!!

Power Max escreveu:Fico feliz que o Baidu tenha sido removido, mas ainda há outros adwares no seu PC.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:36

Segue o relatório

# AdwCleaner v3.210 - Relatório criado 20/05/2014 às 00:29:36
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Usuário : Idarlene Marques - PESSOAL
# Executando de : C:\Users\Idarlene Marques\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Convidado\AppData\Roaming\Mozilla\Firefox\Profiles\vvmdo9dk.default\prefs.js ]


[ Arquivo : C:\Users\Idarlene Marques\AppData\Roaming\Mozilla\Firefox\Profiles\p4kokcwi.default\prefs.js ]


-\\ Google Chrome v

[ Arquivo : C:\Users\Idarlene Marques\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [20908 octets] - [19/05/2014 19:08:21]
AdwCleaner[R1].txt - [1171 octets] - [20/05/2014 00:28:20]
AdwCleaner[S0].txt - [19731 octets] - [19/05/2014 19:10:26]
AdwCleaner[S1].txt - [1090 octets] - [20/05/2014 00:29:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1150 octets] ##########


Julio Bresciane escreveu:vamos lá!!

Power Max escreveu:Fico feliz que o Baidu tenha sido removido, mas ainda há outros adwares no seu PC.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:36

obrigada mais uma vez
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Remoção Baidu

Mensagem por Julio Bresciane Ter 20 maio 2014, 00:38

Porém continuo com o erro 2771 na instalação do antivirus
Julio Bresciane
Julio Bresciane
Iniciante
Iniciante

Mensagens : 20
Reputação : 0
Data de inscrição : 19/05/2014

Ir para o topo Ir para baixo

Remoção Baidu Empty Re: Remoção Baidu

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Página 1 de 2 1, 2  Seguinte

Ir para o topo

- Tópicos semelhantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

 
Permissões neste sub-fórum
Não podes responder a tópicos