Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


Como remover Baidu antivírus "escondido no notebook"

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 21:58

Fui instalar o Kaspersky Internet Security e o mesmo faz aquela varredura padrão antes da instalação para verificar se há algum outro antivírus. Ele indicou a presença do  Baidu antivírus e me deu a opção de desinstalar lá pelo Painel de controle, mas infelizmente não há nada relacionado ao Baidu lá que me dê a oportunidade de desinstalar.. já tentei outros programas que alguns tutoriais disseram que seriam capazes de enxergar e remover o Baidu antivirus o Revo Uninstaller e o iObit Uninstaller.. e ambos não conseguiram encontrar e muito menos remover. Preciso de uma ajuda bem passo a passo mesmo..
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 22:19

  Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 22:31

# AdwCleaner v3.210 - Relatório criado 21/05/2014 às 22:25:34
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : BANDEIRA - BANDEIRA-TECNO
# Executando de : C:\Users\BANDEIRA\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : IePluginServices

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Ask
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Browser Manager
Pasta Deletada : C:\ProgramData\IePluginServices
Pasta Deletada : C:\Program Files (x86)\BrowseSmart
Pasta Deletada : C:\Program Files (x86)\Complitly
Pasta Deletada : C:\Program Files (x86)\Mobogenie
Pasta Deletada : C:\Program Files (x86)\Smartdl
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Pasta Deletada : C:\Users\BANDEIRA\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\BANDEIRA\AppData\Local\Temp\BrowseSmart
Pasta Deletada : C:\Users\BANDEIRA\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\BANDEIRA\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\baidu
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\Complitly
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\dvdvideosoftiehelpers
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\qone8
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\UpdaterEX
Pasta Deletada : C:\Users\BANDEIRA\AppData\Roaming\YourFileDownloader
Pasta Deletada : C:\Users\BANDEIRA\Documents\Mobogenie
Pasta Deletada : C:\Users\wangzhisong\AppData\Local\Mobogenie
Arquivo Deletada : C:\END
Arquivo Deletada : C:\Users\BANDEIRA\daemonprocess.txt
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Local\mysearchdial-speeddial.crx
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\bprotector_extensions.sqlite
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\searchplugins\Askcom.xml
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\searchplugins\bingp.xml
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\searchplugins\Mysearchdial.xml
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\qone8.xml
Arquivo Deletada : C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Browser Manager
Arquivo Deletada : C:\Windows\System32\Tasks\Dealply
Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job
Arquivo Deletada : C:\Windows\System32\Tasks\YourFile Update

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseSmart_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilBrowseSmart_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKCU\Software\808bd9bc6db941
Chave Deletedo : HKLM\SOFTWARE\808bd9bc6db941
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_cheat-engine_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_cheat-engine_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_samsung-kies_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_samsung-kies_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_utorrent_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_utorrent_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\Complitly
Chave Deletedo : HKCU\Software\Conduit
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\filescout
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKCU\Software\YourFileDownloader
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\Iminent
Chave Deletedo : HKLM\Software\qone8Software
Chave Deletedo : HKLM\Software\SimplyGen
Chave Deletedo : HKLM\Software\SupTab
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKLM\Software\YourFileDownloader
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041

Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\prefs.js ]

Linha deletada : user_pref("browser.search.defaultenginename", "qone8");
Linha deletada : user_pref("browser.search.selectedEngine", "qone8");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://start.qone8.com/?type=hppp&ts=1400709193&from=kmp&uid=HitachiXHTS547550A9E384_J211008BJ1JXJAJ1JXJAX");
Linha deletada : user_pref("extensions.BabylonToolbar.admin", false);
Linha deletada : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Linha deletada : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Linha deletada : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Linha deletada : user_pref("extensions.BabylonToolbar.excTlbr", false);
Linha deletada : user_pref("extensions.BabylonToolbar.id", "c6e08ae00000000000007c4fb55761cf");
Linha deletada : user_pref("extensions.BabylonToolbar.instlDay", "15616");
Linha deletada : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Linha deletada : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Linha deletada : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Linha deletada : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=c6e08ae00000000000007c4fb55761cf&q=");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Linha deletada : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Linha deletada : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Linha deletada : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:33:39");

-\\ Google Chrome v

[ Arquivo : C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [16484 octets] - [21/05/2014 22:25:00]
AdwCleaner[S0].txt - [14408 octets] - [21/05/2014 22:25:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14469 octets] ##########
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 22:33

Na verdade além do Baidu, seu PC está com vários outros adwares.
_____________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 21 Maio 2014, 23:49, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 22:40

Nem quando coloco pra abrir como admin. Vem a mensagem se quero mesmo abrir, eu digo que sim e não abre nada.
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 22:42

Ele pode demorar um pouco para abrir aguarde alguns minutos e veja se ele abre.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 23:01

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by BANDEIRA on 21/05/2014 at 22:40:57,35.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\BANDEIRA\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

21/05/2014 22:42:46 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B0E6001F-B314-4300-AEF4-6BB20A2831C0} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\prefs.js:
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "https://www.google.com/search");

Added to C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default

user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- FireFox user.js and prefs.js backups ----

prefs_052014_2250_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~3\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\PROGRA~2\MyFree Codec deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\ProductData deleted
C:\Users\BANDEIRA\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\BANDEIRA\Downloads\SoftonicDownloader_para_odin.exe deleted
C:\Users\BANDEIRA\Downloads\SoftonicDownloader_para_samsung-kies.exe deleted
C:\Users\BANDEIRA\Downloads\SoftonicDownloader_para_utorrent.exe deleted
C:\windows\SysNative\tasks\updater.exe deleted
C:\windows\SysNative\tasks\Baidu PC Faster Update deleted
C:\Users\wangzhisong deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\BANDEIRA\AppData\Roaming\unins000.exe deleted
C:\Users\BANDEIRA\AppData\Roaming\unins001.exe deleted
C:\Users\BANDEIRA\AppData\Roaming\unins002.exe deleted

==== Folders Found ======================

2014-05-22 01:25:35 2014-05-22 01:25:35 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2013-12-13 03:17:13 2013-12-13 03:17:47 -------- d-----w- C:\Program Files (x86)\Baidu Security
2013-12-13 03:17:13 2013-12-13 21:18:26 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2013-12-13 03:17:46 2013-12-13 03:19:36 -------- d-----w- C:\ProgramData\Baidu Security
2013-12-13 03:17:46 2013-12-13 03:19:36 -------- d-----w- C:\Users\All Users\Baidu Security
2013-12-13 03:16:30 2013-12-13 03:16:30 -------- d-----w- C:\Users\BANDEIRA\AppData\Local\Temp\baidu_secure
2013-12-13 03:19:45 2013-12-13 03:19:45 -------- d-----w- C:\Users\BANDEIRA\AppData\Roaming\Baidu Security
2013-12-13 21:25:19 2013-12-13 21:25:19 -------- d-----w- C:\Users\BANDEIRA\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-12-13 21:25:20 2013-12-13 21:25:20 -------- d-----w- C:\Users\BANDEIRA\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2013-12-13 03:18:26 2013-12-13 21:19:40 -------- d-----w- C:\Users\Public\Documents\Baidu Security

==== Files Found ======================


--- C:\Users\BANDEIRA\AppData\Local\Temp\Baidu_Secure_SystemUp_3.7.1.41942.exe ---
Company: Baidu, Inc.
File Description: PC Faster Setup
File Version: 3.7.1.41942
Product Name: Baidu PC Faster
Copyright: Copyright (C) 2013 Baidu, Inc. All Rights Reserved.
Original Filename:
File type: ----a-w-
File size: 10485488
Created time: 2013-12-13 03:17:50
Modified time: 2013-12-13 03:17:50
MD5: 66C59A018E191D71F1AFF7D64EC9DD5A
SHA1: 3BD7AAD8B8753AA3EB4B0403D229B4983F5DB33E


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3368
Created time: 2014-05-22 01:50:40
Modified time: 2013-12-13 03:19:36
MD5: A05AB84DF5ADB463F94BA25C4DA11D3C
SHA1: AB23322C3CEC110A146E5FAB9BBC01FC456E24FA


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090613-16083-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090613-16083-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [26/09/2013 22:43]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8874}"="C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\abn\xpi" [30/04/2014 18:29]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
785105A23650755A8F7A72405EB0D923 - C:\Users\BANDEIRA\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll - Google Update
C2ABE67BEF924EB10804F8B727F435D5 - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
29B5096C332ECE24A72024212A2282EF - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\BANDEIRA\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
CB4DBF9AD20BF81E3B4BF3081CE5C1D0 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll - Shockwave for Director / Shockwave for Director
E7BC792810EC02DD1F7ED25D830E9324 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll - Shockwave Flash
3447F68CFA52BF8854FF05BADD5F4F17 - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_abn_64.dll - Módulo de Proteção - Banco Santander (Brasil) S.A.
4DC48F347E212C32BACCEC6FE3532300 - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
6405D35B002039122117B4EAD3EDD8BD - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[29/12/2013 10:25]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[24/10/2013 15:52]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[14/05/2014 13:26]

GBBD Banco Santander (Brasil) S.A. - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Google Docs - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
GBBD Banco Santander (Brasil) S.A. - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Docs - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
RealDownloader - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
GBBD Caixa Economica Federal - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - Default\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
GBBD Banco Santander (Brasil) S.A. - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Docs - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
RealDownloader - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
GBBD Caixa Economica Federal - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - Default User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
GBBD Banco Santander (Brasil) S.A. - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\abmojiekfpcmkkfamgfcpgfgipocface
Docs - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
RealDownloader - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
GBBD Caixa Economica Federal - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Banco do Brasil - USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{25477387-2310-45df-933D-E9416D3D0303} eSnips Search Url="http://dev-eis.esnips.com/page/search_provider/?client_uuid=&q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{7677B3C3-A8CD-489C-8A0F-7B7770494ACB} Unknown  Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7677B3C3-A8CD-489C-8A0F-7B7770494ACB} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\BANDEIRA\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\BANDEIRA\Desktop\KMPlayer.lnk - C:\The KMPlayer\KMPlayer.exe
C:\Users\BANDEIRA\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\BANDEIRA\Desktop\µTorrent.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\mkvmerge GUI.lnk - C:\Program Files (x86)\MKVToolNix\mmg.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe

==== shortcuts in Users Start Menu ======================

C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\BANDEIRA\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\BANDEIRA\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Google+ Auto Backup.lnk - C:\Users\BANDEIRA\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup\Uninstall.lnk - C:\Users\BANDEIRA\AppData\Local\Programs\Google\Google+ Auto Backup\Uninstall.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\BANDEIRA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer Setup Wizard.lnk - C:\The KMPlayer\KMPSetup.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\KMPlayer.lnk - C:\The KMPlayer\KMPlayer.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer\Uninstall KMPlayer.lnk - C:\The KMPlayer\uninstall.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AA1000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Docs.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_document
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Sheets.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_spreadsheet
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Slides.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe --new_presentation
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf

==== shortcuts in Quick Launch ======================

C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files (x86)\Google\Picasa3\Picasa3.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\VDownloader.lnk - C:\Program Files\VDownloader\VDownloader.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AMCap.lnk - C:\Program Files (x86)\Noel Danjou\AMCap\AMCap.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Configurar o Visualizador de fotos do Picasa.lnk - C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe /reconfig
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\BANDEIRA\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\KMPlayer.exe.lnk - C:\The KMPlayer\KMPlayer.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LockKey deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\BANDEIRA\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\Documents\Notebook\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\Documents\Notebook\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\BANDEIRA\Documents\Notebook\Cristiane\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\BANDEIRA\Documents\Notebook\Cristiane\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\BANDEIRA\AppData\Local\Mozilla\Firefox\Profiles\up9s6iet.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=119 folders=32 35972780 bytes)

==== Empty Temp Folders ======================

C:\Users\BANDEIRA\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BANDEIRA\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 21/05/2014 at 22:59:06,98 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 23:35

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 21 Maio 2014, 23:49, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 23:44

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by BANDEIRA on 21/05/2014 at 23:38:55,81.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\BANDEIRA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-015906.log 38792 bytes

==== System Restore Info ======================

21/05/2014 23:40:25 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\090613-16083-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Install]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\3.7.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]
"c:\\programdata\\baidu security\\rpdata"=-
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\090613-16083-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\Users\BANDEIRA\AppData\Local\Temp\baidu_secure not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\BANDEIRA\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted

==== Folders Found ======================

2014-05-22 01:25:35 2014-05-22 01:25:35 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 02:41:42 2014-05-22 02:41:42 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-22 02:41:42 2013-12-13 21:18:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-22 02:41:42 2014-05-22 02:41:43 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-22 02:41:43 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_BANDEIRA_AppData_Roaming_Baidu Security
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_BANDEIRA_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_BANDEIRA_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-22 02:41:42 2013-12-13 21:18:26 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_BANDEIRA_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-22 02:41:44 2014-05-22 02:41:44 -------- d---a-w- C:\zoek_backup\C_Users_BANDEIRA_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\zoek_backup\C_windows_SysNative_tasks_Baidu PC Faster Update.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3368
Created time: 2014-05-22 01:50:40
Modified time: 2013-12-13 03:19:36
MD5: A05AB84DF5ADB463F94BA25C4DA11D3C
SHA1: AB23322C3CEC110A146E5FAB9BBC01FC456E24FA


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=150 folders=80 207995843 bytes)

==== EOF on 21/05/2014 at 23:43:25,26 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 23:48

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qua 21 Maio 2014, 23:58, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qua 21 Maio 2014, 23:55

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by BANDEIRA on 21/05/2014 at 23:53:32,63.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\BANDEIRA\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-015906.log 38792 bytes
C:\zoek-results2014-05-22-024325.log 14268 bytes

==== System Restore Info ======================

21/05/2014 23:54:10 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\Baidu Security\PC Faster\DataReport]

==== Registry Search Results for "Baidu" ======================

No instances of string "Baidu" found.

==== C:\zoek_backup content ======================

C:\zoek_backup (files=150 folders=80 207995843 bytes)

==== EOF on 21/05/2014 at 23:54:50,52 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qua 21 Maio 2014, 23:58

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 00:10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by BANDEIRA on 22/05/2014 at  0:03:27,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3040940374-2889601364-3289522042-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\BANDEIRA\AppData\Roaming\mozilla\firefox\profiles\up9s6iet.default\minidumps [6 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2014 at  0:08:54,07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 00:12

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 00:18

~ Relatório do ZHPDiag v2014.5.21.70 - Nicolas Coolman  (21/05/2014)
~ Iniciado por BANDEIRA (22/05/2014 00:16:02)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 27.0.1

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (67% free)
System Restore: Activé (Enable)
System drive C: has 259 GB (56%) free of 461 GB

---\\ Modo de conexão ao sistema
~ Computer Name: BANDEIRA-TECNO
~ User Name: BANDEIRA
~ All Users Names: HomeGroupUser$, Convidado, BANDEIRA, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\BANDEIRA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\BANDEIRA\AppData\Roaming\
~ %Desktop% : C:\Users\BANDEIRA\Desktop\
~ %Favorites% : C:\Users\BANDEIRA\Favorites\
~ %LocalAppData% : C:\Users\BANDEIRA\AppData\Local\
~ %StartMenu% : C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 259 Go of 461 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: CD-ROM drive (Free 0 Go of 4 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/10016
~ Mes musiques (My Musics) : 5/115
~ Mes Videos (My Videos) : 2/98
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 2/75345
~ Mon Bureau (My Desktop) : 6/1360
~ Menu demarrer (Programs) : 1/58
~ Hidden Files:  Scanned in 00mn 17s



---\\ Processos lançados
[MD5.E4B89C1434AC5EE740E87CCF7769F50D] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe   [844656] [PID.3812]
[MD5.646A34526CC33BE4CA933C5680D80B48] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe   [1090912] [PID.3800]
[MD5.8CFAFCD10B661D5770A32111EB4CD266] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe   [1564528] [PID.2024]
[MD5.16F1D5CF6465FCA139FA289648B349EE] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe   [663552] [PID.2452]
[MD5.ACFE107955BD2C382CB3C1909E16706A] - (.FS VAS - CentralDeServicos 1.3.4 © FS VAS, Inc, 2011.) -- C:\Program Files (x86)\FS VAS\Central de Servicos\CentralDeServicos.exe   [108128] [PID.880]
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\BANDEIRA\AppData\Roaming\Dropbox\bin\Dropbox.exe   [32668056] [PID.2796]
[MD5.99AEB0226719486845035D4904A230D5] - (.TODO: <Company name> - TODO: <File description>.) -- C:\Program Files (x86)\WSED\WSED.exe   [320880] [PID.3348]
[MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe   [311152] [PID.2512]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   [254336] [PID.612]
[MD5.D9FAA5EFEB27DDBE99C720B9069A451E] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe   [152392] [PID.1104]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe   [158032] [PID.2168]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Users\BANDEIRA\AppData\Local\Google\Chrome\Application\chrome.exe   [841032] [PID.6092]
[MD5.65C450CCC15ADDED610EB58DE35B307A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe   [7877120] [PID.4344]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe   [528424] [PID.784]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe   [65432] [PID.1656]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe   [43336] [PID.1680]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe   [1390720] [PID.1836]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe   [1764992] [PID.1936]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe   [39056] [PID.1552]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe   [207528] [PID.2128]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe   [523944] [PID.2292]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe   [822504] [PID.2872]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe   [13336] [PID.844]
[MD5.78F7BB9F4924BE164294C59B8C3FC096] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe   [737616] [PID.3296]
~ Processes Running:  Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [BANDEIRA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
O4 - GS\Desktop [BANDEIRA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.)  -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe   =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [VDownloader] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKCU\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\BANDEIRA\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [WSED] . (.TODO: <Company name> - TODO: <File description>.) -- C:\Program Files (x86)\WSED\WSED.exe
O4 - HKLM\..\Wow6432Node\Run: [KiesTrayAgent] . (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe   =>.Samsung Electronics Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [KiesPreload] . (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (.not file.)
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\BANDEIRA\AppData\Local\Google\Update\GoogleUpdate.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [NokiaPCInternetAccess] . (.Nokia - Nokia PC Internet Access.) -- C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application:  Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{7BCFCAA2-3749-4EA3-A4E3-7E21EE6CD087}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\BANDEIRA\Downloads\Receitanet-1.04.exe   [6182597]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{8551BDF1-B4B3-4C45-AACF-52CC5C5B6941}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\BANDEIRA\Downloads\Receitanet-1.04 (1).exe   [6182597]
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [APT] [{E26E6ED3-5CFA-4CE5-875F-842D0CCF37A3}] (...) -- C:\Users\BANDEIRA\Downloads\adobe_reader.exe   [25505304]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000Core   [918]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000UA   [940]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1068]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1072]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000Core   [1038]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000UA   [1090]
O39 - APT:  - (..) -- C:\Windows\Tasks\updater.exe.job   [470]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: AIFF MP3 Converter v3.3 build 1049 - (.Hoo Technologies.) [HKLM][64Bits] -- {5494AFBC-3EC2-463A-BD6C-EAFB62EB6EE9}_is1
O42 - Logiciel: Central de Servicos - (.FS VAS.) [HKLM][64Bits] -- {28A452EA-89A2-4513-82D1-8E4294C035E3}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKCU][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva  - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM][64Bits] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AIFF MP3 Converter 3]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\FS VAS]
[HKLM\Software\Wow6432Node\Program DJ]
[HKLM\Software\Wow6432Node\SupDp]  =>PUP.SupTab
[HKLM\Software\Wow6432Node\WSED]
~ Key Software: 334 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/08/2013 - 18:36:29 - [] ----D C:\Program Files (x86)\AIFF MP3 Converter 3
O43 - CFD: 17/01/2014 - 13:00:09 - [] ----D C:\Program Files (x86)\FS VAS
O43 - CFD: 17/03/2014 - 19:23:29 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2012 - 17:29:53 - [] ----D C:\Program Files (x86)\WSED
O43 - CFD: 02/05/2012 - 17:39:22 - [] ----D C:\ProgramData\Win732
O43 - CFD: 02/05/2012 - 17:39:22 - [] ----D C:\ProgramData\Win764
O43 - CFD: 02/05/2012 - 17:30:08 - [] ----D C:\ProgramData\XP32
O43 - CFD: 13/12/2013 - 00:23:00 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/01/2014 - 11:05:34 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\FS VAS
O43 - CFD: 21/05/2014 - 19:02:56 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\ProductData
O43 - CFD: 17/01/2014 - 13:00:09 - [0] ----D C:\Users\BANDEIRA\AppData\Local\config
O43 - CFD: 17/01/2014 - 13:00:25 - [] ----D C:\Users\BANDEIRA\AppData\Local\FS_VAS
O43 - CFD: 07/02/2014 - 21:45:33 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 17/10/2012 - 22:09:06 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 25/02/2013 - 22:49:32 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 17/03/2014 - 19:10:43 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 232 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.784D68A595C8179588956390CE2A4208] - 16/05/2014 - 09:12:13 ---A- . (...) -- C:\Windows\System32\prfc0416.dat   [148058]
O44 - LFC:[MD5.0736D1A04033752FC5B8DE19036E3C43] - 16/05/2014 - 09:12:13 ---A- . (...) -- C:\Windows\System32\prfh0416.dat   [706476]
O44 - LFC:[MD5.280B409070E16EFAFE56B5595D6AC643] - 21/05/2014 - 18:50:21 ---A- . (...) -- C:\Windows\ntbtlog.txt   [227574]
O44 - LFC:[MD5.037681E7A4EDD48E321601E1AAEFE126] - 21/05/2014 - 22:59:06 ---A- . (...) -- C:\zoek-results2014-05-22-015906.log   [38792]
O44 - LFC:[MD5.1B52FEFEBB4F8675DC131056CAB83E1C] - 21/05/2014 - 23:43:25 ---A- . (...) -- C:\zoek-results2014-05-22-024325.log   [14268]
O44 - LFC:[MD5.B4446D735FA89BFD3AB8FE3AF8C7FDB6] - 21/05/2014 - 23:54:50 ---A- . (...) -- C:\zoek-results.log   [1632]
~ Files: 43 Legitimates Filtered in 00mn 01s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{9f7df02a-8a00-11e2-ade8-7c4fb55761cf}\AutoRun\command. (...) -- E:\Welcome\Welcome.exe (.not file.)
O51 - MPSK:{d5085836-1ab6-11e2-a8a2-7c4fb55761cf}\AutoRun\command. (...) -- G:\NokiaPCIA_Autorun.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader  [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 10 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys   [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys   [34624]
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys   [121312]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [530496]
O58 - SDL:26/06/2009 - 15:43:42 ---A- . (.Windows (R) Win 7 DDK provider - Embedded System Control.) -- C:\Windows\System32\Drivers\EMSC.sys   [16752]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [31232]
O58 - SDL:20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys   [103576]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys   [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys   [54784]
O58 - SDL:26/06/2009 - 15:43:42 ----- . (.Windows (R) Win 7 DDK provider - Embedded System Control.) -- C:\Windows\SysWOW64\drivers\EMSC.sys   [13680]
O58 - SDL:09/10/2012 - 08:29:58 ----- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys   [46440]
O58 - SDL:10/05/2014 - 10:34:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys   [31088]
~ Drivers: 80 Legitimates Filtered in 00mn 26s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome.H3WRO6ITJ57DREQ4DXQG3O4U3U> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BANDEIRA\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] D5E18AB237064D1599C6D1E088558D4E - (Search the web (Babylon)) - [Você precisa estar registrado e conectado para ver este link.]  =>PUP.Babylon
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {25477387-2310-45df-933D-E9416D3D0303} - (eSnips Search) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0446D2F53F2BCF564A6B68611990CCCD] [SPRF][22/09/2013] (...) -- C:\ProgramData\ntuser.dat   [262144]
[MD5.A849B0BE83EA697D230D9D1FD8E24C83] [SPRF][11/08/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins000.dat   [29505]
[MD5.4B8501FF812132253F888772F80A6C73] [SPRF][26/11/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins001.dat   [16569]
[MD5.2D8FA1E86A715B9CA0ECC5CE30CBEB54] [SPRF][05/12/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins002.dat   [14043]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][21/05/2014] (...) -- C:\Users\BANDEIRA\Desktop\AdwCleaner.exe   [1326389]
[MD5.D5B4C1400A2B87BB0D76D9C4761DCFAD] [SPRF][18/05/2014] (.PandoraTV - The KMPlayer Setup/Install.) -- C:\Users\BANDEIRA\Desktop\KMPlayer_3-9-0-124.exe   [32778552]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][21/05/2014] (...) -- C:\Users\BANDEIRA\Desktop\zoek.exe   [1285120]
~ Files: 7 Legitimates Filtered in 00mn 01s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{08C1AC19-057C-42CE-98FC-2BB899B64E13}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{4F1B8193-441D-4EE4-B814-A9D5FF3F0CE0}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{4DD4DF77-75EC-4681-BFBD-4C51446F458C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\Downloads\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{88F425B4-658A-4E37-A8EE-05F68D94C5EB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\Downloads\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{BBA58007-9967-44BE-B996-644A6D9CA995}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
O87 - FAEL: "{CE7C846A-9EF1-47E6-B2D3-0019E6AB20C6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe  =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32  =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS  =>Adware.PredictAd
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32  =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS  =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32  =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS  =>P2P.µTorrent
~ BTK: 283 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/07/2012 136176 |  (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/2012 136176 |  (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/11/2013 194032 |  (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 21/05/2014 2153792 |  (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 12/03/2014 118896 |  (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 05/04/2012 158208 |  (Samsung UPD Service2) . (.Samsung Electronics.) - C:\Windows\System32\SUPDSvc2.exe
SS - | Auto 23/10/2013 172192 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 |  (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 |  (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 22/10/2010 953632 |  (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 528424 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/11/2010 13336 |  (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 15/05/2014 641352 |  (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 14/08/2013 39056 |  (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Demand 18/04/2013 737616 |  (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 |  (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe  =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13029 - (21/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 0
Fichiers trouvés  (Files found) : 1

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32]   =>Toolbar.Bing
[HKLM\Software\Wow6432Node\SupDp]   =>PUP.SupTab^
~ Additionnel Scan: 302449 Items scanned in 00mn 14s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.SupTab
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.Babylon
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.PredictAd
~ MSI: 3 link(s) detected in 00mn 00s



~ 923 Legitimates filtered by white list
End of the scan (545 lines in 01mn 35s)(0)
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 00:36

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________

 Acesse o site [Você precisa estar registrado e conectado para ver este link.] e envie este arquivo destacado em azul abaixo para ser analisado:
C:\Windows\Tasks\updater.exe.job

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

Analise arquivos e links suspeitos de forma online e totalmente gratuita
_____________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.


Última edição por Power Max em Qui 22 Maio 2014, 01:05, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 00:48

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by BANDEIRA at 22/05/2014 00:47:24
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 15s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\SupDp
ELIMINÉ CLSID MPSK: {9f7df02a-8a00-11e2-ade8-7c4fb55761cf}
ELIMINÉ CLSID MPSK: {d5085836-1ab6-11e2-a8a2-7c4fb55761cf}
ELIMINÉ: SearchScopes :D5E18AB237064D1599C6D1E088558D4E
ELIMINÉ: SearchScopes :{25477387-2310-45df-933D-E9416D3D0303}
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS
ELIMINÉ: Service: Bonjour Service

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\program files\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (121) (2.014.790 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
8 : Chaves do Registo
10 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 25s

========== Caminho do ficheiro do relatório ==========
C:\Users\BANDEIRA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 00:47:39 [2031]
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 00:49

faltou você postar o link da análise do arquivo no site Virus Total.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 00:52

[Você precisa estar registrado e conectado para ver este link.]
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 00:52

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 00:56

~ Relatório do ZHPDiag v2014.5.21.70 - Nicolas Coolman (21/05/2014)
~ Iniciado por BANDEIRA (22/05/2014 00:54:20)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Blog de análise de software : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 27.0.1

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.13

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8139 MB (69% free)
System Restore: Activé (Enable)
System drive C: has 259 GB (56%) free of 461 GB

---\\ Modo de conexão ao sistema
~ Computer Name: BANDEIRA-TECNO
~ User Name: BANDEIRA
~ All Users Names: HomeGroupUser$, Convidado, BANDEIRA, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\BANDEIRA\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\BANDEIRA\AppData\Roaming\
~ %Desktop% : C:\Users\BANDEIRA\Desktop\
~ %Favorites% : C:\Users\BANDEIRA\Favorites\
~ %LocalAppData% : C:\Users\BANDEIRA\AppData\Local\
~ %StartMenu% : C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 259 Go of 461 Go)
D: Floppy drive, Flash card reader, USB Key (Not Inserted)
E: CD-ROM drive (Free 0 Go of 4 Go)
Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 4/10016
~ Mes musiques (My Musics) : 5/115
~ Mes Videos (My Videos) : 2/98
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 2/75345
~ Mon Bureau (My Desktop) : 6/1361
~ Menu demarrer (Programs) : 1/57
~ Hidden Files: Scanned in 00mn 14s



---\\ Processos lançados
[MD5.E4B89C1434AC5EE740E87CCF7769F50D] - (.Samsung - KiesPDLR.) -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656] [PID.3812]
[MD5.646A34526CC33BE4CA933C5680D80B48] - (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912] [PID.3800]
[MD5.8CFAFCD10B661D5770A32111EB4CD266] - (.Samsung - Kies.) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528] [PID.2024]
[MD5.16F1D5CF6465FCA139FA289648B349EE] - (.Nokia - Nokia PC Internet Access.) -- C:\Program Files (x86)\Nokia\PC Internet Access\NPCIA.exe [663552] [PID.2452]
[MD5.ACFE107955BD2C382CB3C1909E16706A] - (.FS VAS - CentralDeServicos 1.3.4 © FS VAS, Inc, 2011.) -- C:\Program Files (x86)\FS VAS\Central de Servicos\CentralDeServicos.exe [108128] [PID.880]
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\BANDEIRA\AppData\Roaming\Dropbox\bin\Dropbox.exe [32668056] [PID.2796]
[MD5.99AEB0226719486845035D4904A230D5] - (.TODO: - TODO: .) -- C:\Program Files (x86)\WSED\WSED.exe [320880] [PID.3348]
[MD5.BF739971EC9B05DAFEC793767B632BA9] - (.Samsung Electronics Co., Ltd. - Kies TrayAgent Application.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152] [PID.2512]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.612]
[MD5.D9FAA5EFEB27DDBE99C720B9069A451E] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.1104]
[MD5.58FBD16C4BB84D9F69C25F30DAA4CE31] - (.Nokia - Microsoft Bluetooth Media Server.) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe [158032] [PID.2168]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Users\BANDEIRA\AppData\Local\Google\Chrome\Application\chrome.exe [841032] [PID.5436]
[MD5.65C450CCC15ADDED610EB58DE35B307A] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7877120] [PID.4204]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [528424] [PID.784]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1656]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1680]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.1836]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.1936]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.1552]
[MD5.39B1D0A636A400304565D4521FAD6D77] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528] [PID.2128]
[MD5.77C5A741A7452812F278EF2C18478862] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944] [PID.2292]
[MD5.FD557A50A65E44041CD2FCEF4BEB04DB] - (.Microsoft Corporation - Microsoft Office Client Virtualization Serv.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.exe [822504] [PID.2872]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.844]
[MD5.78F7BB9F4924BE164294C59B8C3FC096] - (.Nokia - ServiceLayer Module.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [737616] [PID.3296]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\BANDEIRA\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 20 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\BANDEIRA\AppData\Roaming\Mozilla\Firefox\Profiles\up9s6iet.default\prefs.js
P2 - FPN: [HKLM] [adobe.com/AdobeAAMDetect] - (...) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\BANDEIRA\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll
~ BHO: 12 Legitimates Filtered in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [BANDEIRA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [BANDEIRA]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKLM\..\Wow6432Node\Run: [WSED] . (.TODO: - TODO: .) -- C:\Program Files (x86)\WSED\WSED.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
O4 - HKUS\S-1-5-21-3040940374-2889601364-3289522042-1000\..\RunOnce: [Uninstall C:\Users\BANDEIRA\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\Windows\system32\cmd.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- C:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.secureweb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{5D22A7FC-A0E1-43A5-8D00-213812E16754}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{754017F7-7FF0-4E4E-A9D8-CE1743C7C259}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{95B14E29-6F43-45F3-ADB8-5DBD46EC1B0E}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B1EAF0A-186A-4906-A8FC-50E3E6A9B085}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{7BCFCAA2-3749-4EA3-A4E3-7E21EE6CD087}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\BANDEIRA\Downloads\Receitanet-1.04.exe [6182597]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{8551BDF1-B4B3-4C45-AACF-52CC5C5B6941}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\BANDEIRA\Downloads\Receitanet-1.04 (1).exe [6182597]
[MD5.68DCB5D1CF09C64D59FF44845E24EE7D] [APT] [{E26E6ED3-5CFA-4CE5-875F-842D0CCF37A3}] (...) -- C:\Users\BANDEIRA\Downloads\adobe_reader.exe [25505304]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000Core [918]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000UA [940]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000Core [1038]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3040940374-2889601364-3289522042-1000UA [1090]
O39 - APT: - (..) -- C:\Windows\Tasks\updater.exe.job [470]
~ Scheduled Task: 28 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: AIFF MP3 Converter v3.3 build 1049 - (.Hoo Technologies.) [HKLM][64Bits] -- {5494AFBC-3EC2-463A-BD6C-EAFB62EB6EE9}_is1
O42 - Logiciel: Central de Servicos - (.FS VAS.) [HKLM][64Bits] -- {28A452EA-89A2-4513-82D1-8E4294C035E3}
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GBBD Caixa Economica Federal - (...) [HKCU][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Módulo de Proteção Banco Santander 3.4.3.1 - (...) [HKLM][64Bits] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
~ Logic: 23 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AIFF MP3 Converter 3]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\SERPRO]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\FS VAS]
[HKLM\Software\Wow6432Node\Program DJ]
[HKLM\Software\Wow6432Node\WSED]
~ Key Software: 337 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 17/08/2013 - 18:36:29 - [] ----D C:\Program Files (x86)\AIFF MP3 Converter 3
O43 - CFD: 17/01/2014 - 13:00:09 - [] ----D C:\Program Files (x86)\FS VAS
O43 - CFD: 17/03/2014 - 19:23:29 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 02/05/2012 - 17:29:53 - [] ----D C:\Program Files (x86)\WSED
O43 - CFD: 02/05/2012 - 17:39:22 - [] ----D C:\ProgramData\Win732
O43 - CFD: 02/05/2012 - 17:39:22 - [] ----D C:\ProgramData\Win764
O43 - CFD: 02/05/2012 - 17:30:08 - [] ----D C:\ProgramData\XP32
O43 - CFD: 13/12/2013 - 00:23:00 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 18/01/2014 - 11:05:34 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\FS VAS
O43 - CFD: 21/05/2014 - 19:02:56 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\ProductData
O43 - CFD: 17/01/2014 - 13:00:09 - [0] ----D C:\Users\BANDEIRA\AppData\Local\config
O43 - CFD: 17/01/2014 - 13:00:25 - [] ----D C:\Users\BANDEIRA\AppData\Local\FS_VAS
O43 - CFD: 07/02/2014 - 21:45:33 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google+ Auto Backup
O43 - CFD: 17/10/2012 - 22:09:06 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012
O43 - CFD: 25/02/2013 - 22:49:32 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 17/03/2014 - 19:10:43 - [] ----D C:\Users\BANDEIRA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 232 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.784D68A595C8179588956390CE2A4208] - 16/05/2014 - 09:12:13 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148058]
O44 - LFC:[MD5.0736D1A04033752FC5B8DE19036E3C43] - 16/05/2014 - 09:12:13 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [706476]
O44 - LFC:[MD5.280B409070E16EFAFE56B5595D6AC643] - 21/05/2014 - 18:50:21 ---A- . (...) -- C:\Windows\ntbtlog.txt [227574]
O44 - LFC:[MD5.037681E7A4EDD48E321601E1AAEFE126] - 21/05/2014 - 22:59:06 ---A- . (...) -- C:\zoek-results2014-05-22-015906.log [38792]
O44 - LFC:[MD5.1B52FEFEBB4F8675DC131056CAB83E1C] - 21/05/2014 - 23:43:25 ---A- . (...) -- C:\zoek-results2014-05-22-024325.log [14268]
O44 - LFC:[MD5.B4446D735FA89BFD3AB8FE3AF8C7FDB6] - 21/05/2014 - 23:54:50 ---A- . (...) -- C:\zoek-results.log [1632]
~ Files: 43 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\VDownloader [Key] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
~ SMSR Keys: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:29/11/2013 - 01:16:34 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:25/09/2013 - 08:15:06 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:29/11/2013 - 01:16:30 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [121312]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:26/06/2009 - 15:43:42 ---A- . (.Windows (R) Win 7 DDK provider - Embedded System Control.) -- C:\Windows\System32\Drivers\EMSC.sys [16752]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:20/08/2013 - 07:02:12 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [103576]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:26/06/2009 - 15:43:42 ----- . (.Windows (R) Win 7 DDK provider - Embedded System Control.) -- C:\Windows\SysWOW64\drivers\EMSC.sys [13680]
O58 - SDL:09/10/2012 - 08:29:58 ----- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:10/05/2014 - 10:34:19 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 80 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\BANDEIRA\AppData\Local\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0446D2F53F2BCF564A6B68611990CCCD] [SPRF][22/09/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.A849B0BE83EA697D230D9D1FD8E24C83] [SPRF][11/08/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins000.dat [29505]
[MD5.4B8501FF812132253F888772F80A6C73] [SPRF][26/11/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins001.dat [16569]
[MD5.2D8FA1E86A715B9CA0ECC5CE30CBEB54] [SPRF][05/12/2013] (...) -- C:\Users\BANDEIRA\AppData\Roaming\unins002.dat [14043]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][21/05/2014] (...) -- C:\Users\BANDEIRA\Desktop\AdwCleaner.exe [1326389]
[MD5.D5B4C1400A2B87BB0D76D9C4761DCFAD] [SPRF][18/05/2014] (.PandoraTV - The KMPlayer Setup/Install.) -- C:\Users\BANDEIRA\Desktop\KMPlayer_3-9-0-124.exe [32778552]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][21/05/2014] (...) -- C:\Users\BANDEIRA\Desktop\zoek.exe [1285120]
~ Files: 7 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{08C1AC19-057C-42CE-98FC-2BB899B64E13}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{4F1B8193-441D-4EE4-B814-A9D5FF3F0CE0}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{4DD4DF77-75EC-4681-BFBD-4C51446F458C}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{88F425B4-658A-4E37-A8EE-05F68D94C5EB}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\Downloads\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{BBA58007-9967-44BE-B996-644A6D9CA995}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{CE7C846A-9EF1-47E6-B2D3-0019E6AB20C6}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\BANDEIRA\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32 =>Toolbar.Bing
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarManager_94DDE1EDD1CDF6A3_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 281 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/07/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/07/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/11/2013 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 22/10/2004 73728 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Auto 21/05/2014 2153792 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 12/03/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 05/04/2012 158208 | (Samsung UPD Service2) . (.Samsung Electronics.) - C:\Windows\System32\SUPDSvc2.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 22/10/2010 953632 | (btwdins) . (.Broadcom Corporation..) - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 15/05/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 04s



---\\ Scâner Aditional (088)
Database Version : 13029 - (21/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

[HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing
~ Additionnel Scan: 302126 Items scanned in 00mn 14s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 932 Legitimates filtered by white list
End of the scan (504 lines in 00mn 51s)(0)
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 01:03

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois destes procedimentos.


Última edição por Power Max em Qui 22 Maio 2014, 01:10, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 01:09

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre : C:\Users\BANDEIRA\AppData\Roaming\ZHP\ZHPExportRegistry-22-05-2014-01-08-22.txt
Run by BANDEIRA at 22/05/2014 01:07:21
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 32s)

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINÉ Temporários windows (6) (251.479 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 39s

========== Caminho do ficheiro do relatório ==========
C:\Users\BANDEIRA\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 00:47:39 [2114]
C:\Users\BANDEIRA\AppData\Roaming\ZHP\ZHPFix[R2].txt - 22/05/2014 01:07:53 [1268]
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Power Max em Qui 22 Maio 2014, 01:10

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por natanalves em Qui 22 Maio 2014, 01:12

Está bem rápido.

Tenho que reiniciar o note? Para que seja eliminado o que foi detectado da ultima vez?

E o Baidu? :/
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Como remover Baidu antivírus "escondido no notebook"

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum