Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

por ahgramarin Sex 23 maio 2014, 09:56

Bom dia a todos do Forum PC Brasil. Bom estou com um problema que não consigo resolver. Fiz uma mudança de anti vírus do kis 2014 para o pure 3.0 porém não sei como e quando aconteceu que não consigo instalar o mesmo sem antes desinstalar o baidu anti vírus. Porém ele nao aparace em lugar algum na altura do campeonato devo esta cheio de vírus e outras pragas pois estou sem proteção nenhuma. Gostaria de saber que medidas devo tomar para solucionar este problema. Obrigado por me orientar a postar no lugar certo Power Max.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:06:06, on 23/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\PixArt\Pac207\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Windows 7\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_44130B045B9E62BB4535762DC67AACA4] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-21-1484466459-4244202861-2336252029-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1484466459-4244202861-2336252029-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (HKLM)
O15 - ESC Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Ave's 7StartButton Changer - {F791A188-699D-4FD4-955A-EB59E89B1907} - C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) - Unknown owner - C:\Windows\Installer\MSI673B.tmp
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

--
End of file - 10200 bytes

por **Power Max** Sex 23 maio 2014, 10:30

baidu - Kaspersky PURE 3.0 não instala por causa do anti vírus baidu 648673379

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

por ahgramarin Sex 23 maio 2014, 11:10

# AdwCleaner v3.210 - Relatório criado 23/05/2014 às 10:59:40
# Atualizado 19/05/2014 por Xplode
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)
# Usuário : Windows 7 - WINDOWS7-PC
# Executando de : C:\Users\Windows 7\Downloads\AdwCleaner (1).exe
# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Windows 7\AppData\Roaming\baidu

***** [ Atalhos ] *****

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{73BAB1EA-594C-4EEF-B127-F934BE4B8CBC}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Chave Deletedo : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mypublicwifi_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mypublicwifi_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKLM\Software\Freeze.com
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16490

-\\ Google Chrome v34.0.1847.137

[ Arquivo : C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Search Provider] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*************************

AdwCleaner[R0].txt - [1698 octets] - [25/09/2013 14:15:09]
AdwCleaner[R1].txt - [3542 octets] - [23/05/2014 10:57:55]
AdwCleaner[S0].txt - [1654 octets] - [25/09/2013 14:21:31]
AdwCleaner[S1].txt - [4717 octets] - [23/05/2014 10:59:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4777 octets] ##########

por **Power Max** Sex 23 maio 2014, 11:31

Desative temporariamente seu antivírus para evitar conflitos.

Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por ahgramarin Sex 23 maio 2014, 12:16

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Windows 7 on 23/05/2014 at 11:39:49,35.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows 7\Desktop\EnsisoftREste\zoe\zoek.com [Scan all users] [Script inserted]

==== System Restore Info ======================

23/05/2014 11:41:45 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\Users\Windows 7\.android deleted
C:\Program Files\GUMADD8.tmp deleted
C:\Program Files\MyFree Codec deleted
C:\Program Files\Microsoft Research deleted
C:\Users\Windows 7\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\InstallMate deleted
C:\PROGRA~2\Package Cache deleted
C:\Users\Windows 7\AppData\Local\cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\Users\Windows 7\Downloads\adt-bundle-windows-x86-20130729.zip deleted
C:\Windows\system32\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\System32\AI_RecycleBin deleted
C:\Users\Windows 7\Desktop\BACKUP_B13\Progamas\DeamonToll\SoftonicDownloader_para_daemon-tools.exe deleted
C:\Users\Windows 7\Desktop\BACKUP_B13\Progamas\Sony Vegas\SoftonicDownloader_para_sony-vegas.exe deleted

==== Folders Found ======================

2014-05-01 13:57:53 2014-05-02 18:52:41 -------- d-----w- C:\$RECYCLE.BIN\S-1-5-21-1484466459-4244202861-2336252029-1000\$RKX8YPH\Baidu Antivirus
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Windows 7\AppData\Roaming\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Windows 7\AppData\Roaming\baidu\Baidu Antivirus
2014-05-22 18:56:15 2014-05-22 19:01:42 -------- d-----w- C:\Program Files\Baidu Security
2014-05-22 19:01:42 2014-05-22 19:07:30 -------- d-----w- C:\Program Files\Baidu Security\Baidu Antivirus
2014-05-01 02:46:32 2014-05-22 19:02:18 -------- d-----w- C:\ProgramData\Baidu Security
2014-05-22 19:02:01 2014-05-22 19:04:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-09-30 17:23:23 2013-09-30 17:23:23 -------- d-----w- C:\Qoobox\Quarantine\C\ProgramData\Baidu Security
2013-09-30 17:23:44 2013-09-30 17:23:44 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security
2013-09-30 17:23:48 2013-09-30 17:23:48 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-09-30 17:23:44 2013-09-30 17:23:44 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-01 02:46:32 2014-05-22 19:02:18 -------- d-----w- C:\Users\All Users\Baidu Security
2014-05-22 19:02:01 2014-05-22 19:04:17 -------- d-----w- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2013-09-10 00:06:21 2013-09-10 00:06:21 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2014-05-01 13:55:11 2014-05-01 13:55:11 -------- d-----w- C:\Users\Windows 7\AppData\Local\temp\baidu_secure
2014-05-01 02:49:55 2014-05-01 02:49:55 -------- d-----w- C:\Users\Windows 7\AppData\Roaming\Baidu Security

==== Files Found ======================

--- C:\Users\Windows 7\AppData\Local\temp\ICReinstall_baidu-pc-faster-40768815-32-bits.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 628104
Created time: 2014-05-22 18:55:29
Modified time: 2014-05-22 18:55:29
MD5: C346E8E4D0B762CE96D74994C5CC513D
SHA1: BC269D82686A127A57FE1A90F976068DC06F9514

--- C:\Users\Windows 7\Downloads\baidu-pc-faster-40768815-32-bits.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 628104
Created time: 2014-05-22 18:51:18
Modified time: 2014-05-22 18:51:34
MD5: C346E8E4D0B762CE96D74994C5CC513D
SHA1: BC269D82686A127A57FE1A90F976068DC06F9514

--- C:\Windows\Prefetch\BAIDU-PC-FASTER-40768815-32-B-02D44FE2.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 95914
Created time: 2014-05-22 18:53:10
Modified time: 2014-05-22 18:55:36
MD5: B6E2764872C9C113496007354B64371C
SHA1: 7C42BA85F14A0A909DC8B224564EC743E15EECFE

--- C:\Windows\Prefetch\ICREINSTALL_BAIDU-PC-FASTER-4-4D656154.pf ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 73976
Created time: 2014-05-22 18:55:54
Modified time: 2014-05-22 18:55:54
MD5: 1D7539C26570412C5643C77D0BC2D3A7
SHA1: 9B0048A88F25BFA565008D61246D590320FD1BE3

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"="ICReinstall_baidu-pc-faster-40768815-32-bits.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\baidu-pc-faster-40768815-32-bits_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\baidu-pc-faster-40768815-32-bits_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ICReinstall_baidu-pc-faster-40768815-32-bits_RASAPI32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ICReinstall_baidu-pc-faster-40768815-32-bits_RASMANCS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"="Baidu Hook Base"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"="Baidu HipsEx Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\041814-27393-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\050114-21730-01.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130422641240296360.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130434292426648248.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu\Hao123-international]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu\Hao123-international\hao123desk]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]
"url"="http://sync.pcfaster.baidu.com/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.65301&userid=4b005eae8acc8a17bf52ec1b36d15702&old_userid=S1ZVJ60Z-485B39CEC749!e949812e-afbd-4abc-942f-cd28e488e1ea@#485B39CEC749&install_time=2014-05-01 02:49:24&parent_name="

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]
"url"="http://sync.security.baidu.co.th/cgi-bin-py/get_uninstall_channel_info.cgi?uninstall_channel=Baixaki|br|IBD|Bundle&version=4.0.5.65301&userid=4b005eae8acc8a17bf52ec1b36d15702&old_userid=S1ZVJ60Z-485B39CEC749!e949812e-afbd-4abc-942f-cd28e488e1ea@#485B39CEC749&install_time=2014-05-01 02:49:24&parent_name="

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\Setup]

"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=dword:00000001
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=dword:00000001

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\041814-27393-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\050114-21730-01.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130422641240296360.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130434292426648248.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [26/08/2013 15:00]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{2e809829-ca82-4916-af11-f291a41fbe64}"="C:\Program Files\LyricsBot\130.xpi" []

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ejopbmigmdcagojhogeadfbpipbcblmk - C:\Program Files\LyricsBot\130.crx[]
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

WOT - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
FlashBlock - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl
Windows Media Player Extension for HTML5 - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak
RealDownloader - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Desprotetor de Links - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
Google Wallet - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
AT_DJTiesto - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip
REC - Rastreamento de Encomendas dos Correios - Windows 7\AppData\Local\Google\Chrome\User Data\Default\Extensions\omhclojepaohhgmelpgpnbekblifihoh

==== Chrome Fix ======================

C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage deleted successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal deleted successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mypublicwifi.softonic.com.br_0.localstorage deleted successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mypublicwifi.softonic.com.br_0.localstorage-journal deleted successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage deleted successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.softonic.com.br_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"start page"="https://encrypted.google.com/"
"Search Page"="http://www.oquefazernainternet.com/"
"Search Bar"="http://www.oquefazernainternet.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.oquefazernainternet.com/"
"Search Page"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.oquefazernainternet.com/q/%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.oquefazernainternet.com/"
"CustomizeSearch"="http://www.oquefazernainternet.com/"
"Default_Search_URL"="http://www.oquefazernainternet.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"start page"="https://encrypted.google.com/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{EFA27348-E879-4907-9783-B1D0956D3E33} O que fazer na internet? Url="http://www.oquefazernainternet.com/q/{searchTerms}"

==== Reset Google Chrome ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Mozilla\Firefox\Extensions\{2e809829-ca82-4916-af11-f291a41fbe64} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Windows 7\Desktop\Ace Combat_AH.exe - Atalho.lnk - C:\Program Files\ACE COMBAT ASSAULT HORIZON Enhanced Edition\Ace Combat_AH.exe
C:\Users\Windows 7\Desktop\Adobe Photoshop CS6.lnk - C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe
C:\Users\Windows 7\Desktop\Cheat Engine.lnk - C:\Cheat Engine 6.3\Cheat Engine.exe
C:\Users\Windows 7\Desktop\ComboFix.exe - Atalho.lnk - C:\Users\Windows 7\Desktop\gmer\ComboFix.exe
C:\Users\Windows 7\Desktop\CorelDRAW X4.lnk - c:\Windows\Installer\{7F05E704-30A6-421A-97A7-8EEB1C7FF013}\NewShortcut1.exe
C:\Users\Windows 7\Desktop\HawkenLauncher.exe - Atalho.lnk - C:\Program Files\MeteorEntertainment\Hawken\InstalledHawkenFiles\HawkenLauncher.exe
C:\Users\Windows 7\Desktop\MPC-HC.lnk - C:\Program Files\MPC-HC\mpc-hc.exe
C:\Users\Windows 7\Desktop\PlagueInc.lnk - C:\Games\PlagueInc\PlagueIncEvolved.exe
C:\Users\Windows 7\Desktop\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\Users\Windows 7\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Windows 7\Desktop\Shipping-ThiefGame.exe - Atalho.lnk - C:\Users\Windows 7\Downloads\Thief-SKIDROWCRACK\Binaries\Win32\Shipping-ThiefGame.exe
C:\Users\Windows 7\Desktop\µTorrent.lnk -
C:\Users\Windows 7\Desktop\BACKUP_B13\HD\Meus documentos\Minhas imagens\Amostras de imagens.lnk -
C:\Users\Windows 7\Desktop\BACKUP_B13\HD\Meus documentos\Minhas músicas\Amostra de música.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\CorelDRAW X6.lnk - c:\Windows\Installer\{C5262276-0075-498B-B80F-7D997482E4DB}\NewShortcut1.exe
C:\Users\Public\Desktop\DAEMON Tools Pro.lnk - C:\Program Files\DAEMON Tools Pro\DTPro.exe
C:\Users\Public\Desktop\DarkMatter Gamma Ray.lnk - C:\Program Files\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\Hyperdesk Engine\HyperdeskEngine.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\Hacker Evolution Duality.lnk - C:\Hacker Evolution Duality\Hacker Evolution Duality.exe
C:\Users\Public\Desktop\Hacker Evolution Untold.lnk - C:\Program Files\Hacker Evolution Untold\Hacker Evolution Untold.exe
C:\Users\Public\Desktop\Hitman Absolution.lnk - C:\Program Files\Hitman Absolution\HMA.exe
C:\Users\Public\Desktop\Hitman Sniper Challenge.lnk - C:\Program Files\Square Enix\Hitman Sniper Challenge\HMSC.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series Scan.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPScan.exe
C:\Users\Public\Desktop\HP Deskjet 2050 J510 series.lnk - C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HP Deskjet 2050 J510 series.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk - C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Users\Public\Desktop\RealPlayer.lnk - C:\Program Files\Real\RealPlayer\realplay.exe /launch:desktop
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files\Steam\Steam.exe
C:\Users\Public\Desktop\Video Search.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe /VIDEOSEARCH

==== shortcuts in Users Start Menu ======================

C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars\Network Status.lnk - C:\Program Files\PokerStars\Tracer.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars\PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUpdate.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars\Uninstall PokerStars.lnk - C:\Program Files\PokerStars\PokerStarsUninstall.exe /u:PokerStars
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunter
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter Emergency Startup.lnk - C:\Windows\explorer.exe "C:\Program Files\Enigma Software Group\SpyHunter\SH4.com"
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk - C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk - C:\Windows\System32\msiexec.exe /X {DB847E94-446B-49E0-AC5D-C5627EC8B0C0}

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless\Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ralink Wireless\Uninstall - RT6x.lnk - C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe -runfromtemp -removeonly
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\DarkMatter Gamma Ray Extras.lnk - C:\Program Files\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\DarkMatter Gamma Ray Extras
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\Hyperdesk - DarkMatter Gamma Ray.lnk - C:\Program Files\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\Hyperdesk Engine\HyperdeskEngine.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\Uninstall Hyperdesk - DarkMatter Gamma Ray.lnk - C:\Windows\System32\msiexec.exe /passive /norestart /x {13550D11-1C3B-4585-A27B-9880BB1DA05D}

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk - C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gerenciador de Tarefas do Windows (2).lnk - C:\Windows\System32\taskmgr.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Gerenciador de Tarefas do Windows.lnk - C:\Windows\System32\taskmgr.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Windows 7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\ejopbmigmdcagojhogeadfbpipbcblmk deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Megacubo deleted successfully

==== Empty IE Cache ======================

C:\Users\Windows 7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Windows 7\AppData\Local\temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Windows 7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Default\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Default User\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\USURIO~1\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=443 folders=77 507878784 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\Windows 7\AppData\Local\temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Reset Hosts File ======================

Hosts File Reset Successfully

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\WINDOW~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Windows 7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 23/05/2014 at 12:09:38,93 ======================

por **Power Max** Sex 23 maio 2014, 18:58

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por ahgramarin Sex 23 maio 2014, 21:41

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Windows 7 on 23/05/2014 at 21:27:19,11.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows 7\Desktop\EnsisoftREste\zoe\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-23-150938.log 41147 bytes

==== System Restore Info ======================

23/05/2014 21:29:08 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bhbase deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BHipsEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\baidu-pc-faster-40768815-32-bits_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\baidu-pc-faster-40768815-32-bits_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ICReinstall_baidu-pc-faster-40768815-32-bits_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ICReinstall_baidu-pc-faster-40768815-32-bits_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BHBASE\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bhbase]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHipsEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\041814-27393-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\050114-21730-01.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130422641240296360.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130434292426648248.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu\Hao123-international]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu\Hao123-international\hao123desk]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]
"url"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]
"url"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Statistic]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\UUReport]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\DataReport]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\Setup]
"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=-
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\Setup]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\041814-27393-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\050114-21730-01.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130422641240296360.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130434292426648248.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\$RECYCLE.BIN\S-1-5-21-1484466459-4244202861-2336252029-1000\$RKX8YPH\Baidu Antivirus not found
C:\Users\Windows 7\AppData\Local\temp\baidu_secure not found
"C:\Users\Windows 7\AppData\Local\temp\ICReinstall_baidu-pc-faster-40768815-32-bits.exe" not found
"C:\Windows\Prefetch\BAIDU-PC-FASTER-40768815-32-B-02D44FE2.pf" not found
"C:\Windows\Prefetch\ICREINSTALL_BAIDU-PC-FASTER-4-4D656154.pf" not found
C:\Program Files\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Users\Windows 7\AppData\Roaming\Baidu Security deleted
"C:\Users\Windows 7\Downloads\baidu-pc-faster-40768815-32-bits.exe" deleted

==== Folders Found ======================

2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Windows 7\AppData\Roaming\baidu
2014-05-23 13:59:41 2014-05-23 13:59:41 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Windows 7\AppData\Roaming\baidu\Baidu Antivirus
2013-09-30 17:23:23 2013-09-30 17:23:23 -------- d-----w- C:\Qoobox\Quarantine\C\ProgramData\Baidu Security
2013-09-30 17:23:44 2013-09-30 17:23:44 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security
2013-09-30 17:23:48 2013-09-30 17:23:48 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-09-30 17:23:44 2013-09-30 17:23:44 -------- d-----w- C:\Qoobox\Quarantine\C\Users\Windows 7\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-24 00:31:22 2014-05-24 00:31:22 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security
2014-05-24 00:31:22 2014-05-22 19:07:30 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security_Baidu Antivirus
2014-05-24 00:31:22 2014-05-24 00:31:22 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-24 00:31:22 2014-05-22 19:04:17 -------- d---a-w- C:\zoek_backup\C_ProgramData_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-24 00:31:23 2014-05-24 00:31:23 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-24 00:31:23 2014-05-22 19:04:17 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Microsoft_Windows_Start Menu_Programs_Baidu Antivirus
2014-05-24 00:31:23 2014-05-24 00:31:23 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-24 00:31:23 2014-05-24 00:31:23 -------- d---a-w- C:\zoek_backup\C_Users_Windows 7_AppData_Roaming_Baidu Security
2014-05-24 00:31:22 2014-05-22 19:07:30 -------- d---a-w- C:\zoek_backup\C_Program Files_Baidu Security\Baidu Antivirus

==== Files Found ======================

--- C:\zoek_backup\C_Users_Windows 7_Downloads_baidu-pc-faster-40768815-32-bits.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 628104
Created time: 2014-05-24 00:31:23
Modified time: 2014-05-22 18:51:34
MD5: C346E8E4D0B762CE96D74994C5CC513D
SHA1: BC269D82686A127A57FE1A90F976068DC06F9514

==== Registry Search Results for "Baidu" ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]

"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=dword:00000001
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=dword:00000001

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=448 folders=104 508542593 bytes)

==== EOF on 23/05/2014 at 21:35:19,98 ======================

por **Power Max** Sex 23 maio 2014, 23:07

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por ahgramarin Sex 23 maio 2014, 23:25

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Windows 7 on 23/05/2014 at 23:15:20,60.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows 7\Desktop\EnsisoftREste\zoe\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-23-150938.log 41147 bytes
C:\zoek-results2014-05-24-003519.log 22424 bytes

==== System Restore Info ======================

23/05/2014 23:16:47 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19711443]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]
"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=-
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install\19712286]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1001\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=dword:00000001
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=dword:00000001

==== C:\zoek_backup content ======================

C:\zoek_backup (files=448 folders=104 508542593 bytes)

==== EOF on 23/05/2014 at 23:18:07,43 ======================

por **Power Max** Sex 23 maio 2014, 23:30

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por ahgramarin Sex 23 maio 2014, 23:36

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Windows 7 on 23/05/2014 at 23:34:19,36.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows 7\Desktop\EnsisoftREste\zoe\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-23-150938.log 41147 bytes
C:\zoek-results2014-05-24-003519.log 22424 bytes
C:\zoek-results2014-05-24-021807.log 3670 bytes

==== System Restore Info ======================

23/05/2014 23:34:47 Zoek.exe System Restore Point Created Succesfully.

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]
[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]
"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=-
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=-
[-HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0\Install]

==== Registry Search Results for "Baidu" ======================

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-1484466459-4244202861-2336252029-1000\Software\Baidu Security\PC Faster\4.0.0.0]

"SIGN.MEDIA=2BB44BE SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\SpyHunter v4.15.1.4270 Incl Crack - [MUMBAI]\\spyhunterS4.exe"=dword:00000001
"C:\\Users\\Windows 7\\Downloads\\baidu-pc-faster-40768815-32-bits.exe"=dword:00000001

==== C:\zoek_backup content ======================

C:\zoek_backup (files=448 folders=104 508542593 bytes)

==== EOF on 23/05/2014 at 23:36:04,11 ======================

por **Power Max** Sex 23 maio 2014, 23:41

Baixe o programa Junkware Removal Tool no link abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

por ahgramarin Sex 23 maio 2014, 23:55

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Windows 7 on 23/05/2014 at 23:49:51,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/05/2014 at 23:54:37,71
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

por **Power Max** Sex 23 maio 2014, 23:56

baidu - Kaspersky PURE 3.0 não instala por causa do anti vírus baidu 772309

Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

por ahgramarin Sáb 24 maio 2014, 00:04

~ Relatório do ZHPDiag v2014.5.23.72 - Nicolas Coolman (23/05/2014)
~ Iniciado por Windows 7 (24/05/2014 00:00:19)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.04

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3583 MB (43% free)
System Restore: Activé (Enable)
System drive C: has 124 GB (26%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WINDOWS7-PC
~ User Name: Windows 7
~ All Users Names: Windows 7, UpdatusUser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Windows 7\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Windows 7\AppData\Roaming\
~ %Desktop% : C:\Users\Windows 7\Desktop\
~ %Favorites% : C:\Users\Windows 7\Favorites\
~ %LocalAppData% : C:\Users\Windows 7\AppData\Local\
~ %StartMenu% : C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 124 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/06/2013 - 12:58:31.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/36
~ Mes Videos (My Videos) : 7/2112
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/186
~ Mon Bureau (My Desktop) : 3/48820
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 18s

---\\ Processos lançados
[MD5.5CC17E58897698D2E29C1FC2CF9013D6] - (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [6427008] [PID.1332] =>Crapware.SpyHunter
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2212]
[MD5.18A60DCA97EAC258ED4AC781374DC093] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896] [PID.2784]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2860]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.2892]
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488] [PID.2928]
[MD5.14AF592458BBE1EA6252C532833FC52E] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.4020]
[MD5.02555AAE46B904A77A4E48E0FD11EA1B] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [382272] [PID.2876]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4892]
[MD5.2BE28172DB7CB4C3AB8AC061D5420316] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.5736]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [okmcbgkkeagngnijeiighgblfljbekip] AT_DJTiesto v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [omhclojepaohhgmelpgpnbekblifihoh] REC - Rastreamento de Encomendas dos Correios v.0.3 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 03s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKLM] [@pandonetworks.com/PandoWebPlugin] - (...) -- C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (.not file.)
~ Firefox Browser: 18 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Windows 7]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Windows 7]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_44130B045B9E62BB4535762DC67AACA4] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1484466459-4244202861-2336252029-1000\..\Run: [GoogleChromeAutoLaunch_44130B045B9E62BB4535762DC67AACA4] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {F791A188-699D-4FD4-955A-EB59E89B1907} . (.AveApps, Andreas Verhoeven - Dynamic Start Button Changer.) -- C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) . (...) - C:\Windows\Installer\MSI673B.tmp" -service (.not file.)
~ Services: 16 Legitimates Filtered in 00mn 09s

---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{10ED8A52-F718-4702-A0BE-E300844E09CC}] (...) -- C:\Users\Windows 7\Downloads\witcher\Witc.2_RU.EN.PL_R.G.Catalyst\Witcher 2_RU.EN.PL_R.G.Catalyst\Support\VC\vcredist_x64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{ADFF125D-670D-4412-A759-0DD54255922D}] (...) -- C:\Users\Windows 7\Desktop\witcher\Witc.2_RU.EN.PL_R.G.Catalyst\Witc.2_RU.EN.PL_R.G.Catalyst\Witcher 2_RU.EN.PL_R.G.Catalyst\Support\VC\vcredist_x64.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C4B7088A-30C1-42F9-AB3F-BC979E23BF22}] (...) -- C:\Users\Windows 7\Desktop\witcher\Witc.2_RU.EN.PL_R.G.Catalyst\Witc.2_RU.EN.PL_R.G.Catalyst\Witcher 2_RU.EN.PL_R.G.Catalyst\Support\VC\vcredist_x86.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{E2280B30-20E0-42D1-B495-DBD8F51AD445}] (...) -- C:\Users\Windows 7\Desktop\Nova pasta\Nova pasta\Setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 03s

---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s

---\\ Software instalados (042)
O42 - Logiciel: CNPJ (PGD) - versão 3.8 - (...) [HKLM] -- PGD-CNPJ
O42 - Logiciel: HAWKEN - (.Adhesive Games.) [HKLM] -- Steam App 271290
O42 - Logiciel: Hacker Evolution Duality(remove only) - (...) [HKLM] -- HackerEvolutionDuality
O42 - Logiciel: Hacker Evolution: Untold (2.01.033)(remove only) - (...) [HKLM] -- HackerEvolutionUntold
O42 - Logiciel: Hawken - (.Meteor Entertainment.) [HKCU] -- Hawken
O42 - Logiciel: MKLOL - (...) [HKCU] -- MKLOL
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars
O42 - Logiciel: Windows 7 Codec Pack 4.0.1 - (.Windows 7 Codec Pack.) [HKLM] -- Windows 7 - Codec Pack
~ Logic: 24 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\FAIRLIGHT]
[HKCU\Software\Windows 7 - Codec Pack]
[HKCU\Software\ZD Soft]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\System Admin Scripting Guide]
[HKLM\Software\ZD Soft]
~ Key Software: 344 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/12/2013 - 17:33:18 - [0] ----D C:\Program Files\Black Box
O43 - CFD: 05/09/2013 - 20:00:08 - [] ----D C:\Program Files\Gamemaxx
O43 - CFD: 02/10/2013 - 01:17:34 - [] ----D C:\Program Files\Hacker Evolution Untold
O43 - CFD: 05/09/2013 - 04:29:55 - [] ----D C:\Program Files\Hit Malware
O43 - CFD: 10/09/2013 - 12:16:21 - [] ----D C:\Program Files\LicenseProxy
O43 - CFD: 29/04/2014 - 15:13:23 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 09/05/2014 - 22:19:28 - [] ----D C:\Program Files\PokerStars
O43 - CFD: 30/04/2014 - 23:55:01 - [] ----D C:\Program Files\Winhotspot
O43 - CFD: 20/10/2013 - 15:51:37 - [0] ----D C:\Program Files\ZD Soft
O43 - CFD: 18/07/2013 - 03:06:36 - [] ----D C:\ProgramData\FARO
O43 - CFD: 01/05/2014 - 01:29:00 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02/10/2013 - 02:46:20 - [] ----D C:\Users\Windows 7\AppData\Roaming\BoL
O43 - CFD: 02/10/2013 - 03:11:51 - [] ----D C:\Users\Windows 7\AppData\Roaming\LoLPlus
O43 - CFD: 06/09/2013 - 05:25:32 - [] ----D C:\Users\Windows 7\AppData\Roaming\MailFrontier
O43 - CFD: 01/05/2014 - 10:15:40 - [] ----D C:\Users\Windows 7\AppData\Local\DanuSoft
O43 - CFD: 01/05/2014 - 00:02:29 - [] ----D C:\Users\Windows 7\AppData\Local\mHotspot_Inc
O43 - CFD: 01/05/2014 - 00:25:00 - [] ----D C:\Users\Windows 7\AppData\Local\MyRouter_Inc
O43 - CFD: 09/05/2014 - 22:46:17 - [] ----D C:\Users\Windows 7\AppData\Local\PokerStars
O43 - CFD: 22/08/2013 - 01:41:56 - [] ----D C:\Users\Windows 7\AppData\Local\Spirograph_MV
O43 - CFD: 12/08/2013 - 20:31:20 - [] ----D C:\Users\Windows 7\AppData\Local\TempDiretório de backup SW
O43 - CFD: 23/02/2014 - 12:38:01 - [0] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 23/03/2014 - 22:06:54 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0
O43 - CFD: 09/05/2014 - 22:18:58 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
O43 - CFD: 02/05/2014 - 09:29:55 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 258 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.A64711C9CF690718EADA750370EC5EB2] - 09/05/2014 - 11:34:16 ---A- . (.Dmitry Streblechenko - Outlook Redemption COM library.) -- C:\Windows\System32\Redemption.dll [4659712]
O44 - LFC:[MD5.25489FD8CF19C3BE69FA6C0DFD1E0B61] - 20/05/2014 - 10:01:04 ---A- . (...) -- C:\Windows\win.ini [752]
O44 - LFC:[MD5.FE6D1684D1D3E1FEA219F72196A0AE7F] - 22/05/2014 - 15:07:36 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148366]
O44 - LFC:[MD5.E1A30D1E37AA663A19EE6478AB0DD139] - 22/05/2014 - 15:07:36 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708120]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 23/05/2014 - 10:58:20 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.77FD3D7BF7463831A3C83D576C66791B] - 23/05/2014 - 12:09:38 ---A- . (...) -- C:\zoek-results2014-05-23-150938.log [41147]
O44 - LFC:[MD5.DD54494B17DECC7E4BC759895DDE79ED] - 23/05/2014 - 21:35:19 ---A- . (...) -- C:\zoek-results2014-05-24-003519.log [22424]
O44 - LFC:[MD5.B6605261D2882077DC73CFA49C7F5EAC] - 23/05/2014 - 23:18:07 ---A- . (...) -- C:\zoek-results2014-05-24-021807.log [3670]
O44 - LFC:[MD5.37DD1B0040F006EBF2B6DB912BE25418] - 23/05/2014 - 23:36:04 ---A- . (...) -- C:\zoek-results.log [2208]
~ Files: 25 Legitimates Filtered in 00mn 02s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Controlo do Modo de Segurança (CSB) (49)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
~ CSB: 15 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/08/2004 - 09:56:20 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [5810]
O58 - SDL:01/05/2014 - 02:22:47 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [27248]
O58 - SDL:24/06/2013 - 08:59:53 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [233024]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [19984]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:22/02/2011 - 13:38:20 ---A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [26208]
O58 - SDL:05/12/2006 - 11:34:42 ---A- . (.PixArt Imaging Inc. - PFC027.) -- C:\Windows\System32\Drivers\PFC027.SYS [507136]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [443448]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 81 Legitimates Filtered in 00mn 01s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/05/2011 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 99 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {EFA27348-E879-4907-9783-B1D0956D3E33} - (O que fazer na internet?) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.BC5A0E25FA751D8950C737FD385E492E] [SPRF][29/08/2013] (...) -- C:\ProgramData\KGyGaAvL.sys [2516]
[MD5.659D829F1CD722B0F64036F840835785] [SPRF][01/01/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B7A30C97-DE8E-4B07-AA4D-73B1089756AC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2A037AF5-CDB2-4C96-AC25-F804E10BA7B2}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 00s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_1208-784bb9a0_RASAPI32 =>Adware.BrowseFox
HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_1208-784bb9a0_RASMANCS =>Adware.BrowseFox
HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASAPI32 =>PUP.Genesis
HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASMANCS =>PUP.Genesis
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Microsoft\Tracing\SpyHunter4_RASAPI32 =>Crapware.SpyHunter
HKLM\SOFTWARE\Microsoft\Tracing\SpyHunter4_RASMANCS =>Crapware.SpyHunter
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 430 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 18/07/2013 1064312 | (FlexNet Licensing Service) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 28/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/12/2012 12288 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 10/07/1658 0 | (HyperDeskCustomThemeEnabler) . (...) - C:\Windows\Installer\MSI673B.tmp" -service
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 27/08/2013 14573856 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 15/10/2013 664352 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 27/08/2013 2155296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17/07/2013 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 15/10/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 31/12/1999 27768 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [443448]
~ Emulateurs: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13029 - (23/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe =>Crapware.SpyHunter^
~ Additionnel Scan: 370395 Items scanned in 01mn 06s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BrowseFox
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.IMBooster
~ MSI: 3 link(s) detected in 00mn 00s

~ 990 Legitimates filtered by white list
End of the scan (522 lines in 02mn 15s)(0)

por **Power Max** Sáb 24 maio 2014, 00:23

Acesse o site [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] e envie este arquivo destacado em azul abaixo para ser analisado:
C:\Windows\System32\Drivers\ndisrd.sys

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
______________________________________________________________________________________

baidu - Kaspersky PURE 3.0 não instala por causa do anti vírus baidu 772309

Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

baidu - Kaspersky PURE 3.0 não instala por causa do anti vírus baidu 772309

Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

por ahgramarin Sáb 24 maio 2014, 14:39

Não aparece nada na barra. Mas deu essa mensagem no final.
This file was last analysed by VirusTotal on 2014-05-08 14:21:11 UTC, it was first analysed by VirusTotal on 2011-07-05 12:22:01 UTC.

Taxa de detecção: 0/52

Você pode visualizar a última análise ou analisá-lo novamente.

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
olha se é isso mesmo.
jaja te envio o outro log.

por ahgramarin Sáb 24 maio 2014, 14:44

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Windows 7 at 24/05/2014 14:42:33
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (01mn 05s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: Mozilla Plugin: @pandonetworks.com/PandoWebPlugin
ELIMINÉ Driver Key: Bnbase
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
ELIMINÉ O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\CleanHlp.sys . (...) -- C:\Windows\System32\Drivers\CleanHlp.sys (.not file.)
ELIMINÉ: SearchScopes :{EFA27348-E879-4907-9783-B1D0956D3E33}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_1208-784bb9a0_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\BrowseFox_1208-784bb9a0_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\Genesis_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup-NewVer_22april_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentUninstall_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\IminentUninstall_RASMANCS

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (125) (1.778.559 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {10ED8A52-F718-4702-A0BE-E300844E09CC}
ELIMINÉ: {ADFF125D-670D-4412-A759-0DD54255922D}
ELIMINÉ: {C4B7088A-30C1-42F9-AB3F-BC979E23BF22}
ELIMINÉ: {E2280B30-20E0-42D1-B495-DBD8F51AD445}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso

========== Recapitulativo ==========
14 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
2 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema

End of clean in 01mn 37s

========== Caminho do ficheiro do relatório ==========
C:\Users\Windows 7\AppData\Roaming\ZHP\ZHPFix[R1].txt - 24/05/2014 14:43:38 [2399]

por **Power Max** Sáb 24 maio 2014, 14:44

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek:

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

por ahgramarin Sáb 24 maio 2014, 14:55

Deu um erro grave aqui antes desta mgs deu tala azul e abriu uma contagem de 0 a 100 depois reiniciou sozinho.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Windows 7 on 24/05/2014 at 14:53:08,99.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows 7\Desktop\EnsisoftREste\zoe\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-23-150938.log 41147 bytes
C:\zoek-results2014-05-24-003519.log 22424 bytes
C:\zoek-results2014-05-24-021807.log 3670 bytes
C:\zoek-results2014-05-24-023604.log 2208 bytes

==== VirusTotal Scan ======================

C:\Windows\System32\Drivers\ndisrd.sys [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=448 folders=104 508542593 bytes)

==== EOF on 24/05/2014 at 14:55:19,67 ======================

por **Power Max** Sáb 24 maio 2014, 15:00

Abra novamente o ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

por ahgramarin Sáb 24 maio 2014, 15:05

~ Relatório do ZHPDiag v2014.5.23.72 - Nicolas Coolman (23/05/2014)
~ Iniciado por Windows 7 (24/05/2014 15:03:00)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user

---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
Kaspersky Internet Security 2013 v13.0.1.4190
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.04

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3583 MB (45% free)
System Restore: Activé (Enable)
System drive C: has 124 GB (26%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: WINDOWS7-PC
~ User Name: Windows 7
~ All Users Names: Windows 7, UpdatusUser, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Windows 7\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Windows 7\AppData\Roaming\
~ %Desktop% : C:\Users\Windows 7\Desktop\
~ %Favorites% : C:\Users\Windows 7\Favorites\
~ %LocalAppData% : C:\Users\Windows 7\AppData\Local\
~ %StartMenu% : C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 124 Go of 466 Go)
D: CD-ROM drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)

---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.6A25377A76479A0C0BF3DB6FC42FE09A] - (.Microsoft Corporation - Internet Extensions para Win32.) (.13/06/2013 - 12:58:31.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 07:24:46.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes musiques (My Musics) : 1/36
~ Mes Videos (My Videos) : 7/2112
~ Mes Favoris (My Favorites) : 1/22
~ Mes Documents (My Documents) : 1/186
~ Mon Bureau (My Desktop) : 3/48821
~ Menu demarrer (Programs) : 1/46
~ Hidden Files: Scanned in 00mn 17s

---\\ Processos lançados
[MD5.5CC17E58897698D2E29C1FC2CF9013D6] - (.Enigma Software Group USA, LLC. - SpyHunter4 application.) -- C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [6427008] [PID.328] =>Crapware.SpyHunter
[MD5.18A60DCA97EAC258ED4AC781374DC093] - (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028896] [PID.456]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.300]
[MD5.F6158734F1E24C6C510155CF0D363911] - (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512] [PID.1380]
[MD5.72334F906C2E2B002CDD2FF9022FD957] - (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\Pac207\Monitor.exe [319488] [PID.384]
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2504]
[MD5.14AF592458BBE1EA6252C532833FC52E] - (.NVIDIA Corporation - NVIDIA Settings.) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe [1821984] [PID.2936]
[MD5.02555AAE46B904A77A4E48E0FD11EA1B] - (.DT Soft Ltd - DAEMON Tools Shell Extensions Helper.) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe [382272] [PID.3140]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [860488] [PID.4864]
[MD5.2BE28172DB7CB4C3AB8AC061D5420316] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7877120] [PID.5836]
~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Windows 7\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [User Data\Default][HomePage] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [imcbnnnoghiihopefblgehihofbfbmei] Desprotetor de Links v.2.0.1.7, (Activé)
G2 - GCE: Preference [User Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [okmcbgkkeagngnijeiighgblfljbekip] AT_DJTiesto v.2 (Activé)
G2 - GCE: Preference [User Data\Default] [omhclojepaohhgmelpgpnbekblifihoh] REC - Rastreamento de Encomendas dos Correios v.0.3 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 03s

---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 15 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1

---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Windows 7]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O4 - GS\Desktop [Windows 7]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 02s

---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Nvtmru] . (.NVIDIA Corporation - NVIDIA NvTmru Application.) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [TkBellExe] . (.RealNetworks, Inc. - RealNetworks Scheduler.) -- C:\Program Files\Real\RealPlayer\update\realsched.exe =>.RealNetworks, Inc
O4 - HKLM\..\Run: [Monitor] . (.PixArt Imaging Incorporation - Registry Monitor.) -- C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_44130B045B9E62BB4535762DC67AACA4] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\.DEFAULT\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-18\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk 360.) -- C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-1484466459-4244202861-2336252029-1000\..\Run: [GoogleChromeAutoLaunch_44130B045B9E62BB4535762DC67AACA4] . (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKCU\...\EscDomains] http.fastspring.com
O15 - Trusted Zone: [HKLM\...\EscDomains] http.connectify.me
O15 - Trusted Zone: [HKLM\...\EscDomains] http.fastspring.com
~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1F5F9C35-E9C1-4EDC-A8C5-358344A9EEFD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: (no name) - {F791A188-699D-4FD4-955A-EB59E89B1907} . (.AveApps, Andreas Verhoeven - Dynamic Start Button Changer.) -- C:\Program Files\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll
~ STS/SSO: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: HyperDesk's Custom Theme Enabler (HyperDeskCustomThemeEnabler) . (...) - C:\Windows\Installer\MSI673B.tmp" -service (.not file.)
~ Services: 16 Legitimates Filtered in 00mn 07s

---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1058]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1062]
~ Scheduled Task: 15 Legitimates Filtered in 00mn 02s

---\\ Software instalados (042)
O42 - Logiciel: CNPJ (PGD) - versão 3.8 - (...) [HKLM] -- PGD-CNPJ
O42 - Logiciel: HAWKEN - (.Adhesive Games.) [HKLM] -- Steam App 271290
O42 - Logiciel: Hacker Evolution Duality(remove only) - (...) [HKLM] -- HackerEvolutionDuality
O42 - Logiciel: Hacker Evolution: Untold (2.01.033)(remove only) - (...) [HKLM] -- HackerEvolutionUntold
O42 - Logiciel: Hawken - (.Meteor Entertainment.) [HKCU] -- Hawken
O42 - Logiciel: MKLOL - (...) [HKCU] -- MKLOL
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM] -- PokerStars
O42 - Logiciel: Windows 7 Codec Pack 4.0.1 - (.Windows 7 Codec Pack.) [HKLM] -- Windows 7 - Codec Pack
~ Logic: 24 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys
[HKCU\Software\FAIRLIGHT]
[HKCU\Software\Windows 7 - Codec Pack]
[HKCU\Software\ZD Soft]
[HKCU\Software\superdownloads.com.br]
[HKLM\Software\685D6D1C-D73A-4F37-B7E5E53660311DDB]
[HKLM\Software\System Admin Scripting Guide]
[HKLM\Software\ZD Soft]
~ Key Software: 343 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 14/12/2013 - 17:33:18 - [0] ----D C:\Program Files\Black Box
O43 - CFD: 05/09/2013 - 20:00:08 - [] ----D C:\Program Files\Gamemaxx
O43 - CFD: 02/10/2013 - 01:17:34 - [] ----D C:\Program Files\Hacker Evolution Untold
O43 - CFD: 05/09/2013 - 04:29:55 - [] ----D C:\Program Files\Hit Malware
O43 - CFD: 10/09/2013 - 12:16:21 - [] ----D C:\Program Files\LicenseProxy
O43 - CFD: 29/04/2014 - 15:13:23 - [0] ----D C:\Program Files\Pando Networks
O43 - CFD: 09/05/2014 - 22:19:28 - [] ----D C:\Program Files\PokerStars
O43 - CFD: 30/04/2014 - 23:55:01 - [] ----D C:\Program Files\Winhotspot
O43 - CFD: 20/10/2013 - 15:51:37 - [0] ----D C:\Program Files\ZD Soft
O43 - CFD: 18/07/2013 - 03:06:36 - [] ----D C:\ProgramData\FARO
O43 - CFD: 01/05/2014 - 01:29:00 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 02/10/2013 - 02:46:20 - [] ----D C:\Users\Windows 7\AppData\Roaming\BoL
O43 - CFD: 02/10/2013 - 03:11:51 - [] ----D C:\Users\Windows 7\AppData\Roaming\LoLPlus
O43 - CFD: 06/09/2013 - 05:25:32 - [] ----D C:\Users\Windows 7\AppData\Roaming\MailFrontier
O43 - CFD: 01/05/2014 - 10:15:40 - [] ----D C:\Users\Windows 7\AppData\Local\DanuSoft
O43 - CFD: 01/05/2014 - 00:02:29 - [] ----D C:\Users\Windows 7\AppData\Local\mHotspot_Inc
O43 - CFD: 01/05/2014 - 00:25:00 - [] ----D C:\Users\Windows 7\AppData\Local\MyRouter_Inc
O43 - CFD: 09/05/2014 - 22:46:17 - [] ----D C:\Users\Windows 7\AppData\Local\PokerStars
O43 - CFD: 22/08/2013 - 01:41:56 - [] ----D C:\Users\Windows 7\AppData\Local\Spirograph_MV
O43 - CFD: 12/08/2013 - 20:31:20 - [] ----D C:\Users\Windows 7\AppData\Local\TempDiretório de backup SW
O43 - CFD: 23/02/2014 - 12:38:01 - [0] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
O43 - CFD: 23/03/2014 - 22:06:54 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlagueInc 1.0
O43 - CFD: 09/05/2014 - 22:18:58 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars
O43 - CFD: 02/05/2014 - 09:29:55 - [] ----D C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter
~ Program Folder: 258 Legitimates Filtered in 00mn 00s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.25489FD8CF19C3BE69FA6C0DFD1E0B61] - 20/05/2014 - 10:01:04 ---A- . (...) -- C:\Windows\win.ini [752]
O44 - LFC:[MD5.FE6D1684D1D3E1FEA219F72196A0AE7F] - 22/05/2014 - 15:07:36 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [148366]
O44 - LFC:[MD5.E1A30D1E37AA663A19EE6478AB0DD139] - 22/05/2014 - 15:07:36 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [708120]
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 23/05/2014 - 10:58:20 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.77FD3D7BF7463831A3C83D576C66791B] - 23/05/2014 - 12:09:38 ---A- . (...) -- C:\zoek-results2014-05-23-150938.log [41147]
O44 - LFC:[MD5.DD54494B17DECC7E4BC759895DDE79ED] - 23/05/2014 - 21:35:19 ---A- . (...) -- C:\zoek-results2014-05-24-003519.log [22424]
O44 - LFC:[MD5.B6605261D2882077DC73CFA49C7F5EAC] - 23/05/2014 - 23:18:07 ---A- . (...) -- C:\zoek-results2014-05-24-021807.log [3670]
O44 - LFC:[MD5.37DD1B0040F006EBF2B6DB912BE25418] - 23/05/2014 - 23:36:04 ---A- . (...) -- C:\zoek-results2014-05-24-023604.log [2208]
O44 - LFC:[MD5.5034E7163F5F83EBD35DF11BA9F8557D] - 24/05/2014 - 14:55:19 ---A- . (...) -- C:\zoek-results.log [922]
~ Files: 23 Legitimates Filtered in 00mn 01s

---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ SMSR Keys: 15 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/08/2004 - 09:56:20 ---A- . (.No owner - ATK0110 ACPI Utility.) -- C:\Windows\System32\Drivers\ASACPI.sys [5810]
O58 - SDL:01/05/2014 - 02:22:47 ---A- . (.Connectify - NDIS filter driver.) -- C:\Windows\System32\Drivers\cnnctfy2.sys [27248]
O58 - SDL:24/06/2013 - 08:59:53 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [233024]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\Drivers\EsgScanner.sys [19984]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:22/02/2011 - 13:38:20 ---A- . (.NT Kernel Resources - NDISRD helper driver.) -- C:\Windows\System32\Drivers\ndisrd.sys [26208]
O58 - SDL:05/12/2006 - 11:34:42 ---A- . (.PixArt Imaging Inc. - PFC027.) -- C:\Windows\System32\Drivers\PFC027.SYS [507136]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [443448]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:22/06/2012 - 12:01:32 ---A- . (...) -- C:\Windows\System32\ESGScanner.sys [19984]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 81 Legitimates Filtered in 00mn 00s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s

---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 06/05/2011 - C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys (esgiguard) .(...) - LEGACY_ESGIGUARD =>Crapware.SpyHunter
~ Legacy: 99 Legitimates Filtered in 00mn 00s

---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.BC5A0E25FA751D8950C737FD385E492E] [SPRF][29/08/2013] (...) -- C:\ProgramData\KGyGaAvL.sys [2516]
[MD5.659D829F1CD722B0F64036F840835785] [SPRF][01/01/2014] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 3 Legitimates Filtered in 00mn 00s

---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{B7A30C97-DE8E-4B07-AA4D-73B1089756AC}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{2A037AF5-CDB2-4C96-AC25-F804E10BA7B2}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Windows 7\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s

---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\SpyHunter4_RASAPI32 =>Crapware.SpyHunter
HKLM\SOFTWARE\Microsoft\Tracing\SpyHunter4_RASMANCS =>Crapware.SpyHunter
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Microsoft\Tracing\utorrent_RASMANCS =>P2P.µTorrent
~ BTK: 424 Legitimates Filtered in 00mn 00s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 18/07/2013 1064312 | (FlexNet Licensing Service) . (.Flexera Software LLC.) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 28/08/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 28/08/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 08/04/2008 800040 | (NBService) . (.Nero AG.) - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
SS - | Demand 22/01/2008 275752 | (NMIndexingService) . (.Nero AG.) - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 25/02/2014 568512 | (Steam Client Service) . (.Valve Corporation.) - C:\Program Files\Common Files\Steam\SteamService.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 13/12/2012 12288 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 10/07/1658 0 | (HyperDeskCustomThemeEnabler) . (...) - C:\Windows\Installer\MSI673B.tmp" -service
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 27/08/2013 14573856 | (NvStreamSvc) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
SR - | Auto 15/10/2013 664352 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 27/08/2013 2155296 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SR - | Auto 19/12/2006 81920 | (PLFlash DeviceIoControl Service) . (.Prolific Technology Inc..) - C:\Windows\system32\IoctlSvc.exe
SR - | Auto 10/03/2010 189728 | (PSI_SVC_2) . (.Protexis Inc..) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 17/07/2013 770432 | (SpyHunter 4 Service) . (.Enigma Software Group USA, LLC..) - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe =>Crapware.SpyHunter
SR - | Auto 15/10/2013 414496 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 31/12/1999 27768 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 10s

---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [443448]
~ Emulateurs: Scanned in 00mn 10s

---\\ Scâner Aditional (088)
Database Version : 13029 - (23/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^
[HKLM\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service] =>Crapware.SpyHunter
C:\Users\Windows 7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter =>Crapware.SpyHunter^
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe =>Crapware.SpyHunter^
~ Additionnel Scan: 370357 Items scanned in 01mn 01s

---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Crapware.SpyHunter
~ MSI: 1 link(s) detected in 00mn 00s

~ 977 Legitimates filtered by white list
End of the scan (487 lines in 02mn 08s)(0)

por ahgramarin Sáb 24 maio 2014, 15:11

Assinatura do problema:
Nome do Evento de Problema: BlueScreen
Versão do sistema operacional: 6.1.7601.2.1.0.256.48
Identificação da Localidade: 1046

Informações adicionais sobre o problema:
BCCode: 1000008e
BCP1: C0000005
BCP2: 830AA2C3
BCP3: A5335BF4
BCP4: 00000000
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Arquivos que ajudam a descrever o problema:
C:\Windows\Minidump\052414-19546-01.dmp
C:\Users\Windows 7\AppData\Local\Temp\WER-30825-0.sysdata.xml

Leia nossa declaração de privacidade online:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline:
C:\Windows\system32\pt-BR\erofflps.txt

por **Power Max** Sáb 24 maio 2014, 16:51

Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
____________________________________________________________________________________________________________

baidu - Kaspersky PURE 3.0 não instala por causa do anti vírus baidu 772309

Siga também estas dicas:

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
___________________________________________________________________________________________________

Depois disto nos diga como está o PC.

por ahgramarin Sáb 24 maio 2014, 17:00

Farei como pedido. Quanto ao Pure 3.0 ja esta pronto para instalar ou temos mais trabalhos pela frente? Logo posto o relatório destes testes.

por Conteúdo patrocinado

Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

log AdwCleaner

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

log Zoek

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

log Zoek

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

log Zoek

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

log Zoek

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Junkware Removal Tool

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Relatório do ZHPDiag

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

vírus total

ZHPFix log

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Erro tela azul + log

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

ZHPDiag log

Erro novamente

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

OK

Re: Kaspersky PURE 3.0 não instala por causa do anti vírus baidu

Seg	Ter	Qua	Qui	Sex	Sáb	Dom
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31