Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
4 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 4 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Remover YAC

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 00:40

Alguem poderia me ajudar a remover o yac? e tambem como faço para o meu pc instalar programa. ele baixa mais na hora de instalar nao da certo aparece NSIS error.
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 00:49

  Oi Jeane. Seja bem vinda ao Fórum PC Brasil.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 01:13

# AdwCleaner v3.210 - Relatório criado 20/05/2014 às 01:03:22
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : jeaneadmir - AJ
# Executando de : C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : iSafeKrnl
Serviço Deletada : iSafeNetFilter
[#] Serviço Deletada : iSafeService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
Serviço Deletada : Wpm

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\Trymedia
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\ProgramData\AlawarWrapper
[!] Pasta Deletada : C:\Program Files (x86)\iSafe
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Pasta Deletada : C:\Windows\SysWOW64\hotspot shield
Pasta Deletada : C:\Users\JEANEA~1\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\lollipop
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\NativeMessaging
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\Conduit
Pasta Deletada : C:\Users\jeaneadmir\AppData\LocalLow\IminentToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\eCyber
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\iSafe
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\QuickStoresToolbar
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\jeaneadmir\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\Extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lollipop.lnk
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\searchplugins\ask-search.xml
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
Arquivo Deletada : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Chave Deletedo : HKCU\Software\Classes\Applications\lollipop.exe
Chave Deletedo : HKCU\Software\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\iLivid.torrent
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\anchorfree
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\ilivid
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Trymedia Systems
Chave Deletedo : HKCU\Software\AppDataLow\Software\Conduit
Chave Deletedo : HKCU\Software\AppDataLow\Software\SmartBar
Chave Deletedo : HKLM\Software\aartemisSoftware
Chave Deletedo : HKLM\Software\DealPlyLive
Chave Deletedo : HKLM\Software\delta-homesSoftware
Chave Deletedo : HKLM\Software\IePlugin
Chave Deletedo : HKLM\Software\iSafe
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\Trymedia Systems
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\lollipop
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v

[ Arquivo : C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js ]

Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?tpid=ATU4-V7C&o=APN11391&pf=V7&trgb=FF&p2=%5EBAY%5Ezzz012%5EYY%5EBR&gct=hp&apn_ptnrs=%5EBAY&apn_dtid=%5Ezzz012%5EYY%5EBR&apn_dbr=ff_26[...]
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C8527AE3-B53A-4CE7-A13A-4BC89C416E2D");
Linha deletada : user_pref("browser.search.selectedEngine", "SearchTheWeb");

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : ogfjmhfnldnajmfaofeiaepghjenbgjo

*************************

AdwCleaner[R0].txt - [18490 octets] - [20/05/2014 01:01:10]
AdwCleaner[S0].txt - [16505 octets] - [20/05/2014 01:03:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16566 octets] ##########
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 10:30

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Ter 20 Maio 2014, 12:23, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 11:24

Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 10:57:15,89.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

20/05/2014 10:57:52 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnl deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeNetFilter deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.search.selectedEngine", "Ask Search");
user_pref("browser.search.selectedEngine", "StartWeb");

Added to C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default

user.js not found
---- Lines ask.com modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"descriptor\":\"C:\\\\
---- FireFox user.js and prefs.js backups ----

prefs_052014_1110_.backup

==== Deleting Files \ Folders ======================

C:\Users\jeaneadmir\.android deleted
C:\PROGRA~2\iSafe deleted
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk deleted
C:\Users\jeaneadmir\AppData\Roaming\GetRightToGo deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Hotspot Shield deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\jeaneadmir\AppData\Local\CRE deleted
C:\Users\jeaneadmir\AppData\Local\cache deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted

==== Folders Found ======================

2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-15 16:04:17 2014-03-06 13:16:51 -------- d-----w- C:\Users\All Users\Baidu Security
2014-02-05 17:36:57 2014-02-05 17:36:57 -------- d-----w- C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure
2013-12-15 15:42:35 2014-01-07 01:15:59 -------- d-----w- C:\Users\jeaneadmir\AppData\Roaming\Baidu Security
2014-02-11 21:00:49 2014-02-11 21:55:57 -------- d-----w- C:\Users\Public\Documents\Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"="\"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFaster.exe\" -auto -start"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"="\"C:\\ProgramData\\Baidu\\Antivirus\\BavPro_Setup_Mini_115.exe\" /S /NOTRAY partner=RebootRun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"="C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFShellEx64.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\BdCameraProtect64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"="Baidu PC App Store Service 3.16.3.4537"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"="Baidu PC App Store Service 3.16.3.4537"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"="Baidu PC Faster Service 4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"="Baidu PC Faster Service 4.0.0.0"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py-appstore/get_reinstall_channel_info_appstore.cgi?install_channel=pcf&new_install_channel=pcf&from_version=3.14.8.4008&to_version=3.16.3.4537&errorcode=0&errortext=&userid=S2SKJ5CD-80EE7378AF17!c6557691-359b-4894-b82d-68fedad323ac@#00FF57E64FEB&install_time=2014-01-20 23:23:30"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=hex:53,\

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=hex:53,\

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [25/02/2014 18:38]

==== Firefox Extensions ======================

ProfilePath: C:\Users\JEANEA~1\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default
- Undetermined - C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\extensions\{2d7886a0-85bb-4bf2-b684-ba92b4b21d23}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[22/01/2014 18:04]

Google Drive - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Lilly Pulitzer - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bbpppaoddgakkggpcadaefofdnbmfkcm
YouTube Center - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\bcegdpionpopahcglnfiiioapcclamdj
YouTube - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
avast Online Security - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Iminent Chrome Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb

==== Chrome Fix ======================

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{E4447D16-C14B-41AE-AC8B-5878227FE0E5} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E4447D16-C14B-41AE-AC8B-5878227FE0E5} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\jeaneadmir\Desktop\AdwCleaner - Atalho.lnk - C:\Users\jeaneadmir\Downloads\AdwCleaner.exe
C:\Users\jeaneadmir\Desktop\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\Desktop\ConvertXtoDVD 4.lnk - C:\Program Files (x86)\VSO\ConvertX\4\ConvertXtoDvd.exe
C:\Users\jeaneadmir\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Manual do Usuário.lnk -  
C:\Users\Public\Desktop\Manual POSITIVO TV.lnk - C:\Fabricante\Manual PCTV\Manual_PCTV.pdf
C:\Users\Public\Desktop\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM
C:\Users\Public\Desktop\Mundo Positivo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.MundoPositivo
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\Public\Desktop\Positivo 3D Incrível.lnk -  
C:\Users\Public\Desktop\Positivo Aplicativos.lnk - C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosUI.exe Offer
C:\Users\Public\Desktop\Positivo Dicas.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoAjudante
C:\Users\Public\Desktop\Positivo Horóscopo.lnk -  
C:\Users\Public\Desktop\Positivo Jogos.lnk - C:\Fabricante\Positivo Jogos Atalhos
C:\Users\Public\Desktop\Positivo Mulher.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoMulher
C:\Users\Public\Desktop\Positivo Músicas.lnk -  
C:\Users\Public\Desktop\POSITIVO TV.lnk - C:\Program Files (x86)\Positivo\POSITIVO TV\AVerTV.exe
C:\Users\Public\Desktop\Positivo Verde e Amarelo.lnk - C:\Fabricante\Positivo Store Apps Atalhos\CallMetroApp.exe 908F1E4E.PositivoVerdeeAmarelo
C:\Users\Public\Desktop\Windows Live Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe

==== shortcuts in Users Start Menu ======================

C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk -  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk - C:\Program Files\Unlocker\README.TXT
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk - C:\Program Files\Unlocker\Unlocker.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk - C:\Program Files (x86)\Unlocker\uninst.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk - C:\Program Files\Unlocker\Unlocker.url

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\fbwuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -  
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\On-Screen Keyboard.lnk - C:\Windows\system32\osk.exe
C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\jeaneadmir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\jeaneadmir\AppData\Local\Mozilla\Firefox\Profiles\n99pkfnm.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1440 folders=184 80203615 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\fbwuser\AppData\Local\Temp emptied successfully
C:\Users\jeaneadmir\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\JEANEA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 20/05/2014 at 11:17:57,32 ======================
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 11:34

No seu PC está constando o Baidu antivirus, que a maioria das pessoas costuma nos procurar para remover. Você quer continuar com ele ou quer removê-lo?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 11:40

Remover o Baidu.
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 12:22

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Ter 20 Maio 2014, 12:51, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 12:44

Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 12:30:16,09.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-20-141757.log 39099 bytes

==== System Restore Info ======================

20/05/2014 12:30:43 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-21 01-18-51-0593-[0830].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-27 01-46-55-0556-[28037].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-01-30 01-07-08-0249-[26468].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-07 02-48-23-0313-[23972].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-09 02-34-12-0670-[32684].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-09 02-36-36-0037-[0386].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-10 02-31-43-0018-[10176].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-02-11 02-57-09-0839-[25905].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-02-11 02-01-09-0410-[26689].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-02-27 02-32-56-0807-[9258].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-NSISInstall-2014-02-27 02-57-45-0857-[14120].tmp"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Baidu PC Faster 4.0.0.0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BAV mini setup"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 3.16.3.4537]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BaiduShellEx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\BaiduShellEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\0\win64]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{59E402E6-61EE-4BB4-9E5D-ECEB10FA9E59}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdCameraProtect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_3.16.3.4537}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFasterSvc_{PCFaster_4.0.0.0}]
"Description"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
"url"=-
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFaster.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu Security\\PC Faster\\4.0.0.0\\bd_flash_install.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.14.8.4008\\softmgr_update.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\AppStoreUpdater.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\PC App Store\\3.16.3.4537\\downloader.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus\\Uninstall.exe"=-
[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\\Users\\jeaneadmir\\AppData\\Roaming\\Baidu\\hao123-br\\hao123.1.0.0.1101.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC App Store\3.16.3.4537\LastReportTime]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
"swg_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata\\2013-12-15 14_04_48_0469rpdata.dat"=-

==== Deleting Files \ Folders ======================

C:\Users\jeaneadmir\AppData\Local\Temp\baidu_secure not found
C:\ProgramData\Baidu Security deleted
C:\Users\jeaneadmir\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted

==== Folders Found ======================

2014-05-20 04:03:23 2014-05-20 04:03:23 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-20 04:03:49 2014-05-20 04:03:49 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-20 15:32:06 2014-05-20 15:32:09 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-20 15:32:11 2014-05-20 15:32:11 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-20 15:32:12 2014-05-20 15:32:14 -------- d---a-w- C:\zoek_backup\C_Users_jeaneadmir_AppData_Roaming_Baidu Security
2014-05-20 15:32:14 2014-05-20 15:32:15 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3444
Created time: 2014-05-20 14:11:11
Modified time: 2014-01-03 21:16:39
MD5: 033294B5DF6C4A309F9A96B433873BB2
SHA1: 1E1B1867078C82CA35B8C812CC2496AF07E34E2F


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]

[HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1965 folders=232 374801778 bytes)

==== EOF on 20/05/2014 at 12:34:02,79 ======================
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 12:49

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Ter 20 Maio 2014, 19:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 12:50

mais ainda tem o baidu no meu pc?
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 12:52

Jeane escreveu:mais ainda tem o baidu no meu pc?
Sim, ainda tem. Siga o procedimento que te passei acima e poste o novo log do Zoek.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 12:54

Vou fazer isto. e vc acha que depois de fazer isso tudo vou poder instalar programas no meu pc? ou é outro problema?
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 12:59

Power Max escreveu:
Jeane escreveu:mais ainda tem o baidu no meu pc?
Sim, ainda tem. Siga o procedimento que te passei acima e poste o novo log do Zoek.

Zoek.exe v5.0.0.0 Updated 20-05-2014
Tool run by jeaneadmir on 20/05/2014 at 12:55:46,49.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\jeaneadmir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-20-141757.log 39099 bytes
C:\zoek-results2014-05-20-153402.log 21412 bytes

==== System Restore Info ======================

20/05/2014 12:56:06 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Baidu Security\PC App Store\3.16.3.4537\Install\978515]
[-HKEY_USERS\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418362913-3311832013-3141513173-1001\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1965 folders=232 374801778 bytes)

==== EOF on 20/05/2014 at 12:56:57,69 ======================
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 13:06

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) REMOVER YAC

Mensagem por Jeane em Ter 20 Maio 2014, 13:24

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by jeaneadmir on 20/05/2014 at 13:13:50,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\isafe



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/05/2014 at 13:21:45,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 13:27

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 13:30

Power Max escreveu:  Faça o download do < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.
mais o que é: ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
e pra que ele serve?
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 13:32

Ele faz uma análise do PC para vermos se o Yac ainda está aparecendo, além de outros tipos de adwares.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) REMOVER YAC

Mensagem por Jeane em Ter 20 Maio 2014, 13:42

Power Max escreveu:Ele faz uma análise do PC para vermos se o Yac ainda está aparecendo, além de outros tipos de adwares.
apareceu 2icone quando eu instalei o zhp
~ Relatório do ZHPDiag v2014.5.19.69 - Nicolas Coolman  (19/05/2014)
~ Iniciado por jeaneadmir (20/05/2014 13:39:13)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16897
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit  (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Reader XI

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3542 MB (60% free)
System Restore: Activé (Enable)
System drive C: has 376 GB (84%) free of 446 GB

---\\ Modo de conexão ao sistema
~ Computer Name: AJ
~ User Name: jeaneadmir
~ All Users Names: jeaneadmir, fbwuser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\jeaneadmir\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\jeaneadmir\AppData\Roaming\
~ %Desktop% : C:\Users\jeaneadmir\Desktop\
~ %Favorites% : C:\Users\jeaneadmir\Favorites\
~ %LocalAppData% : C:\Users\jeaneadmir\AppData\Local\
~ %StartMenu% : C:\Users\jeaneadmir\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 376 Go of 446 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.27/05/2013 - 09:31:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/44
~ Mes musiques (My Musics) : 1/1000
~ Mes Videos (My Videos) : 1/145
~ Mes Favoris (My Favorites) : 1/5
~ Mes Documents (My Documents) : 2/22
~ Mon Bureau (My Desktop) : 1/27
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 02s



---\\ Processos lançados
[MD5.883B2E1341E5BE906A7507308A6636DF] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe   [285240] [PID.1440]
[MD5.A78AAB0D2D70EF7DD56B7328AC502059] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3767096] [PID.3892]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe   [841032] [PID.2592]
[MD5.322522D6FF36A539CAD732D182FA6D18] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7878656] [PID.888]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\jeaneadmir\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\prefs.js
M3 - MFPP: Plugins - [jeaneadmir] -- C:\Users\jeaneadmir\AppData\Roaming\Mozilla\Firefox\Profiles\n99pkfnm.default\searchplugins\Baixaki.xml
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [jeaneadmir]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [jeaneadmir]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.)  -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartUpManagerPositivo] C:\Program Files\Positivo Informática\Mundo Positivo Gerenciador de Inicialização\ManagerWindows.exe (.not file.)
O4 - HKLM\..\Run: [DeskmediaReaper] C:\Positivo\Deskmedia\DeskmediaReaper.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [IAStorIcon] . (.Intel Corporation - Delayed launcher.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
~ Application:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{15E295FF-141A-4EF9-A16C-BC3B8E8433C9}: DhcpNameServer = 192.254.254.18
O17 - HKLM\System\CS1\Services\Tcpip\..\{15E295FF-141A-4EF9-A16C-BC3B8E8433C9}: DhcpNameServer = 192.254.254.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.254.254.18
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1078]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1082]
~ Scheduled Task: 10 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.)  =>Trojan.Staser
~ Drivers: 42 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ControlAP II 1.3.5 - (.OEM.) [HKLM][64Bits] -- {A75A2559-40B0-4C25-A7ED-19D593F2A6E9}
O42 - Logiciel: Driver 1.4.1 - (.OEM.) [HKLM][64Bits] -- {BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}
O42 - Logiciel: H823 USB Hybrid ISDB-Tb 10.2.64.86 - (...) [HKLM][64Bits] -- AVerMedia H823 USB Hybrid ISDB-Tb
O42 - Logiciel: OSD 1.15.13 - (.OEM.) [HKLM][64Bits] -- {5A9C96FE-1376-45E1-8556-C81255F0B5A7}
O42 - Logiciel: iBrightness 1.0.1 - (.OEM.) [HKLM][64Bits] -- {B351A468-173F-43D8-B6E6-5A6E9A0125A8}
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Beamrise]  =>Hijacker.Beamrise
[HKCU\Software\SoilAP]
[HKCU\Software\SunFlowerOSD]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\SoilIO]
~ Key Software: 210 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/05/2014 - 14:04:38 - [] ----D C:\Users\jeaneadmir\AppData\Roaming\mp3rocket
O43 - CFD: 09/02/2014 - 15:16:18 - [] ----D C:\Users\jeaneadmir\AppData\Local\VNT
~ Program Folder: 128 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.7518640D625C38F2494A277C6E75FA44] - 08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [43520]  =>Trojan.Staser
O44 - LFC:[MD5.964D29F045333DBC5C2CB2C2AB011E4C] - 18/05/2014 - 16:22:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [154946]
O44 - LFC:[MD5.924FD4E360F4B410673EDDE89FA00A85] - 18/05/2014 - 16:22:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [763656]
O44 - LFC:[MD5.94C4F322443873E57A4744A539043E79] - 20/05/2014 - 11:17:57 ---A- . (...) -- C:\zoek-results2014-05-20-141757.log   [39099]
O44 - LFC:[MD5.F931B16F323DE7905E05F939B5B13BE5] - 20/05/2014 - 12:34:02 ---A- . (...) -- C:\zoek-results2014-05-20-153402.log   [21412]
O44 - LFC:[MD5.0BA19B3FFA535CAF65995F0AE690B82F] - 20/05/2014 - 12:56:57 ---A- . (...) -- C:\zoek-results.log   [3412]
~ Files: 51 Legitimates Filtered in 00mn 03s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{43e61306-c48a-11e3-be9f-80ee7378af17}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
O51 - MPSK:{6cb36b92-61f0-11e3-be75-80ee7378af17}\AutoRun\command. (...) -- E:\LGAutoRun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 21 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 8 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:24/12/2013 - 21:31:04 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [65776]  =>.ALWIL Software
O58 - SDL:24/12/2013 - 21:31:05 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [207904]  =>.ALWIL Software
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [128992]
O58 - SDL:13/01/2014 - 19:50:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\BProtectEx.sys   [83264]
O58 - SDL:08/05/2014 - 02:40:47 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys   [43520]  =>Trojan.Staser
O58 - SDL:19/08/2010 - 16:59:12 ---A- . (...) -- C:\Windows\System32\Drivers\SoilIO.sys   [17912]
O58 - SDL:03/12/2009 - 10:03:50 ---A- . (.Systems Internals - Windows NT Caps-lock Ctrl Swapper.) -- C:\Windows\System32\Drivers\soilkbc.sys   [13816]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys   [30960]
O58 - SDL:20/06/2013 - 22:09:44 ---A- . (.Anchorfree Inc. - Anchorfree HSS VPN Adapter.) -- C:\Windows\System32\Drivers\taphss6.sys   [42184]
O58 - SDL:28/04/2005 - 08:08:46 ---A- . (...) -- C:\Windows\SysWOW64\AVerIO.sys   [3456]
~ Drivers: 60 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.16E53BFC96CE14021C0E07EB1C198478] [SPRF][16/05/2014] (...) -- C:\Users\jeaneadmir\AppData\Roaming\inst.exe   [99384]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{F2CEE4BE-C8BD-4E3C-9C6B-36389C709F60}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{A032EE63-7A54-4504-9E64-79FB04DD8D53}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\jeaneadmir\AppData\Roaming\BitTorrent\BitTorrent.exe  =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.1B88BF49F3FF0D2596BCA9E49894F611] [WIS][17/12/2013] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\2445969b.msi   [28672]  =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
~ BTK: 52 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Disabled 06/12/2009 397312 |  (AVerScheduleService) . (...) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
SS - | Demand 23/04/2013 279024 |  (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Auto 17/12/2013 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/12/2013 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 17/12/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 08/04/2008 800040 |  (NBService) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 |  (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Demand 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SS - | Auto 27/05/2013 29696 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 10/10/2013 65304 |  (AppManagerService) . (.Positivo Informática S.A..) - C:\Program Files (x86)\Positivo Informática\Positivo Aplicativos\PositivoAplicativosService.exe
SR - | Auto 22/01/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 07/05/2013 368640 |  (AVerRemote) . (.AVerMedia.) - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
SR - | Auto 01/09/2012 14904 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 24/04/2012 169752 |  (ICCS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
SR - | Auto 27/07/2012 636952 |  (Intel(R) Capability Licensing Service Interface) . (.Intel(R) Corporation.) - C:\Program Files\Intel\iCLS Client\HeciServer.exe
SR - | Auto 19/12/2012 129488 |  (Intel(R) ME Service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
SR - | Auto 19/12/2012 165328 |  (jhi_service) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
SR - | Auto 19/12/2012 277456 |  (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 19/12/2006 81920 |  (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\SysWOW64\IoctlSvc.exe
SR - | Auto 19/12/2012 364496 |  (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Demand 10/07/1658 0 |  (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services:  Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13029 - (19/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma
[HKCU\Software\Beamrise]   =>Hijacker.Beamrise^
C:\Windows\Installer\2445969b.msi   =>Toolbar.Google^
~ Additionnel Scan: 204543 Items scanned in 00mn 29s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.]  =>Hijacker.Beamrise
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Tarma
~ MSI: 3 link(s) detected in 00mn 00s



~ 585 Legitimates filtered by white list
End of the scan (404 lines in 01mn 18s)(0)
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 14:14

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 20 Maio 2014, 15:11, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 14:26

tenho que instalar zhp de novo? ou posso executar o que esta na area de trabalho?
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 14:34

Ele já está instalado é só fazer exatamente como te falei.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Jeane em Ter 20 Maio 2014, 14:43

Power Max escreveu:Ele já está instalado é só fazer exatamente como te falei.
Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by jeaneadmir at 20/05/2014 14:42:10
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ: HKCU\Software\Beamrise
ELIMINÉ CLSID MPSK: {43e61306-c48a-11e3-be9f-80ee7378af17}
ELIMINÉ CLSID MPSK: {6cb36b92-61f0-11e3-be75-80ee7378af17}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ RunValue: StartUpManagerPositivo
ELIMINÉ RunValue: DeskmediaReaper
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\jeaneadmir\appdata\roaming\mozilla\firefox\profiles\n99pkfnm.default\searchplugins\baixaki.xml
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotectex.sys
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Chaves do Registo
8 : Valores do Registo
1 : Pastas
8 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 04s

========== Caminho do ficheiro do relatório ==========
C:\Users\jeaneadmir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 20/05/2014 14:42:13 [2037]
avatar
Jeane
Iniciante
Iniciante

Mensagens : 26
Reputação : 0
Data de inscrição : 20/05/2014

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Power Max em Ter 20 Maio 2014, 14:47

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Remover YAC

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum