Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35112 mensagens em 3557 assuntos
Últimos assuntos
» Notebook Travando!
por RS_Computadores Hoje à(s) 10:37

Quem está conectado
4 usuários online :: 1 usuário cadastrado, Nenhum Invisível e 3 Visitantes :: 2 Motores de busca

RS_Computadores

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


Baidu Antivirus está em meu PC!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 15:36

Boa tarde, ontem mesmo com a ajuda de vocês consegui me livrar dessa e outras pragas do meu notebook, agora fui instalar o Kaspersky no PC mesmo e apareceu que também está com o Baidu Antivirus. Preciso de ajuda novamente na esperança de dar certo assim como deu no notebook Smile
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 16:07

  Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 16:13

# AdwCleaner v3.210 - Relatório criado 22/05/2014 às 16:09:39
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Cristiane - CRISTIANE-PC
# Executando de : C:\Users\Cristiane\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\baidu
Pasta Deletada : C:\Users\Cristiane\AppData\Local\lollipop
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\user.js
Arquivo Deletada : C:\Windows\Tasks\Driver Booster Update.job
Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
Arquivo Deletada : C:\Windows\Tasks\Funmoods.job
Arquivo Deletada : C:\Windows\System32\Tasks\Funmoods

***** [ Atalhos ] *****


***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C088D5DD-3DB9-4B42-85C9-DE40B7C8DCEE}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42231E0D-A692-43EE-85DC-A22E39722250}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42231E0D-A692-43EE-85DC-A22E39722250}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKCU\Software\Headlight
Chave Deletedo : HKCU\Software\lollipop

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v26.0 (pt-BR)

[ Arquivo : C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js ]


-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : bbjciahceamgodcoidkjpchnokgfpphh
Deletedo [Extension] : cjpglkicenollcignonpgiafdgfeehoj

*************************

AdwCleaner[R0].txt - [6440 octets] - [12/01/2014 09:38:11]
AdwCleaner[R1].txt - [2479 octets] - [22/05/2014 16:08:37]
AdwCleaner[S0].txt - [6253 octets] - [12/01/2014 09:39:29]
AdwCleaner[S1].txt - [2672 octets] - [22/05/2014 16:09:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2732 octets] ##########
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 16:15

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 Maio 2014, 19:17, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 16:50


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 16:22:11,10.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

22/05/2014 16:23:02 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal");
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default

user.js not found
---- Lines extensions.518020f2e52ff removed from prefs.js ----
user_pref("extensions.518020f2e52ff.epoch", "1376705125");
user_pref("extensions.518020f2e52ff.url", "http://getjpijs.info/sync2/?ext=btos&pid=969&country=BR®d=130430195218&lsd=130816020530&ver=7&ind=372445
---- Lines extensions.5180212eec813 removed from prefs.js ----
user_pref("extensions.5180212eec813.epoch", "1376705125");
user_pref("extensions.5180212eec813.url", "http://getjpit.info/sync2/?ext=wbn&pid=969&country=BR®d=130430195318&lsd=130816020530&ver=7&ind=37244503
---- FireFox user.js and prefs.js backups ----

prefs_052014_1630_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Cristiane\.android deleted
C:\Program Files\GUTD00.tmp deleted
C:\Program Files\GUMCF0.tmp deleted
C:\Program Files\Common Files\DVDVideoSoft\bin deleted
C:\Program Files\Common Files\Wondershare deleted
C:\Users\Cristiane\AppData\Roaming\Wondershare deleted
C:\Users\Cristiane\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\boost_interprocess deleted
C:\PROGRA~2\ProductData deleted
C:\PROGRA~2\InstallMate deleted
C:\Users\Cristiane\AppData\Local\Wondershare deleted
C:\Users\Cristiane\AppData\LocalLow\SearchNewTab deleted
C:\Users\Cristiane\AppData\Roaming\unins000.exe deleted
C:\Users\Cristiane\AppData\Roaming\unins001.exe deleted

==== Folders Found ======================

2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-03-05 23:15:53 2014-04-17 12:40:39 -------- d-----w- C:\Program Files\Baidu Security
2014-03-05 23:15:53 2014-05-21 21:59:29 -------- d-----w- C:\ProgramData\Baidu Security
2014-03-05 23:15:53 2014-05-21 21:59:29 -------- d-----w- C:\Users\All Users\Baidu Security
2014-03-05 23:18:46 2014-04-17 12:40:25 -------- d-----w- C:\Users\Cristiane\AppData\Roaming\Baidu Security
2014-03-05 23:17:37 2014-04-17 12:40:51 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-04-17 12:41:20 2014-04-17 12:41:20 -------- d-----w- C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security

==== Files Found ======================


--- C:\Users\Cristiane\AppData\Local\Spark\User Data\baidu_shutdown_ms.txt ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 5
Created time: 2014-05-05 02:08:07
Modified time: 2014-05-05 02:08:07
MD5: 9CEDF029786EC6E5E359EA1179EAE7B2
SHA1: 329A27CCE2F7F2D0F990E4A7845ABB25F57EDC64


--- C:\Users\Cristiane\AppData\Local\Temp\28FEC379-E1DF-11E3-A141-00270E389CBD\Cleaner\baidu_av_4_0_3_57478.ini ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 227
Created time: 2014-05-22 18:30:39
Modified time: 2014-05-21 18:10:36
MD5: C9F2E09C386C9A6E5434D21A0200F6E0
SHA1: 442F80424FDDE56047D0E11824A66CCC37D89CE4


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-05 03-19-23-0166-[25811].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-05 03-19-23-0166-[25811].tmp"=""

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-40-18-0467-[20869].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-43-35-0958-[18002].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-03-23-0599-[12626].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-14 03-07-06-0771-[32082].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-24 03-12-32-0932-[29803].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-26 03-01-05-0827-[13784].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-08 04-52-25-0614-[26725].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-52-21-0505-[13201].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-53-31-0579-[18430].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-04-09 04-21-07-0145-[23838].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-11 04-33-25-0849-[24228].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-17 04-41-10-0654-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-17 04-41-25-0155-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-18 04-14-27-0672-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-23 04-21-01-0425-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-23 04-51-06-0958-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-08-12-0945-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-15-05-0208-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-29-18-0705-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-32-36-0944-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-43-29-0257-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-47-51-0225-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-49-28-0670-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-49-42-0000-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-25 04-49-43-0020-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-51-07-0132-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-05-04 05-43-37-0172-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-04 05-43-43-0029-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-04 05-43-47-0190-[0041].tmp"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_pcf_statistic_info.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@="\"C:\\Program Files\\baidu\\Spark\\Spark.exe\" -- \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@="\"C:\\Program Files\\baidu\\Spark\\Spark.exe\" -- \"%1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"DisplayIcon"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038\\PCAppStore.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"UninstallString"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038\\Uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"Publisher"="Baidu, Inc."

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"InstallDir"="C:\\Program Files\\Baidu Security\\PC App Store\\4.0.6.5038"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"="Baidu PC App Store Service 4.0.6.5038"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log\Updater.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\baidu]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\Install]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\DataReport]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\Setup]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.3.67165&userid=1857ecc0996ca0e19f11cd0508bdfc71&old_userid=S2N5J50B-00270E389CBD!ccf6eb2c-d5d5-42d3-a576-7acb9df5b423@#00270E389CBD&install_time=2014-03-05 23:17:37&parent_name=dllhost.exe"

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.3.67165&userid=1857ecc0996ca0e19f11cd0508bdfc71&old_userid=S2N5J50B-00270E389CBD!ccf6eb2c-d5d5-42d3-a576-7acb9df5b423@#00270E389CBD&install_time=2014-03-05 23:17:37&parent_name=dllhost.exe"

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"DAEMON Tools Lite_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"msnmsgr_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=dword:00000002

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Acrobat Assistant 8.0_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"AdobeAAMUpdater-1.0_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SoundMAX_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=dword:00000001

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\Setup]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"="C:\\Program Files\\baidu\\Spark\\Spark.exe /url --flag-switches-begin --flag-switches-end --restore-last-session magnet:?xt=urn:btih:b62d4766e79c5d7c92e5969f98e3b30ece8906b5&dn=High.School.Musical.2006.720p.Dual.Audio.%5BEng-Hindi%5D-Alan&tr=udp%3A%2F%2Ftracker.openbittorrent.com%3A80&tr=udp%3A%2F%2Ftracker.publicbt.com%3A80&tr=udp%3A%2F%2Ftracker.istole.it%3A6969&tr=udp%3A%2F%2Ftracker.ccc.de%3A80&tr=udp%3A%2F%2Fopen.demonii.com%3A1337"

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log\Updater.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [01/07/2013 20:59]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" []

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default
AC987EE8037531807C5D7E6217A23501 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
EB41064BC07017F5694CF16B4DEF6B10 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
6768C724599214E4F9ADD9F8FF5097EB - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U45
F1CD6E22E5AE5CEEB7712E546A5FC853 - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.450.18
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
9D4A0B314CB9CF134CA27E1E0217E51E - C:\Mozilla Plugins\npitunes.dll - iTunes Application Detector
099CB18EA60FB962CE324D32C95DB3A5 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.4
B0E0DA307E454E0342A433FA8A5F3801 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.4
CFC0BF89AEC7F4EB034BB20CDE0C1174 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.4
9A792830E58717538C0B8CCFFE060CE5 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.4
E2FD06835049C9F3F06E5088E00A3065 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.4
01E4DA82C518853EF3B16209C038D7B9 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll - RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
60F23A6CE8B9F9BE995EAACFF0022DFC - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll - RealPlayer Download Plugin
AE7B288233C212C62CD544BF768C45E6 - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll - Shockwave for Director / Shockwave for Director
A64F2C388DC26BE3E469EDC3657B14F4 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit)
C45F7E59F2A0A6D3C4E90117F4752414 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit)
F7AEAD4303A056F2D1685B43024776CA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit)
FA0A3008589567CB7196620B05C9F28D - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery
F00DA1A135FCA11D4426D9A5AB72CF0F - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll - AdobeAAMDetect
41561B8AE9E551BD08304D48DAA900FA - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll - AdobeAAMDetect


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16/04/2013 03:11]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
abmojiekfpcmkkfamgfcpgfgipocface - C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\abn\sf.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx[]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[]

Google Wallet - Cristiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Video Download - Cristiane\AppData\Local\Spark\User Data\Default\Extensions\djmgfiokceelcoeihknfhbnnbboaibkm
RealDownloader - Cristiane\AppData\Local\Spark\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Docs - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{C4304BAC-BF69-49B8-8B32-58F0471DE8D0} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

==== Reset Google Chrome ======================

C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Preferences was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Web Data was reset successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874} deleted successfully
HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Download Assistant.lnk - C:\Program Files\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\DriverPack Solution Lite.lnk - C:\Program Files\DriverPack Solution Lite 13\DRPSu13-Lite.exe
C:\Users\Public\Desktop\English Grammar in Use Extra.lnk - C:\Program Files\Cambridge\English Grammar in Use Extra\English Grammar in Use Extra.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (32-bit).lnk - C:\Program Files\Cheat Engine 6.3\cheatengine-i386.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3 (64-bit).lnk - C:\Program Files\Cheat Engine 6.3\cheatengine-x86_64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine 6.3.lnk - C:\Program Files\Cheat Engine 6.3\Cheat Engine.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine help.lnk - C:\Program Files\Cheat Engine 6.3\CheatEngine.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Cheat Engine tutorial.lnk - C:\Program Files\Cheat Engine 6.3\Tutorial-i386.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\main.lua.lnk - C:\Windows\system32\notepad.exe C:\Program Files\Cheat Engine 6.3\main.lua
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Reset settings.lnk - C:\Program Files\Cheat Engine 6.3\ceregreset.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Uninstall Cheat Engine.lnk - C:\Program Files\Cheat Engine 6.3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.3\Kernel stuff\Unload kernel module.lnk - C:\Program Files\Cheat Engine 6.3\Kernelmoduleunloader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\abmojiekfpcmkkfamgfcpgfgipocface deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnTBMon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iFunBoxConnector deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InetUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VDownloader deleted successfully

==== Empty IE Cache ======================

C:\Users\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristiane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Cristiane\AppData\Local\Spark\User Data\Default\Cache emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1185 folders=39 128310636 bytes)

==== Empty Temp Folders ======================

C:\Users\Cristiane\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CRISTI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 22/05/2014 at 16:38:35,72 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 18:37

Alguém ai? Smile
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Danii em Qui 22 Maio 2014, 18:42

Olá!
Peço que aguarde a análise do seu log.
Dentro de instantes o colaborador te passará os próximos procedimentos.
avatar
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 77
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 19:49

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 Maio 2014, 20:09, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 20:00


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 19:52:51,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-193835.log 39852 bytes

==== System Restore Info ======================

22/05/2014 19:53:31 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCAppStoreSvc_{PCAppStore_4.0.6.5038} deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCAppStoreSvc_{PCAppStore_4.0.6.5038} deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Application Bug\Pcf\list]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\Spark]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-03-05 03-19-23-0166-[25811].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-05 03-19-23-0166-[25811].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-09 03-40-18-0467-[20869].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-43-35-0958-[18002].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-03-10 03-03-23-0599-[12626].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-14 03-07-06-0771-[32082].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-24 03-12-32-0932-[29803].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-03-26 03-01-05-0827-[13784].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-08 04-52-25-0614-[26725].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-52-21-0505-[13201].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-09 04-53-31-0579-[18430].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFaster-2014-04-09 04-21-07-0145-[23838].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-11 04-33-25-0849-[24228].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-17 04-41-10-0654-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-17 04-41-25-0155-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-18 04-14-27-0672-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-23 04-21-01-0425-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-23 04-51-06-0958-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-08-12-0945-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-15-05-0208-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-29-18-0705-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-32-36-0944-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-43-29-0257-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-47-51-0225-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-49-28-0670-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-04-25 04-49-42-0000-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-04-25 04-49-43-0020-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-Updater-2014-04-25 04-51-07-0132-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFTray-2014-05-04 05-43-37-0172-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFasterSvc-2014-05-04 05-43-43-0029-[0041].tmp"=-
"C:\\ProgramData\\Baidu Security\\RpData\\rpFile-PCFPopups-2014-05-04 05-43-47-0190-[0041].tmp"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTP\shell\spk\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\IE.HTTPS\shell\spk\command]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"DisplayIcon"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"UninstallString"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"Publisher"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC App Store 4.0.6.5038]
"InstallDir"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCAppStoreSvc_{PCAppStore_4.0.6.5038}]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\baidu]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\4.0.6.5038\LastReportTime]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\DataReport]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC App Store\Setup]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\CleanRecord]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Exam]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
"url"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\InstalledPatchesRecord]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"DAEMON Tools Lite_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"msnmsgr_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
"uTorrent_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Acrobat Assistant 8.0_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"Adobe ARM_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"AdobeAAMUpdater-1.0_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SoundMAX_BaiDuSafe_RegType"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
"SunJavaUpdateSched_BaiDuSafe_RegType"=-
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\TrayIcon]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart #1"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\list\4.0.3.64348\C7A80E4A70F196FDED39FE26BAD31D71]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Pcf\log\Updater.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

==== Deleting Files \ Folders ======================

C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Cristiane\AppData\Roaming\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Baidu Security deleted
"C:\Users\Cristiane\AppData\Local\Spark\User Data\baidu_shutdown_ms.txt" deleted

==== Folders Found ======================

2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-22 19:09:41 2014-05-22 19:09:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-22 22:54:52 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:55 -------- d---a-w- C:\zoek_backup\C_Users_Cristiane_AppData_Roaming_Baidu Security
2014-05-22 22:54:55 2014-05-22 22:54:56 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-22 22:54:56 2014-05-22 22:54:56 -------- d---a-w- C:\zoek_backup\C_Windows_System32_config_systemprofile_AppData_Roaming_Baidu Security

==== Files Found ======================


--- C:\zoek_backup\C_Users_Cristiane_AppData_Local_Spark_User Data_baidu_shutdown_ms.txt.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 5
Created time: 2014-05-22 22:54:56
Modified time: 2014-05-05 02:08:07
MD5: 9CEDF029786EC6E5E359EA1179EAE7B2
SHA1: 329A27CCE2F7F2D0F990E4A7845ABB25F57EDC64


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1320 folders=132 203730275 bytes)

==== EOF on 22/05/2014 at 19:56:42,75 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 20:07

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 Maio 2014, 20:16, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 20:14

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 20:11:14,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes

==== System Restore Info ======================

22/05/2014 20:11:43 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538218]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19538468]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Baidu Security\PC Faster\4.0.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1320 folders=132 203730275 bytes)

==== EOF on 22/05/2014 at 20:12:41,28 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 20:16

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Qui 22 Maio 2014, 20:21, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 20:18

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Cristiane on 22/05/2014 at 20:16:27,97.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cristiane\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-22-193835.log 39852 bytes
C:\zoek-results2014-05-22-225642.log 20615 bytes
C:\zoek-results2014-05-22-231241.log 2702 bytes

==== System Restore Info ======================

22/05/2014 20:16:51 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1320 folders=132 203730275 bytes)

==== EOF on 22/05/2014 at 20:17:48,48 ======================
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 20:20

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 20:27

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x86
Ran by Cristiane on 22/05/2014 at 20:23:27,82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Cristiane\AppData\Roaming\mozilla\firefox\profiles\cazhzzqa.default\minidumps [4 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/05/2014 at 20:26:26,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 20:28

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 20:34

~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman (22/05/2014)
~ Iniciado por Cristiane (22/05/2014 20:31:37)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (53% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Security Center] UacDisableNotify: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/640
~ Menu demarrer (Programs) : 1/38
~ Hidden Files: Scanned in 00mn 03s



---\\ Processos lançados
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.788]
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1420]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.1712]
[MD5.4DC6B0772D1698F04FC79053A21C8260] - (.Andrea Electronics Corporation - Andrea filters APO access service (32-bit).) -- C:\Windows\system32\AEADISRV.exe [90112] [PID.1732]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.1760]
[MD5.DB5BEA73EDAF19AC68B2C0FAD0F92B1A] - (.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe [390504] [PID.1932]
[MD5.BEFF149A82F78B648046108EB9D28893] - (.IObit - Product Updater.) -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200] [PID.1972]
[MD5.B2D01290C0E0465ACA54C2088E947823] - (...) -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.412]
[MD5.27044650FA30414BEC7F9BEB7F937386] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [172064] [PID.2956]
[MD5.313C8854EBDAFA0DDA8AD4757BD0E5DC] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [173600] [PID.2976]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3012]
[MD5.ADDFB090DE67FB6251ABD242104BAEB5] - (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe [1270352] [PID.3080] =>P2P.BitTorrent
[MD5.BF456A0CAFB2876583982E74F450D647] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe [32668056] [PID.3420]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.2072]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.728]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.2432]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.4496]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [tsnp2uvc.exe] Chave orfã
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Cristiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2278793192-2799666863-1724067060-1000\..\Run: [uTorrent] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 10 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.Keygen
[MD5.00000000000000000000000000000000] [APT] [{02F56846-D053-4F6F-8F8E-0BE72F9D1833}] (...) -- C:\Users\Cristiane\Downloads\win7_1512754.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{5E6027CB-ABD1-47F4-9987-D641E4E55B0D}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{8E9FB0FA-C9AC-4315-B979-0E238EC44B10}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}] (...) -- C:\Users\Cristiane\Downloads\install_flashplayer11x32ax_gtba_chra_dy_aih.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}] (...) -- C:\Users\Cristiane\Downloads\iGBPCEFgb.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{B9CF45BE-1615-460D-ACD6-237E2043E66C}] (...) -- C:\Program Files\uTorrent\uTorrent.exe (.not file.) [0] =>P2P.µTorrent
[MD5.00000000000000000000000000000000] [APT] [{FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}] (...) -- C:\Program Files\Gabest\VobSub\subresync.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [294] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 29 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 278 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 217 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ---A- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ---A- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ---A- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ---A- . (...) -- C:\zoek-results.log [1140]
~ Files: 48 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{018be851-7954-11e3-aa30-00270e389cbd}\AutoRun\command. (...) -- F:\autostart.exe
O51 - MPSK:{5ad13eec-386d-11e3-996d-00270e389cbd}\AutoRun\command. (...) -- F:\wubi.exe (.not file.)
O51 - MPSK:{c90e759d-abfc-11e2-ae4e-806e6f6e6963}\AutoRun\command. (.Macromedia, Inc. - Macromedia Flash Player 8.0 r22.) -- E:\SpeakUP.exe
~ Keys: Scanned in 00mn 02s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:11/04/2014 - 18:32:43 ---A- . (.Baidu, Inc. - Baidu Antivirus Hook Base.) -- C:\Windows\System32\Drivers\Bhbase.sys [47456]
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 85 Legitimates Filtered in 00mn 03s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 30/08/2011 390504 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SR - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 12s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 12s



---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:uTorrent =>P2P.BitTorrent^
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 313764 Items scanned in 00mn 23s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s



~ 926 Legitimates filtered by white list
End of the scan (538 lines in 01mn 40s)(0)
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 20:54

 Sugiro que desinstale o Bonjour, que costuma deixar o Windows mais lento.
____________________________________________________________________________________________________________

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________

 Faça o download do Usbfix neste link (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Você precisa estar registrado e conectado para ver esta imagem.]

Utilize o USBFix conforme é mostrado nesta postagem:

Tutorial do USBFix
_____________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.(começando em script zhpfix e indo até emptyclsid)
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o relatório do USBFix que estará em C:\UsbFix.txt


Última edição por Power Max em Qui 22 Maio 2014, 23:57, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) Como remover Baidu Antivirus do PC

Mensagem por natanalves em Qui 22 Maio 2014, 23:16

############################## | UsbFix V 7.171 | [Limpar]

Usuário: Cristiane (Administrador) # CRISTIANE-PC
Atualizado em 18/05/2014 por El Desaparecido - SosVirus
Começou em 23:07:58 | 22/05/2014

Site : [Você precisa estar registrado e conectado para ver este link.]
Changelog : [Você precisa estar registrado e conectado para ver este link.]
Asistencia : [Você precisa estar registrado e conectado para ver este link.]
Upload Malware : [Você precisa estar registrado e conectado para ver este link.]
Contato : [Você precisa estar registrado e conectado para ver este link.]

PC: Intel Corporation (DQ45CB)
CPU: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz
RAM -> [Total : 3261 Mo| Free : 1784 Mo]
Bios: Intel Corp.
Boot: Normal boot

OS: Microsoft Windows 7 Professional  (6.1.7601 32-Bit) Service Pack 1
WB: Windows Internet Explorer : 11.0.9600.17107
WB: Google Chrome : 34.0.1847.137
WB: Mozilla Firefox : 26.0

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [(!) Disabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: avast! Antivirus [(!) Disabled | Updated]
FW: avast! Antivirus [(!) Disabled]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) -> Disco fixo # 293 Gb (129 Mb livre - 44%) [] # NTFS
D:\ -> Disco fixo # 1570 Gb (855 Mb livre - 54%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM

################## | Processos parados |

C:\PROGRA~1\GbPlugin\gbpsv.exe (ID: 792|ParentID: 556)
C:\Windows\System32\spoolsv.exe (ID: 1624|ParentID: 556|SISTEMA)
C:\Windows\explorer.exe (ID: 1816|ParentID: 1800|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1928|ParentID: 556|Cristiane)
C:\Program Files\SUPERAntiSpyware\SASCore.exe (ID: 1992|ParentID: 556|SISTEMA)
C:\Windows\System32\AEADISRV.EXE (ID: 2012|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2040|ParentID: 556|SISTEMA)
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe (ID: 416|ParentID: 556|SISTEMA)
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (ID: 856|ParentID: 556|SISTEMA)
C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (ID: 1844|ParentID: 556|SISTEMA)
C:\Windows\System32\hkcmd.exe (ID: 3188|ParentID: 1816|Cristiane)
C:\Windows\System32\igfxpers.exe (ID: 3220|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe (ID: 3388|ParentID: 1816|Cristiane)
C:\Users\Cristiane\AppData\Roaming\Dropbox\bin\Dropbox.exe (ID: 3404|ParentID: 1816|Cristiane)
C:\Windows\System32\SearchIndexer.exe (ID: 4032|ParentID: 556|SISTEMA)
C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 1764|ParentID: 556|SERVIÇO DE REDE)
C:\Windows\System32\msiexec.exe (ID: 3344|ParentID: 556|SISTEMA)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 6076|ParentID: 1816|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 2888|ParentID: 6076|Cristiane)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3164|ParentID: 6076|Cristiane)
C:\Windows\System32\taskhost.exe (ID: 1988|ParentID: 556|Cristiane)
C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe (ID: 5596|ParentID: 1892|Cristiane)
C:\Program Files\Windows Defender\MpCmdRun.exe (ID: 3120|ParentID: 3600|SERVIÇO DE REDE)
C:\Windows\System32\taskhost.exe (ID: 3736|ParentID: 556|SERVIÇO LOCAL)
C:\Windows\System32\notepad.exe (ID: 5732|ParentID: 5092|Cristiane)

################## | Autorun |


################## | Procura genérica |


(!) Ficheiros temporários suprimido.

################## | Registro |

Reparado ! HKLM\Software\Microsoft\Security Center|UacDisableNotify -> 0
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{018be851-7954-11e3-aa30-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{5ad13eec-386d-11e3-996d-00270e389cbd}
Supprimido ! HKU\S-1-5-21-2278793192-2799666863-1724067060-1000\Software\.\.\.\.\Mountpoints2\{c90e759d-abfc-11e2-ae4e-806e6f6e6963}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-18\..\RunOnce : [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[11/01/2014 - 21:23:32 | N | 3 Ko] - C:\log.txt
[10/06/2009 - 18:42:20 | N | 0 Ko] - C:\config.sys
[22/05/2014 - 22:53:50 | ASH | 2504088 Ko] - C:\hiberfil.sys
[22/05/2014 - 22:53:55 | ASH | 3338788 Ko] - C:\pagefile.sys
[01/10/2013 - 18:19:26 | N | 120 Ko] - C:\Acknowledgements.rtf
[08/12/2013 - 12:33:45 | D] - C:\iTunes.Resources
[08/12/2013 - 12:33:46 | D] - C:\iTunesHelper.Resources
[08/12/2013 - 12:33:47 | D] - C:\iTunesMiniPlayer.Resources
[01/10/2013 - 18:15:34 | N | 110 Ko] - C:\ITDetector.ocx
[22/05/2014 - 23:00:07 | D] - C:\Config.Msi
[15/08/2013 - 17:09:48 | N | 0 Ko] - C:\.mp4
[17/08/2013 - 14:55:56 | N | 0 Ko] - C:\.mp3
[17/08/2013 - 14:56:09 | N | 0 Ko] - C:\[1].mp3
[14/03/2014 - 21:35:30 | N | 3 Ko] - C:\fraglist.luar
[22/05/2014 - 16:38:35 | N | 39 Ko] - C:\zoek-results2014-05-22-193835.log
[22/05/2014 - 19:56:42 | N | 20 Ko] - C:\zoek-results2014-05-22-225642.log
[22/05/2014 - 20:12:41 | N | 3 Ko] - C:\zoek-results2014-05-22-231241.log
[22/05/2014 - 20:17:48 | N | 1 Ko] - C:\zoek-results.log
[02/04/2014 - 17:38:46 | N | 0 Ko] - C:\Archive.ini
[02/11/2013 - 00:29:44 | N | 9560 Ko | VirusTotal - (0/53)] - C:\iTunes.exe
[02/11/2013 - 00:29:44 | N | 149 Ko | VirusTotal - (0/53)] - C:\iTunesHelper.exe
[01/10/2013 - 18:15:32 | N | 1700 Ko | VirusTotal - (0/48)] - C:\iAdCore.dll
[02/11/2013 - 00:29:34 | N | 634 Ko | VirusTotal - (0/48)] - C:\iPodUpdaterExt.dll
[02/11/2013 - 00:29:34 | N | 758 Ko | VirusTotal - (0/49)] - C:\gnsdk_sdkmanager.dll
[02/11/2013 - 00:29:34 | N | 215 Ko | VirusTotal - (0/42)] - C:\gnsdk_musicid.dll
[02/11/2013 - 00:29:34 | N | 2938 Ko | VirusTotal - (0/47)] - C:\gnsdk_dsp.dll
[02/11/2013 - 00:29:34 | N | 257 Ko | VirusTotal - (0/47)] - C:\gnsdk_submit.dll
[02/11/2013 - 00:29:36 | N | 24853 Ko | VirusTotal - (0/49)] - C:\iTunes.dll
[02/11/2013 - 00:29:44 | N | 396 Ko | VirusTotal - (0/49)] - C:\iTunesAdmin.dll
[02/11/2013 - 00:29:44 | N | 115 Ko | VirusTotal - (0/49)] - C:\iTunesMiniPlayer.dll
[02/11/2013 - 00:29:44 | N | 145 Ko | VirusTotal - (0/49)] - C:\iTunesHelper.dll
[02/11/2013 - 00:29:46 | N | 286 Ko | VirusTotal - (0/49)] - C:\iTunesOutlookAddIn.dll
[22/05/2014 - 16:38:42 | SHD] - C:\$RECYCLE.BIN
[10/06/2009 - 18:42:20 | A | 0 Ko] - C:\autoexec.bat
[13/07/2009 - 23:37:05 | D] - C:\PerfLogs
[14/07/2009 - 01:53:55 | SHD] - C:\Documents and Settings
[23/04/2013 - 07:09:50 | D] - C:\Arquivos de Programas
[23/04/2013 - 07:09:50 | SHD] - C:\Recovery
[23/04/2013 - 07:12:15 | D] - C:\Users
[23/04/2013 - 18:27:01 | RHD] - C:\MSOCache
[20/08/2013 - 01:42:48 | D] - C:\Intel
[08/12/2013 - 12:33:00 | D] - C:\CD Configuration
[08/12/2013 - 12:33:48 | D] - C:\Mozilla Plugins
[29/01/2014 - 18:48:00 | D] - C:\Documents
[06/03/2014 - 17:07:54 | N | 0 Ko] - C:\asc_rdflag
[22/05/2014 - 16:10:10 | D] - C:\AdwCleaner
[22/05/2014 - 19:54:56 | D] - C:\zoek_backup
[22/05/2014 - 19:54:56 | HD] - C:\ProgramData
[22/05/2014 - 22:56:58 | SHD] - C:\System Volume Information
[22/05/2014 - 22:59:47 | D] - C:\Windows
[22/05/2014 - 23:00:07 | D] - C:\Program Files
[22/05/2014 - 23:06:20 | D] - C:\UsbFix

################## | D:\ - Disco fixo (NTFS) |

[23/02/2014 - 14:21:53 | N | 10 Ko] - D:\English_Grammar_in_Use_Extra_content_InstallLog.log
[21/12/2011 - 07:34:38 | N | 94 Ko] - D:\Installation instructions.doc
[23/04/2013 - 20:09:22 | SHD] - D:\$RECYCLE.BIN
[23/04/2013 - 18:42:53 | SHD] - D:\System Volume Information
[25/05/2013 - 21:33:20 | D] - D:\aaaaHD SAMSUNG
[28/07/2013 - 23:38:26 | D] - D:\retiro pr vitor
[05/08/2013 - 21:53:27 | D] - D:\pinnacle
[08/12/2013 - 11:34:01 | D] - D:\Natan Dropbox
[01/02/2014 - 13:54:41 | D] - D:\Filmes HD
[23/02/2014 - 11:51:00 | D] - D:\temp
[23/02/2014 - 11:51:38 | D] - D:\English Grammar in Use Extra
[23/02/2014 - 11:51:59 | D] - D:\jre
[23/02/2014 - 14:21:53 | D] - D:\Uninstall_English Grammar in Use Extra content
[21/03/2014 - 18:00:05 | D] - D:\iPod Photo Cache
[17/04/2014 - 09:41:27 | D] - D:\BaiduDownloads
[17/04/2014 - 09:41:27 | D] - D:\Program files
[18/05/2014 - 20:08:31 | D] - D:\natane
[22/05/2014 - 16:21:42 | D] - D:\download

################## | Vaccin |

D:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | [Você precisa estar registrado e conectado para ver este link.] | [Você precisa estar registrado e conectado para ver este link.] |
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

ZHPFix

Mensagem por natanalves em Qui 22 Maio 2014, 23:16

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Cristiane at 22/05/2014 23:11:41
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (03mn 11s)
Reparação de atalhos do navegador

========== Valores do Registo ==========
ELIMINÉ RunValue: tsnp2uvc.exe
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\bhbase.sys
ELIMINÉ Temporários windows (111) (1.755.058 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: {02F56846-D053-4F6F-8F8E-0BE72F9D1833}
ELIMINÉ: {5E6027CB-ABD1-47F4-9987-D641E4E55B0D}
ELIMINÉ: {8E9FB0FA-C9AC-4315-B979-0E238EC44B10}
ELIMINÉ: {9E48E05E-75BD-4918-B39D-E8CDBCBDAB81}
ELIMINÉ: {B654CBDE-ED26-4F1C-BE8F-F9B38524FE46}
ELIMINÉ: {B9CF45BE-1615-460D-ACD6-237E2043E66C}
ELIMINÉ: {FA1BE6EF-3A64-44DF-9B5F-ACF945C05906}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
7 : Valores do Registo
1 : Pastas
3 : Ficheiros
9 : Tarefa planificada
1 : Restauração Sistema


End of clean in 03mn 35s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cristiane\AppData\Roaming\ZHP\ZHPFix[R1].txt - 22/05/2014 23:14:52 [1572]
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 23:19

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Qui 22 Maio 2014, 23:22

~ Relatório do ZHPDiag v2014.5.22.71 - Nicolas Coolman (22/05/2014)
~ Iniciado por Cristiane (22/05/2014 23:20:08)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
MFIE: Mozilla Firefox 26.0
GCIE: Google Chrome v34.0.1847.137 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2013
SUPERAntiSpyware v5.7.1016
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v4.09

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3260 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 129 GB (44%) free of 293 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CRISTIANE-PC
~ User Name: Cristiane
~ All Users Names: HomeGroupUser$, Cristiane, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Cristiane\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Cristiane\AppData\Roaming\
~ %Desktop% : C:\Users\Cristiane\Desktop\
~ %Favorites% : C:\Users\Cristiane\Favorites\
~ %LocalAppData% : C:\Users\Cristiane\AppData\Local\
~ %StartMenu% : C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 129 Go of 293 Go)
D: Hard drive, Flash drive, Thumb drive (Free 855 Go of 1570 Go)
E: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.E4E829EE073E046B0EB19B5FECB19B8C] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 02:41:49.) -- C:\Windows\System32\wininet.dll [1789440]
[MD5.998507B046BA314CE8245364C686FA67] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:17:02.) -- C:\Windows\System32\Winlogon.exe [304128]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/1885
~ Mes musiques (My Musics) : 4/2166
~ Mes Videos (My Videos) : 2/104
~ Mes Favoris (My Favorites) : 1/23
~ Mes Documents (My Documents) : 2/1888
~ Mon Bureau (My Desktop) : 2/643
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 06s



---\\ Processos lançados
[MD5.CC42F104172B4A62793083D380867317] - (.AVAST Software - avast! Service.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344] [PID.1436]
[MD5.FA18468460906465C6A181904F5B706B] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastui.exe [3774312] [PID.3328]
[MD5.A63DC5C2EA944E6657203E0C8EDEAF61] - (.Microsoft Corporation - COM Surrogate.) -- C:\Windows\system32\DllHost.exe [7168] [PID.172]
[MD5.43B1125D14E8797FDA9D5E167EB50AE3] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files\GbPlugin\gbpsv.exe [528424] [PID.376]
[MD5.51F207D5A9E7B2E76BEE59C05CCC23C4] - (.SUPERAntiSpyware.com - Core Service.) -- C:\Program Files\SUPERAntiSpyware\SASCORE.exe [120088] [PID.4940]
[MD5.30E3850F303EAE5C364782EA78579CC9] - (.Apple Inc. - MobileDeviceService.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624] [PID.884]
[MD5.EEE470F2A771FC0B543BDEEF74FCECA0] - (.Microsoft Corporation - Windows® installer.) -- C:\Windows\system32\msiexec.exe [73216] [PID.348]
[MD5.345B1798395CEA9C178AFF1784FA2A37] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.5264]
[MD5.9827006052EDEBA43D3BA0B34523AD62] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7876608] [PID.1648]
[MD5.CF87A1DE791347E75B98885214CED2B8] - (.Microsoft Corporation - Serviço da Plataforma de Proteção de Softwa.) -- C:\Windows\system32\sppsvc.exe [3179520] [PID.3180]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Cristiane\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Cristiane\AppData\Roaming\Mozilla\Firefox\Profiles\cazhzzqa.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll (.not file.)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (...) -- C:\Users\Cristiane\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (.not file.)
~ Firefox Browser: 24 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (...) (No version) -- (.not file.)
~ IE Browser: 15 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! Online Security - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Cristiane]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{9315FE68-EF03-4CE6-A78E-1B3413781B82}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{ED835EB8-B158-421E-9679-E3319044E552}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 9 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2278793192-2799666863-1724067060-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
~ Drivers: 81 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GrafEq 2.13 (current user) - (.Pedagoguery Software Inc..) [HKCU] -- PSi GrafEq 2.13
O42 - Logiciel: Módulo de Proteção Santander 3.2.0.2 - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
~ Logic: 16 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKCU\Software\GrafEq]
[HKCU\Software\Huisendobler]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Kashu]
~ Key Software: 279 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 01/05/2013 - 17:59:38 - [] ----D C:\Program Files\AKKORD
O43 - CFD: 23/02/2014 - 11:52:28 - [] ----D C:\Users\Cristiane\AppData\Roaming\EnglishGrammarinUseExtra
O43 - CFD: 17/05/2013 - 16:59:12 - [] ----D C:\Users\Cristiane\AppData\Local\Ares
O43 - CFD: 21/05/2014 - 19:50:11 - [] ----D C:\Users\Cristiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GrafEq 2.13
~ Program Folder: 216 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.4ABAB0BECE840B0EA253026FC2A8B69C] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148520]
O44 - LFC:[MD5.BAA156A374B3789C9CECD55D127A214B] - 21/05/2014 - 00:54:56 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708740]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 22/05/2014 - 16:09:06 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.2987AE860C7A141EAC6075963F08DF29] - 22/05/2014 - 16:38:35 ----- . (...) -- C:\zoek-results2014-05-22-193835.log [39852]
O44 - LFC:[MD5.2C27F5EAC72D515B07ECBF54148AE43F] - 22/05/2014 - 19:56:42 ----- . (...) -- C:\zoek-results2014-05-22-225642.log [20615]
O44 - LFC:[MD5.B5045FA1992B3735ED1792894E5E98DE] - 22/05/2014 - 20:12:41 ----- . (...) -- C:\zoek-results2014-05-22-231241.log [2702]
O44 - LFC:[MD5.A3893B97B04BD11FC893D4EC4340DC4E] - 22/05/2014 - 20:17:48 ----- . (...) -- C:\zoek-results.log [1140]
~ Files: 45 Legitimates Filtered in 00mn 02s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files\GbPlugin\gbiehcef.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 23 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
~ MWPE Keys: 2 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:10/04/2010 - 14:06:42 ---A- . (.Analog Devices, Inc. - High Definition Audio Function Driver.) -- C:\Windows\System32\Drivers\ADIHdAud.sys [386048]
O58 - SDL:12/12/2013 - 11:07:33 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:09/01/2014 - 12:12:25 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180248] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:20:28 ----- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:14/03/2014 - 20:27:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [47192]
O58 - SDL:17/04/2014 - 09:40:08 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ----- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:11/02/2009 - 13:45:02 ----- . (.No owner - USBCAMD for Sonix UVC.) -- C:\Windows\System32\Drivers\sncduvc.sys [27264]
O58 - SDL:12/03/2009 - 11:21:36 ----- . (.No owner - UVC Camera Streaming Driver.) -- C:\Windows\System32\Drivers\snp2uvc.sys [3482112]
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [84248]
O58 - SDL:21/08/2013 - 01:31:38 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [182680]
O58 - SDL:13/07/2009 - 22:19:04 ----- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/12/2012 - 13:50:38 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl.sys [45056]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 84 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Você precisa estar registrado e conectado para ver este link.] - [Você precisa estar registrado e conectado para ver este link.] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/03/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
~ Legacy: 82 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {C4304BAC-BF69-49B8-8B32-58F0471DE8D0} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.27CDC28901B49FB54056D3A1B3550F0F] [SPRF][05/05/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins000.dat [12392]
[MD5.E42F69171FC971F2FDCD0DD6D2F57A65] [SPRF][05/12/2013] (...) -- C:\Users\Cristiane\AppData\Roaming\unins001.dat [32993]
[MD5.70F851F7A524071E13F17DC401A21906] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\AdwCleaner.exe [1326389]
[MD5.352E8561E633B17ED22012366721FFDC] [SPRF][22/05/2014] (...) -- C:\Users\Cristiane\Desktop\zoek.exe [1285120]
[MD5.5EE13AE2AA0DB4734657AEF582FED46C] [SPRF][04/04/2014] (...) -- C:\Program Files\YASU.exe [44544]
~ Files: 6 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{D1D2E351-8768-44D4-98CC-108B85361B95}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{853E8C1F-CD82-4C6A-9108-FBCAD93C5071}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Cristiane\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent-323-build-28705-baixaki-32-bits_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 120 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 15/07/2008 90112 | (AEADIFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\AEADISRV.exe
SS - | Auto 23/04/2013 136176 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 23/04/2013 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 02/11/2013 553288 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 25/10/2013 2151200 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
SS - | Demand 27/01/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 29/06/2007 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 27/06/2007 279848 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 16/04/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 10/10/2013 120088 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exe
SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/03/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:04/04/2014 - 19:54:27 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [717296]
~ Emulateurs: Scanned in 00mn 11s



---\\ Scâner Aditional (088)
Database Version : 13029 - (22/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 312977 Items scanned in 00mn 33s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Windows
~ MSI: 1 link(s) detected in 00mn 00s



~ 913 Legitimates filtered by white list
End of the scan (505 lines in 01mn 27s)(0)
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Qui 22 Maio 2014, 23:56

como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por natanalves em Sex 23 Maio 2014, 00:02

Creio que está bom Smile

Mas aceito todas as dicas possíveis pra varrer, melhorar e turbinar o pc haha
avatar
natanalves
Membro
Membro

Mensagens : 53
Reputação : 0
Data de inscrição : 21/05/2014

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Power Max em Sex 23 Maio 2014, 00:03

Você quer instalar o Kaspersky neste PC, não é mesmo? Tente instalá-lo e nos diga se correu tudo certo com a instalação.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Baidu Antivirus está em meu PC!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum