Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35112 mensagens em 3557 assuntos
Últimos assuntos
» Notebook Travando!
por RS_Computadores Hoje à(s) 10:37

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


CE_UmbrellaCert

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 09:21

Pessoal, bom dia!

Infelizmente também preciso de ajuda para retirar essa mensagem que insiste em aparecer na minha tela!! Já fiz a limpeza com ADWCleaner, mas não resolveu. Poderiam me ajudar?

Segue em anexo o relatório...

Obrigado!
Roger

# AdwCleaner v3.211 - Relatório criado 31/05/2014 às 09:10:15
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Usuario - USUARIO-PC
# Executando de : C:\Users\Usuario\Downloads\adwcleaner_3.211.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : Application Updater
[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\Application Updater
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\HQ-Video-Pro-1.9
Pasta Deletada : C:\Program Files (x86)\IminentToolbar
Pasta Deletada : C:\Program Files (x86)\IObit Apps Toolbar
Pasta Deletada : C:\Program Files (x86)\Speedial
Pasta Deletada : C:\Program Files (x86)\Common Files\Spigot
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\SupraSavings
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\Usuario\AppData\Local\Slick Savings
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\Iminent
Pasta Deletada : C:\Users\Usuario\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Usuario\AppData\LocalLow\Search Settings
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\IminentToolbar
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Slick Savings
Pasta Deletada : C:\Users\Usuario\AppData\Roaming\Speedial
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Arquivo Deletada : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.iminent.com_0.localstorage
Arquivo Deletada : C:\Windows\System32\Tasks\Driver Booster Update
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial
Arquivo Deletada : C:\Windows\Tasks\Speedial.job
Arquivo Deletada : C:\Windows\System32\Tasks\Speedial
Arquivo Deletada : C:\Windows\Tasks\8ca66254-3edf-4942-9b59-acf511c6e430-4.job
Arquivo Deletada : C:\Windows\System32\Tasks\8ca66254-3edf-4942-9b59-acf511c6e430-4
Arquivo Deletada : C:\Windows\Tasks\8ca66254-3edf-4942-9b59-acf511c6e430-5.job
Arquivo Deletada : C:\Windows\System32\Tasks\8ca66254-3edf-4942-9b59-acf511c6e430-5

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Slick Savings]
Chave Deletedo : HKLM\SOFTWARE\Classes\Iminent
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\utilwebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{76A60138-58B3-4E27-85FB-8FEF344A8998}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Valor Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\mysearchdial
Chave Deletedo : HKCU\Software\Search Settings
Chave Deletedo : HKCU\Software\Speedial
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\Application Updater
Chave Deletedo : HKLM\Software\HQ-Video-Pro-1.9
Chave Deletedo : HKLM\Software\InstallCore
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\Search Settings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3A787631-66A2-4634-B928-A37E73B58FB6}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HQ-Video-Pro-1.9
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speedial
Chave Deletedo : [x64] HKLM\SOFTWARE\Iminent
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\suprasavings
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\suprasavings
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : hbcennhacfaagdopikcegfcobcadeocj
Deletedo [Extension] : iagcajndpnfncplednpbnkahadegklfa
Deletedo [Extension] : mhkaekfpcppmmioggniknbnbdbcigpkk
Deletedo [Extension] : pfndaklgolladniicklehhancnlgocpp

*************************

AdwCleaner[R0].txt - [30015 octets] - [30/04/2014 20:09:01]
AdwCleaner[R1].txt - [1469 octets] - [30/04/2014 20:19:20]
AdwCleaner[R2].txt - [5792 octets] - [11/05/2014 06:54:56]
AdwCleaner[R3].txt - [10909 octets] - [31/05/2014 09:09:18]
AdwCleaner[S0].txt - [28481 octets] - [30/04/2014 20:09:29]
AdwCleaner[S1].txt - [1335 octets] - [30/04/2014 20:20:04]
AdwCleaner[S2].txt - [4784 octets] - [11/05/2014 06:56:51]
AdwCleaner[S3].txt - [10084 octets] - [31/05/2014 09:10:15]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [10145 octets] ##########
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 09:23

Olá Roger. Qual antivirus você usa?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

(RESOLVIDO) CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 09:27

Avast!

Obrigado pela rápida resposta!!
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 09:37

No seu PC está constando também o Baidu. Você quer removê-lo ou continuar com ele?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 09:39

Quero removê-lo também..
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 09:48

Desative temporariamente seu antivírus para evitar conflitos.

 Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 31 Maio 2014, 14:28, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 11:28

Pronto!! segue o relatório em anexo.

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Usuario on 31/05/2014 at 9:56:53,84.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

31/05/2014 09:57:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D} deleted
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\6HC9RK3K\[Você precisa estar registrado e conectado para ver este link.] deleted
C:\PROGRA~3\FileSplitUpLoad.dll deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\ProductData deleted
C:\Users\Usuario\AppData\Local\WebToSave.crx deleted
C:\Users\Usuario\AppData\Local\CRE deleted
C:\Users\Usuario\AppData\Local\cache deleted
C:\Users\Usuario\AppData\LocalLow\IObit Apps deleted
C:\Users\Usuario\AppData\LocalLow\ADSRemoval deleted
C:\Users\Usuario\AppData\LocalLow\SIEN SA deleted
C:\Users\Usuario\AppData\LocalLow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Application Updater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\Toolbar4 deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
C:\Windows\Syswow64\SET4AB7.tmp deleted
C:\Windows\Syswow64\SET4D0A.tmp deleted
C:\Windows\Syswow64\SET5607.tmp deleted
C:\Windows\Syswow64\SET6B12.tmp deleted
C:\Windows\Syswow64\SET6C7B.tmp deleted
C:\Windows\Syswow64\SET7931.tmp deleted
C:\Windows\Syswow64\SETDD6A.tmp deleted
C:\Windows\Syswow64\SETDE56.tmp deleted
C:\Windows\Syswow64\SETE91B.tmp deleted
C:\Windows\Syswow64\SETEB28.tmp deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Usuario\AppData\Roaming\unins000.exe deleted
C:\Users\Usuario\AppData\Roaming\unins001.exe deleted
"C:\Windows\Installer\49d83.msi" deleted

==== Folders Found ======================

2014-05-11 09:56:52 2014-05-11 09:56:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-30 23:09:38 2014-04-30 23:09:38 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 12:10:19 2014-05-31 12:10:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu
2014-05-31 12:10:19 2014-05-31 12:10:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu\Baidu Antivirus
2013-09-30 16:59:24 2013-11-30 19:28:49 -------- d-----w- C:\Program Files (x86)\Baidu Security
2013-11-30 19:28:49 2014-05-28 13:55:59 -------- d-----w- C:\Program Files (x86)\Baidu Security\Baidu Antivirus
2013-09-30 16:59:41 2014-05-28 02:10:29 -------- d-----w- C:\ProgramData\Baidu Security
2013-09-30 16:59:41 2014-05-28 02:10:29 -------- d-----w- C:\Users\All Users\Baidu Security
2013-09-30 16:59:24 2013-11-18 23:06:02 -------- d-----w- C:\Users\Public\Documents\Baidu Security
2013-11-20 22:00:34 2013-11-20 22:00:34 -------- d-----w- C:\Users\Usuario\AppData\Local\Temp\baidu_secure
2013-09-30 16:59:24 2013-09-30 16:59:24 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security
2013-09-30 17:07:10 2013-09-30 17:07:10 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2013-09-30 17:07:10 2013-09-30 17:07:10 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-03-16 20:15:44 2014-03-16 20:15:44 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-03-16 20:15:44 2014-03-16 20:15:44 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3958
Created time: 2012-11-12 19:26:02
Modified time: 2012-11-12 19:26:02
MD5: DA0EC54C773C9ABF2378361584814AA8
SHA1: 72D798185B1DE87A6FDCE3BCF289CC9A0D27554A


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 416
Created time: 2012-11-12 19:26:02
Modified time: 2012-11-12 19:26:02
MD5: A156DEAAAAE97C4C17CA47482F90B643
SHA1: 19E8D32C68862C2B7D64DCD26C31545869B7C6E4


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\Res\search_baidu.gif.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 614
Created time: 2012-11-29 19:40:48
Modified time: 2012-11-29 19:40:48
MD5: 35413285571F6052D773CFE59C1DF7E9
SHA1: AC8CE8A7E602A266F3CD8B4C503EE8478501D152


--- C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\Safari_baidu_script.js ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1556
Created time: 2014-05-14 16:49:32
Modified time: 2013-04-22 14:30:56
MD5: 670B367C3485AB4FA0046B9D1DDFF1B7
SHA1: DD0C159627F22F3BF83A8632A357EE62DE132EEC


--- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.7.9_0\css\quickSearch\img\baidu.png ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 2201
Created time: 2013-11-27 21:38:27
Modified time: 2013-11-27 21:38:27
MD5: 534EAB62EBF77D52923A117533C6D338
SHA1: 948CCC9B02BF75EB865FEE8B3107D963512AF96F


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"="C:\\ProgramData\\baidu\\commondll\\splitupload\\DllVersion_2.0\\FileSplitUpLoad.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"="http://sync.br.bav.baidu.com/cgi-bin/report_uu_msg_bavv2.cgi"

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"="Baidu Antivirus Minifilter Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"="Baidu FS Monitor Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"="Baidu NetDefense"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"="Baidu Protect"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\Baidu Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"="Baidu ProtectEx"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"="C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"="\\??\\C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\PCFApiUtil64.sys"

[HKEY_USERS\.DEFAULT\Software\Baidu]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130176140241860188.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130176140241860188.dmp]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu\Hao123-br]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu\Hao123-br\hao123desk]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"="^http\\:\\/\\/www\\.baidu\\.com\\/.*"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]

[HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130176140241860188.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"="u.br.bav.baidu.com"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"="http://up.br.bav.baidu.com/cgi-bin/url_warnning/url_warnning.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"="http://up.br.bav.baidu.com/cgi-bin/url_visit_action.cgi"

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130176140241860188.dmp]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{C7AE725D-FA5C-4027-BB4C-787EF9F8248A}"="C:\Program Files (x86)\RelevantKnowledge\firefox" []
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [23/05/2012 20:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
cikkkfooompgefbcjlgdjejfdknkheaj - C:\Program Files (x86)\Common Files\Spigot\GC\DomainErrorHelper_1.0_0.crx[]
efbkdhmfnmnmfimllbjamfodcoanhmdd - C:\Users\Usuario\AppData\Local\WebToSave.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[30/04/2014 15:16]
gpiifgmgnfdiblgpaepbmfdkcheicgof - C:\Program Files (x86)\Common Files\Spigot\GC\nta_1.0_0.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11/04/2014 19:46]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bakijjialdiiboeaknfpmflphhmljfkd - No path found[]
efbkdhmfnmnmfimllbjamfodcoanhmdd - C:\Users\Usuario\AppData\Local\WebToSave.crx[]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[31/07/2013 10:14]

Google Wallet - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Bizzybolt - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg
WebToSave - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd
Select City - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
uTorrentBar_PT - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda
Chrome In-App Payments service - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Fast Discountz - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\oldchfemoapgakfjnmbngnljnkoapbhd
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Iminent Chrome Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb

==== Chrome Fix ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.iminent.com_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_call-of-duty-4.softonic.com.br_0.localstorage deleted successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_my-lockbox.softonic.com.br_0.localstorage deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgbjdgnkkchgleommaaapafcigjjbnmg deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdebcffgnijbblbinknkbefciofebcda deleted successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkhojieggfgllhllcegoffdcnmdeojgb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Start Page Restore"="http://www.uol.com.br/"
"Search Page"="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0E0ByDyC0Czy0B0A0EyEtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0DtD0ByC0DzzzytGzz0CtCtDtG0Bzy0CyBtG0F0A0C0DtGyEyCyD0F0AtAyC0Fzy0FyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtB0AtA0D0DyCtGzytB0D0BtG0A0ByEtCtG0AtAzz0AtGtBtCtByE0DyCtAyE0F0B0AyC2Q&cr=74075221&ir="
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://speedial.com/?f=1&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0E0ByDyC0Czy0B0A0EyEtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0DtD0ByC0DzzzytGzz0CtCtDtG0Bzy0CyBtG0F0A0C0DtGyEyCyD0F0AtAyC0Fzy0FyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtB0AtA0D0DyCtGzytB0D0BtG0A0ByEtCtG0AtAzz0AtGtBtCtByE0DyCtAyE0F0B0AyC2Q&cr=74075221&ir="
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
"Start Page Restore"="http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC"
{31090377-0740-419E-BEFC-A56E50500D5B} Speedial Url="http://speedial.com/results.php?f=4&q={searchTerms}&a=spd_ir_14_22_ch&cd=2XzuyEtN2Y1L1Qzu0CzzyCtDtDtD0E0ByDyC0Czy0B0A0EyEtN0D0Tzu0SzzyBzztN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyC0DtD0ByC0DzzzytGzz0CtCtDtG0Bzy0CyBtG0F0A0C0DtGyEyCyD0F0AtAyC0Fzy0FyE0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtBtB0AtA0D0DyCtGzytB0D0BtG0A0ByEtCtG0AtAzz0AtGtBtCtByE0DyCtAyE0F0B0AyC2Q&cr=74075221&ir="
{33EB8AFF-0B58-4ECD-BABB-26E6D5C11B21} Bing Url="http://www.bing.com/search?FORM=U218DF&PC=U218&q={searchTerms}&src=IE-SearchBox"
{52db1893-8a90-4192-aede-08e00b8f8473} Unknown Url="Not_Found"
{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{ABCD0123-1234-5678-ABCD-0123456789AB} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{52db1893-8a90-4192-aede-08e00b8f8473} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} deleted successfully

==== shortcuts on Users Desktops ======================

C:\Users\Usuario\Desktop\Any Audio Converter.lnk - C:\Program Files (x86)\AnvSoft\Any Audio Converter\AAConverter.exe
C:\Users\Usuario\Desktop\chrome - Atalho.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\Desktop\Fuze Meeting .lnk - C:\Users\Usuario\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Usuario\Desktop\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\Tools\GoPro Studio.exe
C:\Users\Usuario\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Usuario\Desktop\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Usuario\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Usuario\Desktop\SWAT 4 - The Stetchkov Syndicate.lnk - C:\Program Files (x86)\Sierra\SWAT 4\ContentExpansion\System\Swat4X.exe
C:\Users\Usuario\Desktop\SWAT 4.lnk - C:\Program Files (x86)\Sierra\SWAT 4\Content\System\Swat4.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Public\Desktop\avast Free Antivirus.lnk -
C:\Users\Public\Desktop\Central de Soluções HP.lnk -
C:\Users\Public\Desktop\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\SkipUacExec.exe
C:\Users\Public\Desktop\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
C:\Users\Public\Desktop\Image Converter.lnk - C:\Program Files (x86)\Image Converter\Image Converter\imageconverter.exe
C:\Users\Public\Desktop\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Users\Public\Desktop\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Public\Desktop\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Users\Public\Desktop\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe
C:\Users\Public\Desktop\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe
C:\Users\Public\Desktop\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Desinstalar Advanced SystemCare.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Toolbox.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /toolbox
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7\Turbo Boost.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /turboboost
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Desinstalar Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster\Driver Booster.lnk - C:\Program Files (x86)\IObit\Driver Booster\SkipUacExec.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Desinstalar IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Help.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\help.html
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller\Uninstall IObit Uninstaller.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallDisplay.exe uninstall_start
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Desinstalar Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3\Smart Defrag 3.lnk - C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files (x86)\Nero\Nero8\Nero Home\NeroHome.exe -ScParameter=65
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files (x86)\Nero\Nero8\Nero StartSmart\NeroStartSmart.exe -ScParameter=65
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office PowerPoint 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Uninstall Programs.lnk - C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Advanced SystemCare 7.lnk - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe /manual
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Atalho.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== shortcuts After Repair ======================

C:\Users\Usuario\Desktop\Fuze Meeting .lnk - C:\Users\Usuario\AppData\Local\Fuze Box\Fuze Meeting\Fuze_Meeting.exe
C:\Users\Usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyServer"="http=127.0.0.1:49274;https=127.0.0.1:49274;"
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AB4C6D07EBCD9C14DBAFAD89913E05C1 deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\cikkkfooompgefbcjlgdjejfdknkheaj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gpiifgmgnfdiblgpaepbmfdkcheicgof deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\somotomoviestoolbar1CR deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{70D6C4BA-DCBE-41C9-BDFA-DA9819E3501C} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AB4C6D07EBCD9C14DBAFAD89913E05C1 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=397 folders=91 41728532 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Usuario\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Usuario\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Usuario\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on 31/05/2014 at 11:12:54,15 ======================
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 14:27

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 31 Maio 2014, 18:55, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 15:06

Segue em anexo..


Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Usuario on 31/05/2014 at 14:59:05,37.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-31-141254.log 44745 bytes

==== System Restore Info ======================

31/05/2014 15:00:28 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfilter deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bfmon deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bndef deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Bprotect deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BprotectEx deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PCFApiUtil deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PCFApiUtil deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
"DllVersion_2.0"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
"uuurl"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\DuplicateRecord]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\LogLoc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\4.0.0.0\Setup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\PC Faster\LogUp]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Processing]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu_Drp_pos\DRP\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Bprotect]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\BprotectEx]
"InstPath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCFApiUtil]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BFMON\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BNDEF\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECT\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BPROTECTEX\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfilter]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bfmon]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
"DisplayName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bndef]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Bprotect]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
"InstPath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BprotectEx]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCFApiUtil]
[-HKEY_USERS\.DEFAULT\Software\Baidu]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\.DEFAULT\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130176140241860188.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130176140241860188.dmp]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\PC Faster\DataReport]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]
"url"=-
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu\Hao123-br]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu\Hao123-br\hao123desk]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
"url"=-
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}]
"DisplayName"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log]
[-HKEY_USERS\S-1-5-18\Software\Baidu\Application Bug\Bav\log\BavSvc.exe]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\bug\driver\MEMORY_130176140241860188.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"ucloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"dcloud"=-
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]
"rcloud"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\alluser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\curuser]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hkcu]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\3.7.0.0\Run\Disable\hklm64]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\bug\driver\MEMORY_130176140241860188.dmp]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\PC Faster\DataReport]

==== Deleting Files \ Folders ======================

C:\Users\Usuario\AppData\Local\Temp\baidu_secure not found
C:\Program Files (x86)\Baidu Security deleted
C:\ProgramData\Baidu Security deleted
C:\Users\Public\Documents\Baidu Security deleted
C:\Users\Usuario\AppData\Roaming\Baidu Security deleted
"C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\Safari_baidu_script.js" deleted
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.7.9_0\css\quickSearch\img\baidu.png" deleted

==== Folders Found ======================

2014-05-11 09:56:52 2014-05-11 09:56:52 -------- d-----w- C:\AdwCleaner\Quarantine\C\ProgramData\baidu
2014-04-30 23:09:38 2014-04-30 23:09:38 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Public\Documents\baidu
2014-05-31 12:10:19 2014-05-31 12:10:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu
2014-05-31 12:10:19 2014-05-31 12:10:19 -------- d-----w- C:\AdwCleaner\Quarantine\C\Users\Usuario\AppData\Roaming\baidu\Baidu Antivirus
2014-05-31 18:02:04 2014-05-31 18:02:05 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security
2014-05-31 18:02:05 2014-05-28 13:55:59 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security_Baidu Antivirus
2014-05-31 18:02:05 2014-05-31 18:02:07 -------- d---a-w- C:\zoek_backup\C_ProgramData_Baidu Security
2014-05-31 18:02:07 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_All Users_Baidu Security
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Public_Documents_Baidu Security
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_3.7.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security_PC Faster_4.0.0.0_Uninstall_Baidu PC Faster Uninstall HK
2014-05-31 18:02:05 2014-05-28 13:55:59 -------- d---a-w- C:\zoek_backup\C_Program Files (x86)_Baidu Security\Baidu Antivirus
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall
2014-05-31 18:02:08 2014-05-31 18:02:08 -------- d---a-w- C:\zoek_backup\C_Users_Usuario_AppData_Roaming_Baidu Security\PC Faster\4.0.0.0\Uninstall\Baidu PC Faster Uninstall HK

==== Files Found ======================


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 3958
Created time: 2012-11-12 19:26:02
Modified time: 2012-11-12 19:26:02
MD5: DA0EC54C773C9ABF2378361584814AA8
SHA1: 72D798185B1DE87A6FDCE3BCF289CC9A0D27554A


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 416
Created time: 2012-11-12 19:26:02
Modified time: 2012-11-12 19:26:02
MD5: A156DEAAAAE97C4C17CA47482F90B643
SHA1: 19E8D32C68862C2B7D64DCD26C31545869B7C6E4


--- C:\AdwCleaner\Quarantine\C\Program Files (x86)\IObit Apps Toolbar\Res\search_baidu.gif.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 614
Created time: 2012-11-29 19:40:48
Modified time: 2012-11-29 19:40:48
MD5: 35413285571F6052D773CFE59C1DF7E9
SHA1: AC8CE8A7E602A266F3CD8B4C503EE8478501D152


--- C:\zoek_backup\C_Program Files (x86)_IObit_Surfing Protection_BrowerProtect_Safari_baidu_script.js.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 1556
Created time: 2014-05-31 18:02:08
Modified time: 2013-04-22 14:30:56
MD5: 670B367C3485AB4FA0046B9D1DDFF1B7
SHA1: DD0C159627F22F3BF83A8632A357EE62DE132EEC


--- C:\zoek_backup\C_Windows_SysWOW64_config_systemprofile_AppData_Local_Google_Chrome_User Data_Default_Extensions_ifohbjbgfchkkfhphahclmkpgejiplfo_1.1.7.9_0_css_quickSearch_img_baidu.png.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 2201
Created time: 2014-05-31 18:02:08
Modified time: 2013-11-27 21:38:27
MD5: 534EAB62EBF77D52923A117533C6D338
SHA1: 948CCC9B02BF75EB865FEE8B3107D963512AF96F


==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\baidu]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]

[HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=472 folders=176 273220473 bytes)

==== EOF on 31/05/2014 at 15:04:15,14 ======================
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 15:14

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 31 Maio 2014, 18:56, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 16:38

Já tem mais de um hora que a tela está nessa msg, é normal?!

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Usuario on 31/05/2014 at 15:29:10,59.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 15:29:19,84 =====

--- Create Environment Variables 15:29:20,62
--- Create System Restore Point 15:29:24,96
--- Checking Input 15:29:33,51
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 16:43

Ás vezes o Zoek trava mesmo. Neste caso é só reiniciar o PC e refazer o procedimento que te passei.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 17:13

Agora foi, tive que reiniciar duas vezes...Segue em anexo

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Usuario on 31/05/2014 at 17:07:49,64.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-31-141254.log 44745 bytes
C:\zoek-results2014-05-31-180415.log 23638 bytes
C:\zoek-results2014-05-31-182932.log 552 bytes
C:\zoek-results2014-05-31-195220.log 600 bytes

==== System Restore Info ======================

31/05/2014 17:09:52 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload]
[-HKEY_LOCAL_MACHINE\SOFTWARE\baidu\CommonDll\Splitupload\bav]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}]
"DisplayName"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\AVAST Software\WRC\SearchRules\baidu.com]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Baidu Security\Antivirus\web]
[-HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Avast Software\WRC\SearchRules\baidu.com]
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]

[HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

[HKEY_USERS\.DEFAULT\Software\Baidu Security]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]

[HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001

[HKEY_USERS\S-1-5-18\Software\Baidu Security]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]

[HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=472 folders=176 273220473 bytes)

==== EOF on 31/05/2014 at 17:11:16,05 ======================
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 17:48

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.


Última edição por Power Max em Sab 31 Maio 2014, 18:56, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 18:52

Segue em anexo...

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Usuario on 31/05/2014 at 18:48:10,94.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Usuario\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-31-141254.log 44745 bytes
C:\zoek-results2014-05-31-180415.log 23638 bytes
C:\zoek-results2014-05-31-182932.log 552 bytes
C:\zoek-results2014-05-31-195220.log 600 bytes
C:\zoek-results2014-05-31-201116.log 5128 bytes

==== System Restore Info ======================

31/05/2014 18:48:39 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Baidu Security\Antivirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}]
"DisplayName"=-
[-HKEY_USERS\.DEFAULT\Software\Baidu Security]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus]
[-HKEY_USERS\.DEFAULT\Software\Baidu Security\Antivirus\web]
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}]
"DisplayName"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=-
"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=-
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=-
[-HKEY_USERS\S-1-5-18\Software\Baidu Security]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus]
[-HKEY_USERS\S-1-5-18\Software\Baidu Security\Antivirus\web]

==== Registry Search Results for "Baidu" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

[HKEY_USERS\S-1-5-21-262677338-4198775983-1718884025-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB} ]
"DisplayName"="Baidu"

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\3.7.0.0\\UninstCaller.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Users\\Usuario\\AppData\\Local\\Temp\\baidu_secure\\update\\BavPro_Setup_051.exe"=dword:00000001

"C:\\Users\\Usuario\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\LI6LDFZB\\gbpsetupuni[1].exe"=dword:00000001
"C:\\Program Files (x86)\\Baidu Security\\PC Faster\\4.0.0.0\\UninstCaller.exe"=dword:00000001

==== C:\zoek_backup content ======================

C:\zoek_backup (files=472 folders=176 273220473 bytes)

==== EOF on 31/05/2014 at 18:49:51,72 ======================
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 18:54

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 20:11

Feito! segue anexo...

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 31/05/2014 at 19:46:52,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-262677338-4198775983-1718884025-1000\Software\sweetim



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31/05/2014 at 20:07:22,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 20:30

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 20:42

Segue anexo...

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Usuario (31/05/2014 20:39:30)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 55
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4078 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 474 GB (80%) free of 587 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 474 Go of 587 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DFED58FBF0436670AF7381B3A2A6FAE7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 23:35:02.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.14/05/2014 - 14:02:10.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/234
~ Mes musiques (My Musics) : 31/712
~ Mes Videos (My Videos) : 1/183
~ Mes Favoris (My Favorites) : 1/55
~ Mes Documents (My Documents) : 1/1399
~ Mon Bureau (My Desktop) : 2/211
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.576C72830E3FD6ACE2910545B6130803] - (.ASUSTeK Computer Inc. - ASUS Routine Controller.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2931328] [PID.1388]
[MD5.5DA1157D851B1CB0AE473EAA2C35AC83] - (.IObit - Smart Defrag v3.) -- C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe [3448608] [PID.1412]
[MD5.AD2C5CBE2BC94AB862A96F81F30F08EE] - (.ASUSTeK Computer Inc. - TurboVHelp.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe [1097344] [PID.3824]
[MD5.617B43FE89B8DF6A8BFE84DB4426E040] - (.ASUSTeK Computer Inc. - EPUHelp.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe [1214080] [PID.3500]
[MD5.9815E18EF62AFAA90A56E9E7DDBAA5A0] - (.ASUSTeK Computer Inc. - AI Suite II.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe [1425536] [PID.4152]
[MD5.8549F4D70BDD647DAB1562731F4E4BFB] - (.ASUSTeK Computer Inc. - AlertHelper.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe [1115776] [PID.4220]
[MD5.0CE5B7372D0947889CB2FD394D869011] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872] [PID.4536]
[MD5.FA81263FDE0F01710FDBA8D3D8A2CED7] - (.AMD - MultiDesk.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe [569344] [PID.4592]
[MD5.58E06BE23F7640E1F4F6DA351021C738] - (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216] [PID.4620]
[MD5.127687F1D171D0820D02851A9FA62525] - (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2295584] [PID.4716]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.248]
[MD5.79C28DDF889C26FDD6162F796FD49BC4] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.200]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.4508]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.68488]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.68200]
[MD5.6C856C581ACE1785CE3FC2414E9859A3] - (.IObit - Advanced SystemCare Service.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952] [PID.840]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224] [PID.920]
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1420]
[MD5.E38AC5D38C757EE5B6230A0C56791EE4] - (.IObit - IObit Malware Fighter Service.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336] [PID.1884]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.2364]
[MD5.FB03A917C1294D3E6D671F24722E1BA3] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144] [PID.2432]
[MD5.A63173897EA1A73A75D0E65036DE5B15] - (...) -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584] [PID.2520]
[MD5.5C31DFB196CB3A488A041881634D86D2] - (...) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880] [PID.2612]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.2688]
[MD5.6B669A00A431FF6CDCE67458933F5F0F] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992] [PID.2720]
[MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1880]
[MD5.C5052FB77AA42ED440F9F6B4E37145A9] - (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672] [PID.2456]
[MD5.6EEE29D055D14F84BEBDD71FA593E060] - (.Banco Bradesco S.A. - scpVista.) -- C:\Program Files (x86)\Scpad\scpVista.exe [368544] [PID.1672]
[MD5.74149BCF0307BB76D68C0F8912DF731C] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784] [PID.4732]
[MD5.B8B529D13E69C1522027F5664E4EC08D] - (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1596736] [PID.5008]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 19 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1] - (.No owner - Fuze Meeting NPAPI Plugin.) -- C:\Users\Usuario\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59469;https=127.0.0.1:59469; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [IntelTBRunOnce] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKLM\..\Run: [IntelliPoint] . (.Microsoft Corporation - IPoint.exe.) -- c:\Program Files\Microsoft IntelliPoint\ipoint.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdcBase.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKCU\..\Run: [HydraVisionMDEngine] . (.AMD - MultiDesk.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
O4 - HKCU\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKCU\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe
O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] . (.DivX, LLC - DivX DLNA Media Server.) -- C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [HydraVisionMDEngine] . (.AMD - MultiDesk.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [HydraVisionDesktopManager] . (.AMD - HydraDM.) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [ContentExplorer] . (.ContentExplorer - ContentExplorer.) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
~ Services: 16 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [4925] (...) -- C:\Users\Usuario\AppData\Local\Temp\launchie.vbs \\B (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [Math Problem Solver CPU] (...) -- C:\Users\Usuario\AppData\Local\Math Problem Solver\cpu\Solve.exe (.not file.) [0]
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{2589BF45-EE2D-4EC3-9511-0CB71ADC4568}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Usuario\Downloads\Receitanet-1.04.exe [6182597]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 03s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (cashnbackdrv) . (. - .) - C:\Windows\System32\drivers\cashnbackdrv.sys (.not file.)
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
O41 - Driver: ({55685567-4840-4a91-962b-49a412e9485a}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({55685567-4840-4a91-962b-49a412e9485a}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys =>PUP.LinkiDoo
O41 - Driver: ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys =>PUP.LinkiDoo
~ Drivers: 99 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ContentExplorer - (.ContentExplorer.net.) [HKLM][64Bits] -- ContentExplorer
O42 - Logiciel: Fuze Meeting - (.Fuze Box, Inc..) [HKLM][64Bits] -- {799CB584-2DCE-48BB-924B-14B8778906B2}
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Math Problem Solver - (...) [HKCU][64Bits] -- Math Problem Solver
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Universal AntiCheat 3 v1.075 - (.DExUS.) [HKLM][64Bits] -- {99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Bizzybolt] =>PUP.Bizzybolt
[HKCU\Software\ContentExplorer]
[HKCU\Software\Fuzebox]
[HKCU\Software\GbAs]
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Bizzybolt] =>PUP.Bizzybolt
[HKLM\Software\Wow6432Node\NoName Toolbar]
[HKLM\Software\Wow6432Node\SearchSnacks]
~ Key Software: 343 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2013 - 14:28:44 - [0] ----D C:\Program Files (x86)\COD4
O43 - CFD: 22/04/2013 - 20:05:30 - [] ----D C:\Program Files (x86)\DExUS
O43 - CFD: 31/03/2014 - 10:44:25 - [] ----D C:\Program Files (x86)\Free PDF Solutions
O43 - CFD: 06/03/2014 - 13:40:26 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 11/05/2014 - 06:48:44 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 26/05/2013 - 12:03:01 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 31/05/2014 - 11:21:43 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 22/03/2014 - 15:27:17 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 14/03/2013 - 21:05:32 - [] ----D C:\Users\Usuario\AppData\Roaming\Blackboard
O43 - CFD: 30/05/2014 - 19:46:18 - [] ----D C:\Users\Usuario\AppData\Roaming\ContentExplorer
O43 - CFD: 14/05/2014 - 13:50:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ProductData
O43 - CFD: 31/07/2013 - 16:14:46 - [] ----D C:\Users\Usuario\AppData\Local\Fuze Box
O43 - CFD: 01/01/2014 - 17:21:25 - [] ----D C:\Users\Usuario\AppData\Local\Math Problem Solver
O43 - CFD: 17/05/2013 - 21:40:59 - [] ----D C:\Users\Usuario\AppData\Local\Max_HD
O43 - CFD: 08/05/2013 - 21:51:50 - [] ----D C:\Users\Usuario\AppData\Local\Targit
O43 - CFD: 31/07/2013 - 16:14:49 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting
O43 - CFD: 10/03/2013 - 17:03:55 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 06/03/2014 - 13:38:52 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 227 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0C271BE509915B42B85D843075580004] - 26/05/2014 - 20:57:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.5D3B1FB7D282B7AF9C1D7C4357E23AE5] - 27/05/2014 - 13:31:55 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147654]
O44 - LFC:[MD5.E5E8220788A616EB7E861B73DADF41AE] - 27/05/2014 - 13:31:55 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705814]
O44 - LFC:[MD5.B959A8C5EBEF236BD360D750A0AD4EB6] - 27/05/2014 - 16:14:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.E97883142FA167EB9B498EC7FA3C1183] - 30/05/2014 - 19:56:52 ---A- . (...) -- C:\Windows\win.ini [615]
O44 - LFC:[MD5.4E05E1D22453F2B34DAA5813397FAB6D] - 31/05/2014 - 11:12:54 ---A- . (...) -- C:\zoek-results2014-05-31-141254.log [44745]
O44 - LFC:[MD5.EC4AB508CCD17DABD8023D44E989CFA2] - 31/05/2014 - 15:04:15 ---A- . (...) -- C:\zoek-results2014-05-31-180415.log [23638]
O44 - LFC:[MD5.28E1871876E070348D7E38FD197BC58D] - 31/05/2014 - 15:29:32 ---A- . (...) -- C:\zoek-results2014-05-31-182932.log [552]
O44 - LFC:[MD5.2F0A6E8C8651BAFBA635454BF30466F7] - 31/05/2014 - 17:11:16 ---A- . (...) -- C:\zoek-results2014-05-31-201116.log [5128]
O44 - LFC:[MD5.7F2EBF1ADB34E303825775BC806EA0BC] - 31/05/2014 - 18:49:51 ---A- . (...) -- C:\zoek-results.log [4546]
~ Files: 19 Legitimates Filtered in 00mn 01s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{47298e48-9873-11e1-bfda-806e6f6e6963}\AutoRun\command. (...) -- E:\autorun.exe
~ Keys: Scanned in 00mn 04s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:14/04/2010 - 13:31:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\System32\Drivers\aswRdr.sys [28752]
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:27/11/2013 - 18:29:06 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/10/2009 - 01:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232]
O58 - SDL:14/01/2010 - 09:27:18 R--A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [29472]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:27/05/2014 - 16:14:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:26/05/2014 - 20:57:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:28/04/2014 - 10:23:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:04/01/2008 - 02:34:42 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:04/01/2008 - 02:34:48 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:24/08/2010 - 04:16:40 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440]
O58 - SDL:03/08/2010 - 02:21:24 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 09:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:15/10/2012 - 14:52:36 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\GbpKm.sys [46016]
O58 - SDL:30/04/2014 - 15:19:46 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 85 Legitimates Filtered in 00mn 10s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 24/12/2013 - C:\Windows\System32\Drivers\SmartDefragDriver.sys (SmartDefragDriver) .(.IObit - SmartDefrag Driver.) - LEGACY_SMARTDEFRAGDRIVER
O64 - Services: CurCS - 27/05/2014 - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys ({55685567-4840-4a91-962b-49a412e9485a}Gw64) .(.StdLib - StdLib.) - LEGACY_{55685567-4840-4A91-962B-49A412E9485A}GW64 =>PUP.LinkiDoo
O64 - Services: CurCS - 26/05/2014 - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys ({55685567-4840-4a91-962b-49a412e9485a}w64) .(.StdLib - StdLib.) - LEGACY_{55685567-4840-4A91-962B-49A412E9485A}W64 =>PUP.LinkiDoo
O64 - Services: CurCS - 28/04/2014 - C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64) .(.StdLib - StdLib.) - LEGACY_{9EDD0EA8-2819-47C2-8320-B007D5996F8A}W64 =>PUP.LinkiDoo
~ Legacy: 99 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] 91DD1A68853F4A1FBD47A614A92A26E8 - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {31090377-0740-419E-BEFC-A56E50500D5B} - (Speedial) - [Você precisa estar registrado e conectado para ver este link.] =>Adware.Adware.SearchYa
O69 - SBI: SearchScopes [HKCU] {33EB8AFF-0B58-4ECD-BABB-26E6D5C11B21} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {ABCD0123-1234-5678-ABCD-0123456789AB} - (Baidu) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.66D2072B2410B5816D3787C3EA3F7666] [SPRF][29/08/2013] (...) -- C:\Users\Usuario\AppData\Roaming\unins000.dat [16231]
[MD5.0F6043F6FA2C1754BA217296CC9D1511] [SPRF][30/04/2014] (...) -- C:\Users\Usuario\AppData\Roaming\unins001.dat [15667]
[MD5.F73E380B5304C376F2D7B444CFD4357D] [SPRF][30/04/2014] (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Usuario\Desktop\463-BitTorrent.exe [1643096] =>P2P.BitTorrent
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "8B501B6E56F182443979D1DFA8309BD4" . (.SupraSavings.) -- c:\Windows\Installer\{E6B105B8-1F65-4428-9397-1DFD8A03B94D}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9D0767859EE938C0C4FAC30693109843] [WIS][30/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\77bef2.msi [3162112] =>PUP.SupraSavings
~ WIS: 1 Legitimates Filtered in 00mn 04s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASAPI32 =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\InstTracker_RASMANCS =>Adware.PredictAd
HKLM\SOFTWARE\Microsoft\Tracing\updateWhilokii_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Microsoft\Tracing\updateWhilokii_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\463-BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\463-BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentUninstall_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32 =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS =>Adware.SearchSettings
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeeDial_RASAPI32 =>Adware.Adware.SearchYa
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SpeeDial_RASMANCS =>Adware.Adware.SearchYa
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBizzybolt_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASAPI32 =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBizzybolt_RASMANCS =>PUP.Bizzybolt
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASAPI32 =>PUP.Whilokii
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilWhilokii_RASMANCS =>PUP.Whilokii
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (1)_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (1)_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (2)_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (2)_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASAPI32 =>PUP.WebGet
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\webget_setup_RASMANCS =>PUP.WebGet
~ BTK: 386 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 11/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 13/04/2012 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SR - | Auto 14/05/2014 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 03/11/2010 918144 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
SR - | Auto 01/12/2010 915584 | (asHmComSvc) . (...) - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
SR - | Auto 21/10/2010 586880 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
SR - | Auto 30/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 24/01/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SR - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 03/12/2007 869672 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Demand 13/12/2007 447784 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 13
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 5

[HKLM\Software\Wow6432Node\NoName Toolbar] =>Toolbar.Agent
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
[HKLM\Software\Classes\Installer\Features\48F21E79330C2AD4792D5F043C2E29AE] =>Adware.InstallPedia
[HKLM\Software\Classes\Installer\Products\48F21E79330C2AD4792D5F043C2E29AE] =>Adware.InstallPedia
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\48F21E79330C2AD4792D5F043C2E29AE] =>Adware.InstallPedia
[HKLM\Software\Wow6432Node\Classes\Installer\Features\48F21E79330C2AD4792D5F043C2E29AE] =>Adware.InstallPedia
[HKLM\Software\Wow6432Node\Classes\Installer\Products\48F21E79330C2AD4792D5F043C2E29AE] =>Adware.InstallPedia
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97E12F84-C033-4DA2-97D2-F540C3E292EA}] =>Adware.InstallPedia
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044] =>PUP.Dealio
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9] =>PUP.Dealio
[HKCU\Software\IObit Apps] =>PUP.Dealio
[HKLM\Software\Wow6432Node\IObit Apps] =>PUP.Dealio
[HKCU\Software\Bizzybolt] =>PUP.Bizzybolt^
[HKCU\Software\PriceMeterUpdater] =>PUP.PriceMeter^
[HKLM\Software\Wow6432Node\Bizzybolt] =>PUP.Bizzybolt^
C:\Users\Usuario\Desktop\463-BitTorrent.exe =>P2P.BitTorrent^
C:\Windows\Installer\77bef2.msi =>PUP.SupraSavings^
~ Additionnel Scan: 363888 Items scanned in 00mn 35s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Proxy
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Bizzybolt
[Você precisa estar registrado e conectado para ver este link.] =>PUP.PriceMeter
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupraSavings
[Você precisa estar registrado e conectado para ver este link.] =>Adware.PredictAd
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Whilokii
[Você precisa estar registrado e conectado para ver este link.] =>Adware.IMBooster
[Você precisa estar registrado e conectado para ver este link.] =>Adware.SearchSettings
[Você precisa estar registrado e conectado para ver este link.] =>PUP.WebGet
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Tarma
[Você precisa estar registrado e conectado para ver este link.] =>Adware.InstallPedia
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Dealio
~ MSI: 13 link(s) detected in 00mn 00s



~ 963 Legitimates filtered by white list
End of the scan (611 lines in 01mn 42s)(0)
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 21:23

 Sugiro que desinstale o Bonjour, que é desnecessário.
______________________________________________________________________________________________________________________

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________________

 Faça o download do Usbfix neste link (ao acessar a página clique no botão representado nesta imagem (na parte inferior direita da página) para baixá-lo:
[Você precisa estar registrado e conectado para ver esta imagem.]

Utilize o USBFix conforme é mostrado nesta postagem:

Tutorial do USBFix
____________________________________________________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log (relatório) do Usbfix que estará em C:\UsbFix.txt


Última edição por Power Max em Sab 31 Maio 2014, 23:38, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 22:45

Seguem relatórios...

############################## | UsbFix V 7.171 | [Limpar]

Usuário: Usuario (Administrador) # USUARIO-PC
Atualizado em 18/05/2014 por El Desaparecido - SosVirus
Começou em 22:35:53 | 31/05/2014

Site : [Você precisa estar registrado e conectado para ver este link.]
Changelog : [Você precisa estar registrado e conectado para ver este link.]
Asistencia : [Você precisa estar registrado e conectado para ver este link.]
Upload Malware : [Você precisa estar registrado e conectado para ver este link.]
Contato : [Você precisa estar registrado e conectado para ver este link.]

PC: ASUSTeK COMPUTER INC. (P8H61-M LE/BR)
CPU: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
RAM -> [Total : 4078 Mo| Free : 2027 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft Windows 7 Ultimate (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 8.0.7601.17514
WB: Google Chrome : 35.0.1916.114

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: avast! Antivirus [Enabled | Updated]
AS: Windows Defender [Enabled | Updated]
AS: IObit Malware Fighter [Enabled | Updated]
AS: avast! Antivirus [Enabled | Updated]
FW: Windows FireWall [(!) Disabled]

C:\ (%SystemDrive%) -> Disco fixo # 587 Gb (474 Mb livre - 81%) [] # NTFS
E:\ -> CD-ROM
F:\ -> Disco removível # 488 Mb (486 Mb livre - 100%) [] # FAT32

################## | Processos parados |

C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe (ID: 844|ParentID: 608)
C:\PROGRA~2\GbPlugin\gbpsv.exe (ID: 920|ParentID: 608)
C:\Windows\System32\atiesrxx.exe (ID: 136|ParentID: 608)
C:\Windows\System32\atieclxx.exe (ID: 1280|ParentID: 136)
C:\Windows\System32\spoolsv.exe (ID: 1632|ParentID: 608|SISTEMA)
C:\Windows\System32\taskhost.exe (ID: 1712|ParentID: 608|Usuario)
C:\Windows\explorer.exe (ID: 1860|ParentID: 1800|Usuario)
C:\Windows\System32\taskeng.exe (ID: 1908|ParentID: 1036|Usuario)
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe (ID: 2032|ParentID: 1908|Usuario)
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ID: 2044|ParentID: 1908|Usuario)
C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (ID: 1072|ParentID: 1908|Usuario)
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (ID: 2600|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ID: 2644|ParentID: 2044|Usuario)
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe (ID: 2680|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe (ID: 2836|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe (ID: 2200|ParentID: 608|SISTEMA)
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (ID: 2356|ParentID: 608|SISTEMA)
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (ID: 2616|ParentID: 608|SERVIÇO DE REDE)
C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (ID: 2300|ParentID: 608|SISTEMA)
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (ID: 2920|ParentID: 784|SISTEMA)
C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe (ID: 3028|ParentID: 608|SISTEMA)
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe (ID: 1804|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ID: 2424|ParentID: 2044|Usuario)
C:\Program Files (x86)\Scpad\scpVista.exe (ID: 3108|ParentID: 608|SISTEMA)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 3288|ParentID: 608|SISTEMA)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (ID: 3796|ParentID: 3288|SISTEMA)
C:\Windows\System32\SearchIndexer.exe (ID: 3944|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ID: 3456|ParentID: 2044|Usuario)
C:\Windows\System32\WUDFHost.exe (ID: 3000|ParentID: 772|SERVIÇO LOCAL)
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ID: 3448|ParentID: 3456|Usuario)
C:\Program Files\Microsoft IntelliPoint\ipoint.exe (ID: 4612|ParentID: 1860|Usuario)
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ID: 4736|ParentID: 1860|Usuario)
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (ID: 4812|ParentID: 4612|Usuario)
C:\Windows\WindowsMobile\wmdcBase.exe (ID: 4828|ParentID: 1860|Usuario)
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (ID: 4896|ParentID: 1860|Usuario)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe (ID: 4928|ParentID: 1860|Usuario)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (ID: 5000|ParentID: 1860|Usuario)
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe (ID: 5040|ParentID: 608|SISTEMA)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD64.exe (ID: 4272|ParentID: 4928|Usuario)
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe (ID: 1736|ParentID: 1860|Usuario)
C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe (ID: 4184|ParentID: 1860|Usuario)
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe (ID: 4128|ParentID: 1860|Usuario)
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ID: 240|ParentID: 5000|Usuario)
C:\Program Files (x86)\iTunes\iTunesHelper.exe (ID: 4180|ParentID: 4472|Usuario)
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ID: 4628|ParentID: 4472|Usuario)
C:\Program Files\iPod\bin\iPodService.exe (ID: 4588|ParentID: 608|SISTEMA)
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe (ID: 4708|ParentID: 608|SISTEMA)
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (ID: 4732|ParentID: 4708|SISTEMA)
C:\Windows\System32\wbem\unsecapp.exe (ID: 4412|ParentID: 784|Usuario)
C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe (ID: 5788|ParentID: 608|SISTEMA)
C:\Windows\System32\taskhost.exe (ID: 2892|ParentID: 608|Usuario)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 4200|ParentID: 1860|Usuario)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 5896|ParentID: 4200|Usuario)
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (ID: 6168|ParentID: 4200|Usuario)

################## | Autorun |


################## | Procura genérica |


(!) Ficheiros temporários suprimido.

################## | Registro |

Supprimido ! HKU\S-1-5-21-262677338-4198775983-1718884025-1000\Software\.\.\.\.\Mountpoints2\{47298e48-9873-11e1-bfda-806e6f6e6963}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
04 - HKLM\..\Run : [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
04 - HKLM\..\Run : [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run : [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[14/05/2014 - 14:42:11 | N | 11 Ko] - C:\log.txt
[31/05/2014 - 21:10:10 | ASH | 4176176 Ko] - C:\pagefile.sys
[31/05/2014 - 21:10:10 | ASH | 3132132 Ko] - C:\hiberfil.sys
[31/05/2014 - 22:06:02 | D] - C:\Config.Msi
[07/05/2012 - 15:56:57 | N | 0 Ko] - C:\setup.log
[23/05/2012 - 00:22:21 | N | 931 Ko] - C:\HpuInstall.log
[31/05/2014 - 11:12:54 | N | 44 Ko] - C:\zoek-results2014-05-31-141254.log
[31/05/2014 - 15:04:15 | N | 23 Ko] - C:\zoek-results2014-05-31-180415.log
[31/05/2014 - 15:29:32 | N | 1 Ko] - C:\zoek-results2014-05-31-182932.log
[31/05/2014 - 16:52:20 | N | 1 Ko] - C:\zoek-results2014-05-31-195220.log
[31/05/2014 - 17:11:16 | N | 5 Ko] - C:\zoek-results2014-05-31-201116.log
[31/05/2014 - 18:49:51 | N | 4 Ko] - C:\zoek-results.log
[01/12/2006 - 23:37:14 | N | 884 Ko | VirusTotal - (0/52)] - C:\msdia80.dll
[11/09/2012 - 20:37:25 | N | 3 Ko] - C:\bootsqm.dat
[31/05/2014 - 11:13:09 | SHD] - C:\$RECYCLE.BIN
[14/07/2009 - 00:20:08 | D] - C:\PerfLogs
[14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
[07/05/2012 - 15:42:09 | D] - C:\Arquivos de Programas
[07/05/2012 - 15:42:10 | SHD] - C:\Recovery
[07/05/2012 - 15:44:39 | D] - C:\Users
[07/05/2012 - 17:19:57 | RHD] - C:\MSOCache
[07/05/2012 - 17:21:10 | D] - C:\IDE
[07/05/2012 - 22:16:34 | D] - C:\AMD
[29/11/2013 - 22:51:06 | D] - C:\Nova pasta
[06/03/2014 - 13:38:52 | D] - C:\Arquivos de Programas RFB
[31/05/2014 - 07:07:41 | D] - C:\Temp
[31/05/2014 - 09:10:22 | D] - C:\AdwCleaner
[31/05/2014 - 15:02:08 | D] - C:\zoek_backup
[31/05/2014 - 22:05:25 | HD] - C:\ProgramData
[31/05/2014 - 22:05:44 | SHD] - C:\System Volume Information
[31/05/2014 - 22:13:14 | D] - C:\Program Files (x86)
[31/05/2014 - 22:15:49 | D] - C:\Program Files
[31/05/2014 - 22:29:48 | D] - C:\Windows
[31/05/2014 - 22:34:39 | D] - C:\UsbFix

################## | F:\ - Disco removível (FAT32) |

[02/04/2014 - 14:24:22 | N | 310 Ko] - F:\HOSP_Resultado_Segmentação_Ultiva_e_Nimbium_2803 14.xlsx
[02/04/2014 - 13:20:52 | N | 294 Ko] - F:\DE 2014 Roger.xls
[02/04/2014 - 14:21:52 | N | 37 Ko] - F:\Contas resultados ULTIVA.xls
[02/04/2014 - 14:21:56 | N | 32 Ko] - F:\Contas resultados Nimbium.xls
[25/04/2013 - 09:55:00 | N | 0 Ko] - F:\~$Convite.pptx
[06/05/2013 - 08:33:50 | N | 0 Ko] - F:\~$Engajamento_Exponencial_na_implantacao_do_KAM2.pptx
[28/05/2013 - 16:00:38 | N | 0 Ko] - F:\~$Convite 19_06.pptx
[02/04/2014 - 19:52:58 | N | 488 Ko] - F:\Workshop KAM - templates reps (2).pptx
[07/06/2012 - 16:45:18 | N | 0 Ko] - F:\4C1A124F-A153-4ECA-9784-E2FB825770BB.BEK
[22/11/2012 - 20:03:46 | N | 3 Ko] - F:\DG1__DS_DIR_HDR
[22/11/2012 - 20:03:46 | N | 3 Ko] - F:\DG1__DS_VOL_HDR

################## | Vaccin |

F:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | [Você precisa estar registrado e conectado para ver este link.] | [Você precisa estar registrado e conectado para ver este link.] |
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 22:52

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Sab 31 Maio 2014, 22:58

segue...

~ Relatório do ZHPDiag v2014.5.30.78 - Nicolas Coolman (30/05/2014)
~ Iniciado por Usuario (31/05/2014 22:54:33)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7601.17514
GCIE: Google Chrome v35.0.1916.114 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.00

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 ActiveX
Adobe Reader XI
Java 7 Update 55
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 4078 MB (62% free)
System Restore: Activé (Enable)
System drive C: has 474 GB (80%) free of 587 GB

---\\ Modo de conexão ao sistema
~ Computer Name: USUARIO-PC
~ User Name: Usuario
~ All Users Names: Usuario, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Usuario\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Usuario\AppData\Roaming\
~ %Desktop% : C:\Users\Usuario\Desktop\
~ %Favorites% : C:\Users\Usuario\Favorites\
~ %LocalAppData% : C:\Users\Usuario\AppData\Local\
~ %StartMenu% : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 474 Go of 587 Go)
D: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
E: CD-ROM drive (Free 0 Go of 1 Go)
F: Floppy drive, Flash card reader, USB Key (Free 0 Go of 0 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.DFED58FBF0436670AF7381B3A2A6FAE7] - (.Microsoft Corporation - Internet Extensions para Win32.) (.23/02/2014 - 23:35:02.) -- C:\Windows\System32\wininet.dll [1188864]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.14/05/2014 - 14:02:10.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 04:27:28.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 00:19:22.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 00:26:34.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 01:43:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 00:23:22.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 01:52:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 02:06:42.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 00:21:58.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 04:34:04.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/234
~ Mes musiques (My Musics) : 31/712
~ Mes Videos (My Videos) : 1/183
~ Mes Favoris (My Favorites) : 1/55
~ Mes Documents (My Documents) : 1/1399
~ Mon Bureau (My Desktop) : 2/215
~ Menu demarrer (Programs) : 1/39
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.37D17AE2936867F88EB3C4CBCBC6B8A1] - (.AVAST Software - avast! Service.) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344] [PID.1412]
[MD5.92BC91BEB19BE1F03DB9664AD47120B2] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\avastui.exe [3888648] [PID.4160]
[MD5.FB03A917C1294D3E6D671F24722E1BA3] - (...) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144] [PID.1640]
[MD5.6DE9AC13D76238AD7427E5453C8ECC54] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519224] [PID.6312]
[MD5.221564CC7BE37611FE15EACF443E1BF6] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.5044]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6192]
[MD5.6D652B06EB3916DC41A9DBBBC4EDEED1] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8020480] [PID.2520]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 14 Legitimates Filtered in 00mn 00s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [@fuzebox.com/Fuze Meeting NPAPI Plugin,version=1.0.0.1] - (.No owner - Fuze Meeting NPAPI Plugin.) -- C:\Users\Usuario\AppData\Local\Fuze Box\Fuze Meeting\npfuzeshare.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Usuario\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 7 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 20 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: CompSegIB [64Bits] - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} . (.Banco Bradesco S.A. - scpsssh2 Module.) -- C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: SearchSnacks [64Bits] - {7D1B27B2-3DE0-4F26-94A0-E14FDB06D292} . (.Search Snacks - Search Snacks Client BHO x86.) -- C:\Program Files (x86)\SearchSnacks\IE\SearchSnacksClientIE.dll
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{E0301295-AB3E-4AF3-979F-3D453C5F9F48} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKCU\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
O4 - HKLM\..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
O4 - HKLM\..\Wow6432Node\Run: [IObit Malware Fighter] . (.IObit - IObit Malware Fighter.) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-262677338-4198775983-1718884025-1000\..\Run: [Advanced SystemCare 7] . (.IObit - Advanced SystemCare 7.) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CS2\Services\Tcpip\..\{885A67FC-2E35-4F32-8ECA-1C3AAA64B92B}: DhcpNameServer = 189.40.226.80 189.40.224.80
O17 - HKLM\System\CS2\Services\Tcpip\..\{CB757E16-EA3E-4FCC-A734-A621C643A1F8}: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 186.207.160.26 186.207.160.29 201.6.4.116
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: scpVista (scpVista) . (.Banco Bradesco S.A. - scpVista.) - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: Search Snacks Client Service (sssvc) . (.Search Snacks - Search Snacks Client Service.) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
~ Services: 16 Legitimates Filtered in 00mn 03s



---\\ Tarefas planificadas automaticamente (039)
[MD5.DD17B734F49DED3147D99918EDA0839B] [APT] [{2589BF45-EE2D-4EC3-9511-0CB71ADC4568}] (.Serpro - Serviço Federal de Processamento d.) -- C:\Users\Usuario\Downloads\Receitanet-1.04.exe [6182597]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
~ Scheduled Task: 24 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (cashnbackdrv) . (. - .) - C:\Windows\System32\drivers\cashnbackdrv.sys (.not file.)
O41 - Driver: (ssnfd) . (.Search Snacks - Search Snacks Driver x64.) - C:\Windows\System32\drivers\ssnfd.sys
O41 - Driver: ({55685567-4840-4a91-962b-49a412e9485a}Gw64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys =>PUP.LinkiDoo
O41 - Driver: ({55685567-4840-4a91-962b-49a412e9485a}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys =>PUP.LinkiDoo
O41 - Driver: ({9edd0ea8-2819-47c2-8320-b007d5996f8a}w64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys =>PUP.LinkiDoo
~ Drivers: 87 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Fuze Meeting - (.Fuze Box, Inc..) [HKLM][64Bits] -- {799CB584-2DCE-48BB-924B-14B8778906B2}
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: Math Problem Solver - (...) [HKCU][64Bits] -- Math Problem Solver
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Search Snacks - (.Search Snacks.) [HKLM][64Bits] -- SearchSnacks
O42 - Logiciel: Universal AntiCheat 3 v1.075 - (.DExUS.) [HKLM][64Bits] -- {99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1
~ Logic: 17 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Fuzebox]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 339 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 26/05/2013 - 14:28:44 - [0] ----D C:\Program Files (x86)\COD4
O43 - CFD: 22/04/2013 - 20:05:30 - [] ----D C:\Program Files (x86)\DExUS
O43 - CFD: 31/03/2014 - 10:44:25 - [] ----D C:\Program Files (x86)\Free PDF Solutions
O43 - CFD: 06/03/2014 - 13:40:26 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 11/05/2014 - 06:48:44 - [0] ----D C:\Program Files (x86)\RBM
O43 - CFD: 26/05/2013 - 12:03:01 - [] ----D C:\Program Files (x86)\Scpad
O43 - CFD: 31/05/2014 - 22:13:17 - [] ----D C:\Program Files (x86)\SearchSnacks
O43 - CFD: 31/05/2014 - 22:05:25 - [] ----D C:\ProgramData\ProductData
O43 - CFD: 31/05/2014 - 11:21:43 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O43 - CFD: 22/03/2014 - 15:27:17 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
O43 - CFD: 14/03/2013 - 21:05:32 - [] ----D C:\Users\Usuario\AppData\Roaming\Blackboard
O43 - CFD: 14/05/2014 - 13:50:40 - [] ----D C:\Users\Usuario\AppData\Roaming\ProductData
O43 - CFD: 31/07/2013 - 16:14:46 - [] ----D C:\Users\Usuario\AppData\Local\Fuze Box
O43 - CFD: 01/01/2014 - 17:21:25 - [] ----D C:\Users\Usuario\AppData\Local\Math Problem Solver
O43 - CFD: 17/05/2013 - 21:40:59 - [] ----D C:\Users\Usuario\AppData\Local\Max_HD
O43 - CFD: 08/05/2013 - 21:51:50 - [] ----D C:\Users\Usuario\AppData\Local\Targit
O43 - CFD: 31/07/2013 - 16:14:49 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fuze Meeting
O43 - CFD: 10/03/2013 - 17:03:55 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
O43 - CFD: 06/03/2014 - 13:38:52 - [] ----D C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 226 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0C271BE509915B42B85D843075580004] - 26/05/2014 - 20:57:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.5D3B1FB7D282B7AF9C1D7C4357E23AE5] - 27/05/2014 - 13:31:55 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147654]
O44 - LFC:[MD5.E5E8220788A616EB7E861B73DADF41AE] - 27/05/2014 - 13:31:55 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705814]
O44 - LFC:[MD5.B959A8C5EBEF236BD360D750A0AD4EB6] - 27/05/2014 - 16:14:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112] =>PUP.LinkiDoo
O44 - LFC:[MD5.E97883142FA167EB9B498EC7FA3C1183] - 30/05/2014 - 19:56:52 ---A- . (...) -- C:\Windows\win.ini [615]
O44 - LFC:[MD5.4E05E1D22453F2B34DAA5813397FAB6D] - 31/05/2014 - 11:12:54 ----- . (...) -- C:\zoek-results2014-05-31-141254.log [44745]
O44 - LFC:[MD5.EC4AB508CCD17DABD8023D44E989CFA2] - 31/05/2014 - 15:04:15 ----- . (...) -- C:\zoek-results2014-05-31-180415.log [23638]
O44 - LFC:[MD5.28E1871876E070348D7E38FD197BC58D] - 31/05/2014 - 15:29:32 ----- . (...) -- C:\zoek-results2014-05-31-182932.log [552]
O44 - LFC:[MD5.2F0A6E8C8651BAFBA635454BF30466F7] - 31/05/2014 - 17:11:16 ----- . (...) -- C:\zoek-results2014-05-31-201116.log [5128]
O44 - LFC:[MD5.7F2EBF1ADB34E303825775BC806EA0BC] - 31/05/2014 - 18:49:51 ----- . (...) -- C:\zoek-results.log [4546]
~ Files: 16 Legitimates Filtered in 00mn 05s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\ContentExplorer [Key] . (...) -- C:\Users\Usuario\AppData\Roaming\ContentExplorer\ContentExplorer.exe (.not file.)
~ SMSR Keys: 14 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 6 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [29208] =>.ALWIL Software
O58 - SDL:14/04/2010 - 13:31:42 ---A- . (.ALWIL Software - avast! TDI RDR Driver.) -- C:\Windows\System32\Drivers\aswRdr.sys [28752]
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [65776] =>.ALWIL Software
O58 - SDL:27/11/2013 - 18:29:06 ---A- . (.The OpenVPN Project - TAP-Windows Virtual Network Driver.) -- C:\Windows\System32\Drivers\aswTap.sys [44640]
O58 - SDL:30/04/2014 - 15:16:53 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [208416] =>.ALWIL Software
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:07/10/2009 - 01:45:50 ---A- . (...) -- C:\Windows\System32\Drivers\LVPr2M64.sys [30232]
O58 - SDL:14/01/2010 - 09:27:18 R--A- . (.Windows (R) Codename Longhorn DDK provider - Sample NDIS 6.0 Intermediate Miniport Driver.) -- C:\Windows\System32\Drivers\RtVlan60.sys [29472]
O58 - SDL:13/05/2014 - 15:16:22 ---A- . (.Search Snacks - Search Snacks Driver x64.) -- C:\Windows\System32\Drivers\ssnfd.sys [58248]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:27/05/2014 - 16:14:06 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}Gw64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:26/05/2014 - 20:57:16 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:28/04/2014 - 10:23:34 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys [61112] =>PUP.LinkiDoo
O58 - SDL:04/01/2008 - 02:34:42 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp32.sys [10216]
O58 - SDL:04/01/2008 - 02:34:48 ----- . (...) -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys [11832]
O58 - SDL:24/08/2010 - 04:16:40 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsIO.sys [13440]
O58 - SDL:03/08/2010 - 02:21:24 R--A- . (...) -- C:\Windows\SysWOW64\drivers\AsUpIO.sys [14464]
O58 - SDL:02/04/2009 - 09:30:14 ---A- . (...) -- C:\Windows\SysWOW64\drivers\ASUSHWIO.SYS [10296]
O58 - SDL:15/10/2012 - 14:52:36 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\GbpKm.sys [46016]
O58 - SDL:30/04/2014 - 15:19:46 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 86 Legitimates Filtered in 00mn 16s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: UsbFix - (.El Desaparecido - [Você precisa estar registrado e conectado para ver este link.] - [Você precisa estar registrado e conectado para ver este link.] [HKLM] -- Usbfix
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 30/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
~ Legacy: 99 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] 91DD1A68853F4A1FBD47A614A92A26E8 - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {33EB8AFF-0B58-4ECD-BABB-26E6D5C11B21} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - (Microsoft (Bing)) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {ABCD0123-1234-5678-ABCD-0123456789AB} - (Baidu) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.66D2072B2410B5816D3787C3EA3F7666] [SPRF][29/08/2013] (...) -- C:\Users\Usuario\AppData\Roaming\unins000.dat [16231]
[MD5.0F6043F6FA2C1754BA217296CC9D1511] [SPRF][30/04/2014] (...) -- C:\Users\Usuario\AppData\Roaming\unins001.dat [15667]
[MD5.F73E380B5304C376F2D7B444CFD4357D] [SPRF][30/04/2014] (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Usuario\Desktop\463-BitTorrent.exe [1643096] =>P2P.BitTorrent
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\463-BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\463-BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASAPI32 =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BitTorrent_RASMANCS =>P2P.BitTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_en32_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarInstaller_updater_signed_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASMANCS =>Toolbar.Google
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (1)_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (1)_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (2)_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent (2)_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 372 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 11/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 14/01/2014 881952 | (AdvancedSystemCareService7) . (.IObit.) - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
SS - | Auto 14/05/2014 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SS - | Auto 01/12/2010 915584 | (asHmComSvc) . (...) - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
SS - | Auto 21/10/2010 586880 | (AsSysCtrlService) . (...) - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
SS - | Auto 11/05/2012 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 11/05/2012 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 24/01/2014 342336 | (IMFservice) . (.IObit.) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
SS - | Demand 21/02/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SS - | Auto 04/05/2014 2152736 | (LiveUpdateSvc) . (.IObit.) - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
SS - | Auto 07/10/2009 191000 | (LVPrcS64) . (.Logitech Inc..) - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
SS - | Auto 03/12/2007 869672 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SS - | Demand 13/12/2007 447784 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
SS - | Auto 05/08/2011 368544 | (scpVista) . (.Banco Bradesco S.A..) - C:\Program Files (x86)\Scpad\scpVista.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Auto 13/05/2014 274016 | (sssvc) . (.Search Snacks.) - C:\Program Files (x86)\SearchSnacks\Service\sssvc.exe
SS - | Demand 13/04/2012 149504 | (TurboBoost) . (.Intel(R) Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 12/02/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 03/11/2010 918144 | (asComSvc) . (...) - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
SR - | Auto 30/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
SR - | Auto 24/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 06s



---\\ Scâner Aditional (088)
Database Version : 13026 - (30/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 1

C:\Users\Usuario\Desktop\463-BitTorrent.exe =>P2P.BitTorrent^
~ Additionnel Scan: 363125 Items scanned in 00mn 25s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
~ MSI: 1 link(s) detected in 00mn 00s



~ 951 Legitimates filtered by white list
End of the scan (501 lines in 01mn 17s)(0)
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Power Max em Sab 31 Maio 2014, 23:38

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta e nos diga como está seu PC depois disto.


Última edição por Power Max em Dom 01 Jun 2014, 09:57, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por RogerAccioly em Dom 01 Jun 2014, 06:59

Feito! rece que o problema foi solucionado! Até agora não apareceu a mensagem...Segue o arquivo solicitado.

Muito Obrigado!!

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Usuario at 01/06/2014 06:53:17
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files (x86)\searchsnacks\uninstall.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchSnacks]
ELIMINÉ Driver Key: ssnfd
ELIMINÉ:* StartupReg: ContentExplorer
ELIMINÉ: SearchScopes :{ABCD0123-1234-5678-ABCD-0123456789AB}

========== Valores do Registo ==========
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}w64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{55685567-4840-4a91-962b-49a412e9485a}gw64.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys
ELIMINÉ Temporários windows (5) (312.027 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
4 : Chaves do Registo
6 : Valores do Registo
1 : Pastas
5 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 56s

========== Caminho do ficheiro do relatório ==========
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R1].txt - 31/05/2014 22:42:17 [5589]
C:\Users\Usuario\AppData\Roaming\ZHP\ZHPFix[R2].txt - 01/06/2014 06:53:20 [1834]
avatar
RogerAccioly
Iniciante
Iniciante

Mensagens : 13
Reputação : 1
Data de inscrição : 31/05/2014

Voltar ao Topo Ir em baixo

Re: CE_UmbrellaCert

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum